From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: KP Singh <kpsingh@kernel.org>
Cc: Paul Moore <paul@paul-moore.com>,
bboscaccy@linux.microsoft.com, bpf@vger.kernel.org,
code@tyhicks.com, corbet@lwn.net, davem@davemloft.net,
dhowells@redhat.com, gnoack@google.com,
herbert@gondor.apana.org.au, jarkko@kernel.org,
jmorris@namei.org, jstancek@redhat.com, justinstitt@google.com,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-security-module@vger.kernel.org, llvm@lists.linux.dev,
masahiroy@kernel.org, mic@digikod.net, morbo@google.com,
nathan@kernel.org, neal@gompa.dev,
nick.desaulniers+lkml@gmail.com, nicolas@fjasle.eu,
nkapron@google.com, roberto.sassu@huawei.com, serge@hallyn.com,
shuah@kernel.org, teknoraver@meta.com, xiyou.wangcong@gmail.com,
kysrinivasan@gmail.com,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v3 0/4] Introducing Hornet LSM
Date: Wed, 14 May 2025 16:31:55 -0400 [thread overview]
Message-ID: <2f71d6c03698eb17d51f7247efde777627ee578a.camel@HansenPartnership.com> (raw)
In-Reply-To: <CACYkzJ7Oh62u7bHwQ_nOLG54qnhyNU9msF5mWV_vFrBXw1oZqw@mail.gmail.com>
On Wed, 2025-05-14 at 20:35 +0200, KP Singh wrote:
> On Wed, May 14, 2025 at 7:45 PM James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> >
> > On Wed, 2025-05-14 at 19:17 +0200, KP Singh wrote:
> > > On Wed, May 14, 2025 at 5:39 PM James Bottomley
> > > <James.Bottomley@hansenpartnership.com> wrote:
> > > > On Sun, 2025-05-11 at 04:01 +0200, KP Singh wrote:
> > [...]
> > > > > This implicitly makes the payload equivalent to the signed
> > > > > block
> > > > > (B_signed)
> > > > >
> > > > > I_loader || H_meta
> > > > >
> > > > > bpftool then generates the signature of this I_loader payload
> > > > > (which now contains the expected H_meta) using a key (system
> > > > > or
> > > > > user) with new flags that work in combination with bpftool -L
> > > >
> > > > Could I just push back a bit on this. The theory of hash
> > > > chains
> > > > (which I've cut to shorten) is about pure data structures. The
> > > > reason for that is that the entire hash chain is supposed to be
> > > > easily independently verifiable in any environment because
> > > > anything
> > > > can compute the hashes of the blocks and links. This
> > > > independent
> > > > verification of the chain is key to formally proving hash
> > > > chains to
> > > > be correct. In your proposal we lose the easy verifiability
> > > > because the link hash is embedded in the ebpf loader program
> > > > which
> > > > has to be disassembled to do the extraction of the hash and
> > > > verify
> > > > the loader is actually checking it.
> > >
> > > I am not sure I understand your concern. This is something that
> > > can
> > > easily be built into tooling / annotations.
> > >
> > > bpftool -S -v <verification_key> <loader> <metadata>
> > >
> > > Could you explain what's the use-case for "easy verifiability".
> >
> > I mean verifiability of the hash chain link. Given a signed
> > program, (i.e. a .h file which is generated by bpftool) which is a
> > signature over the loader only how would one use simple
> > cryptographic operations to verify it?
> >
>
> I literally just said it above the hash can be extracted if you
> really want offline verification. Are you saying this code is hard to
> write? or is the tooling hard to write? Do you have some definition
> of "simple cryptographic operations". All operations use tooling.
As I said, you have a gap in that you not only have to extract the hash
and verify it against the map (which I agree is fairly simple) but also
verify the loader program actually checks it correctly. That latter
operation is not a simple cryptographic one and represents a security
gap between this proposal and the hash linked chains you introduced in
your first email in this thread.
> > > > I was looking at ways we could use a pure hash chain (i.e.
> > > > signature over loader and real map hash) and it does strike me
> > > > that the above ebpf hash verification code is pretty invariant
> > > > and easy to construct, so it could run as a separate BPF
> > > > fragment that then jumps to the real loader. In that case, it
> > > > could be constructed on the fly in a trusted environment, like
> > > > the kernel, from the link hash in the signature and the
> > > > signature could just be Sig(loader || map hash) which can then
> > > > be
> > >
> > > The design I proposed does the same thing:
> > >
> > > Sig(loader || H_metadata)
> > >
> > > metadata is actually the data (programs, context etc) that's
> > > passed in the map. The verification just happens in the loader
> > > program and the loader || H_metadata is implemented elegantly to
> > > avoid any separate payloads.
