From: Blaise Boscaccy <bboscaccy@linux.microsoft.com>
To: KP Singh <kpsingh@kernel.org>
Cc: Paul Moore <paul@paul-moore.com>,
jarkko@kernel.org, zeffron@riotgames.com,
xiyou.wangcong@gmail.com, kysrinivasan@gmail.com,
code@tyhicks.com, linux-security-module@vger.kernel.org,
roberto.sassu@huawei.com, James.Bottomley@hansenpartnership.com,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, David Howells <dhowells@redhat.com>,
Lukas Wunner <lukas@wunner.de>,
Ignat Korchagin <ignat@cloudflare.com>,
Quentin Monnet <qmo@kernel.org>,
Jason Xing <kerneljasonxing@gmail.com>,
Willem de Bruijn <willemb@google.com>,
Anton Protopopov <aspsk@isovalent.com>,
Jordan Rome <linux@jordanrome.com>,
Martin Kelly <martin.kelly@crowdstrike.com>,
Alan Maguire <alan.maguire@oracle.com>,
Matteo Croce <teknoraver@meta.com>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
kys@microsoft.com
Subject: Re: [PATCH 0/3] BPF signature verification
Date: Fri, 30 May 2025 15:15:30 -0700 [thread overview]
Message-ID: <87bjr9n3st.fsf@microsoft.com> (raw)
In-Reply-To: <CACYkzJ4NR3bvrggV=AyNPhPyyLWPL40vw5eAyXons_9wwKAFfQ@mail.gmail.com>
KP Singh <kpsingh@kernel.org> writes:
> On Fri, May 30, 2025 at 11:32 PM KP Singh <kpsingh@kernel.org> wrote:
>>
>> On Fri, May 30, 2025 at 11:19 PM Blaise Boscaccy
>> <bboscaccy@linux.microsoft.com> wrote:
>> >
>> > KP Singh <kpsingh@kernel.org> writes:
>> >
>>
>> [...]
>>
>> > >
>> >
>> > And that isn't at odds with the kernel being able to do it nor is it
>> > with what I posted.
>> >
>> > > If your build environment that signs the BPF program is compromised
>> > > and can inject arbitrary code, then signing does not help. Can you
>> > > explain what a supply chain attack would look like here?
>> > >
>> >
>> > Most people here can read C code. The number of people that can read
>> > ebpf assembly metaprogramming code is much smaller. Compromising clang
>> > is one thing, compromising libbpf is another. Your proposal increases
>> > the attack surface with no observable benefit. If I was going to leave a
>> > hard-to-find backdoor into ring0, gen.c would be a fun place to explore
>> > doing it. Module and UEFI signature verification code doesn't live
>> > inside of GCC or Clang as set of meta-instructions that get emitted, and
>> > there are very good reasons for that.
>> >
>> > Further, since the signature verification code is unique for each and
>> > every program it needs to be verified/proved/tested for each and every
>> > program. Additionally, since all these checks are being forced outside
>> > of the kernel proper, with the insistence of keeping the LSM layer in
>> > the dark of the ultimate result, the only way to test that a program
>> > will fail if the map is corrupted is to physically corrupt each and
>> > every program and test that individually. That isn't "elegant" nor "user
>> > friendly" in any way, shape or form.
>> >
>> > >> subsystem. Additionally, it is impossible to verify the code
>> > >> performing the signature verification, as it is uniquely regenerated
>> > >
>> > > The LSM needs to ensure that it allows trusted LOADER programs i.e.
>> > > with signatures and potentially trusted signed user-space binaries
>> > > with unsigned or delegated signing (this will be needed for Cilium and
>> > > bpftrace that dynamically generate BPF programs), that's a more
>> > > important aspect of the LSM policy from a BPF perspective.
>> > >
>> >
>> > I would like to be able to sign my programs please and have the kernel
>> > verify it was done correctly. Why are you insisting that I *don't* do
>> > that? I'm yet to see any technical objection to doing that. Do you have
>> > one that you'd like to share at this point?
>>
>> The kernel allows a trusted loader that's signed with your private
>> key, that runs in the kernel context to delegate the verification.
>> This pattern of a trusted / delegated loader is going to be required
>> for many of the BPF use-cases that are out there (Cilium, bpftrace)
>> that dynamically generate eBPF programs.
>>
>> The technical objection is that:
>>
>> * It does not align with most BPF use-cases out there as most
>> use-cases need a trusted loader.
>> * Locks us into a UAPI, whereas a signed LOADER allows us to
>> incrementally build signing for all use-cases without compromising the
>> security properties.
>>
>> BPF's philosophy is that of flexibility and not locking the users into
>> a rigid in-kernel implementation and UAPI.
>>
>> - KP
>>
>> >
>> > > MAP_EXCLUSIVE is missing and is required which prevents maps from
>> > > being accessed by other programs as explained in the proposal.
>> > >
>> > > Please hold off on further iterations, I am working on a series and
>> > > will share these patches based on the design that was proposed.
>> > >
>> >
>> > So the premise here seems to be that people should only be allowed to
>> > sign trusted loaders, and that trusted loaders must additionally be
>> > authored by you, correct?
>> >
>> > When can we expect to see your patchset posted?
>
> I will try to get this out by the end of next week.
Wonderful, we look forward to seeing your patchset.
-blaise
>
> - KP
>
>> >
next prev parent reply other threads:[~2025-05-30 22:15 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-28 21:49 [PATCH 0/3] BPF signature verification Blaise Boscaccy
2025-05-28 21:49 ` [PATCH 1/3] bpf: Add bpf_check_signature Blaise Boscaccy
2025-05-29 10:11 ` Lukas Wunner
2025-05-29 15:32 ` Blaise Boscaccy
2025-05-29 19:31 ` Lukas Wunner
2025-05-29 19:36 ` James Bottomley
2025-06-02 22:40 ` Paul Moore
2025-06-04 16:25 ` Jarkko Sakkinen
2025-05-28 21:49 ` [PATCH 2/3] bpf: Support light-skeleton signatures in autogenerated code Blaise Boscaccy
2025-05-28 21:49 ` [PATCH 3/3] bpftool: Allow signing of light-skeleton programs Blaise Boscaccy
2025-05-30 16:42 ` [PATCH 0/3] BPF signature verification KP Singh
2025-05-30 20:14 ` Paul Moore
2025-05-30 20:44 ` KP Singh
2025-05-30 21:19 ` Blaise Boscaccy
2025-05-30 21:32 ` KP Singh
2025-05-30 21:33 ` KP Singh
2025-05-30 22:15 ` Blaise Boscaccy [this message]
2025-05-30 22:14 ` Blaise Boscaccy
2025-05-30 22:19 ` KP Singh
2025-05-30 22:27 ` Blaise Boscaccy
2025-05-30 22:47 ` KP Singh
2025-05-30 23:25 ` Blaise Boscaccy
2025-05-30 23:32 ` KP Singh
2025-06-02 15:01 ` Blaise Boscaccy
2025-06-04 16:22 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bjr9n3st.fsf@microsoft.com \
--to=bboscaccy@linux.microsoft.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=alan.maguire@oracle.com \
--cc=andrii@kernel.org \
--cc=aspsk@isovalent.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=code@tyhicks.com \
--cc=daniel@iogearbox.net \
--cc=dhowells@redhat.com \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=ignat@cloudflare.com \
--cc=jarkko@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kerneljasonxing@gmail.com \
--cc=keyrings@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=kys@microsoft.com \
--cc=kysrinivasan@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@jordanrome.com \
--cc=lukas@wunner.de \
--cc=martin.kelly@crowdstrike.com \
--cc=martin.lau@linux.dev \
--cc=paul@paul-moore.com \
--cc=qmo@kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=teknoraver@meta.com \
--cc=willemb@google.com \
--cc=xiyou.wangcong@gmail.com \
--cc=yonghong.song@linux.dev \
--cc=zeffron@riotgames.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).