> >
> > OK, so I think this is the crux of the problem: In formal methods
> > proving the validity of a data based hash link is an easy set of
> > cryptographic operations. You can assert that's equivalent to a
> > signature over a program that verifies the hash, but formally
> > proving it requires a formal analysis of the program to show that
> > 1) it contains the correct hash and 2) it correctly checks the hash
> > against the map. That makes the task of someone receiving the .h
> > file containing the signed skeleton way harder: it's easy to prove
> > the signature matches the loader instructions, but they still have
> > to prove the instructions contain and verify the correct map hash.
> >
>
> I don't see this as a problem for 2 reasons:
>
> 1. It's not hard
it requires disassembling the first 20 or so BPF instructions and
verifying their operation, so that's harder than simply calculating
hashes and signatures.
> 2. Your typical user does not want to do formal verification and
> extract signatures etc.
Users don't want to do formal verification, agreed ... but they do want
to know that security experts have verified the algorithms they're
using.
That's why I was thinking, since the loader preamble that verifies the
hash is easy to construct, that the scheme could use a real hash linked
chain, which has already been formally verified and is well understood,
then construct the preamble for the loader you want in a trusted
environment based on the hashes, meaning there's no security gap.
Regards,
James
next prev parent reply other threads:[~2025-05-14 20:31 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-02 18:44 [PATCH v3 0/4] Introducing Hornet LSM Blaise Boscaccy
2025-05-02 18:44 ` [PATCH v3 1/4] security: " Blaise Boscaccy
2025-05-04 15:02 ` Paul Moore
2025-05-02 18:44 ` [PATCH v3 2/4] hornet: Introduce sign-ebpf Blaise Boscaccy
2025-05-02 18:44 ` [PATCH v3 3/4] hornet: Add a light skeleton data extractor script Blaise Boscaccy
2025-05-02 18:44 ` [PATCH v3 4/4] selftests/hornet: Add a selftest for the Hornet LSM Blaise Boscaccy
2025-05-02 21:00 ` [PATCH v3 0/4] Introducing " KP Singh
2025-05-04 17:36 ` Paul Moore
2025-05-04 23:25 ` KP Singh
2025-05-05 16:22 ` Paul Moore
2025-05-11 2:01 ` KP Singh
2025-05-14 3:06 ` Paul Moore
2025-05-14 18:48 ` KP Singh
2025-05-16 19:49 ` Paul Moore
2025-05-16 23:49 ` Alexei Starovoitov
2025-05-17 15:02 ` Paul Moore
2025-05-17 16:13 ` Alexei Starovoitov
2025-05-18 5:48 ` Paul Moore
2025-05-18 15:52 ` Alexei Starovoitov
2025-05-18 21:34 ` Paul Moore
2025-05-19 22:20 ` KP Singh
2025-05-19 22:58 ` Paul Moore
2025-05-21 22:26 ` Paul Moore
2025-05-19 23:00 ` Zvi Effron
2025-05-19 23:42 ` KP Singh
2025-05-14 15:39 ` James Bottomley
2025-05-14 17:17 ` KP Singh
2025-05-14 17:45 ` James Bottomley
2025-05-14 18:35 ` KP Singh
2025-05-14 18:35 ` KP Singh
2025-05-14 20:31 ` James Bottomley [this message]
2025-05-14 20:41 ` KP Singh
2025-05-05 9:22 ` Daniel Borkmann
2025-05-05 17:30 ` Blaise Boscaccy
2025-05-05 20:41 ` KP Singh
2025-05-05 21:04 ` Paul Moore
2025-05-07 17:48 ` James Bottomley
2025-05-07 23:21 ` Paul Moore
2025-05-08 17:44 ` Alexei Starovoitov
2025-05-08 19:23 ` Paul Moore
2025-05-11 2:14 ` KP Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2f71d6c03698eb17d51f7247efde777627ee578a.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=code@tyhicks.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=gnoack@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=jstancek@redhat.com \
--cc=justinstitt@google.com \
--cc=keyrings@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=kysrinivasan@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=masahiroy@kernel.org \
--cc=mic@digikod.net \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=neal@gompa.dev \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=nicolas@fjasle.eu \
--cc=nkapron@google.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=teknoraver@meta.com \
--cc=torvalds@linux-foundation.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox