From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Alexei Starovoitov <ast@kernel.org>,
KP Singh <kpsingh@kernel.org>,
Blaise Boscaccy <bboscaccy@linux.microsoft.com>,
James Bottomley <james.bottomley@hansenpartnership.com>,
bpf <bpf@vger.kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
wufan@linux.microsoft.com, Quentin Monnet <qmo@kernel.org>
Subject: Re: [PATCH bpf-next v2 0/3] BPF signature hash chains
Date: Fri, 17 Oct 2025 11:03:10 -0700 [thread overview]
Message-ID: <CAADnVQLRtfPrH6sffaPVyFP4Aib+e7uVVWLi7bb79d9TrHjHpQ@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhSRiZacAy=JTKgWnBDbycey37JRVC61373HERTEUFmxEA@mail.gmail.com>
On Thu, Oct 16, 2025 at 6:36 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Thu, Oct 16, 2025 at 6:01 PM Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
> > On Thu, Oct 16, 2025 at 1:51 PM Paul Moore <paul@paul-moore.com> wrote:
> > > On Sun, Oct 12, 2025 at 10:12 PM Paul Moore <paul@paul-moore.com> wrote:
> > > > On Sat, Oct 11, 2025 at 1:09 PM James Bottomley
> > > > <James.Bottomley@hansenpartnership.com> wrote:
> > > > > On Sat, 2025-10-11 at 09:31 -0700, Alexei Starovoitov wrote:
> > > > > > On Sat, Oct 11, 2025 at 7:52 AM James Bottomley
> > > > > > <James.Bottomley@hansenpartnership.com> wrote:
> > > > > > >
> > > > > > > It doesn't need to, once we check both the loader and the map, the
> > > > > > > integrity is verified and the loader can be trusted to run and
> > > > > > > relocate the map into the bpf program
> > > > > >
> > > > > > You should read KP's cover letter again and then research trusted
> > > > > > hash chains. Here is a quote from the first googled link:
> > > > > >
> > > > > > "A trusted hash chain is a cryptographic process used to verify the
> > > > > > integrity and authenticity of data by creating a sequence of hash
> > > > > > values, where each hash is linked to the next".
> > > > > >
> > > > > > In addition KP's algorithm was vetted by various security teams.
> > > > > > There is nothing novel here. It's a classic algorithm used
> > > > > > to verify integrity and that's what was implemented.
> > > > >
> > > > > Both KP and Blaise's patch sets are implementations of trusted hash
> > > > > chains. The security argument isn't about whether the hash chain
> > > > > algorithm works, it's about where, in relation to the LSM hook, the
> > > > > hash chain verification completes.
> >
> > Not true. Blaise's patch is a trusted hash chain denial.
>
> It would be helpful if you could clarify what you mean by "trusted
> hash chain denial" and how that differs from a "trusted hash chain".
Paul,
This is getting ridiculous. You're arguing about the code that you
don't understand. Stop this broken phone and let Blaise defend his code.
next prev parent reply other threads:[~2025-10-17 18:03 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-29 21:34 [PATCH bpf-next v2 0/3] BPF signature hash chains Blaise Boscaccy
2025-09-29 21:34 ` [PATCH bpf-next v2 1/3] bpf: Add hash chain signature support for arbitrary maps Blaise Boscaccy
2025-09-29 21:34 ` [PATCH bpf-next v2 2/3] selftests/bpf: Enable map verification for some lskel tests Blaise Boscaccy
2025-09-29 21:34 ` [PATCH bpf-next v2 3/3] bpftool: Add support for signing program and map hash chains Blaise Boscaccy
2025-10-01 21:37 ` [PATCH bpf-next v2 0/3] BPF signature " Paul Moore
2025-10-02 13:48 ` KP Singh
2025-10-02 20:01 ` Blaise Boscaccy
2025-10-03 16:59 ` KP Singh
2025-10-03 18:14 ` Blaise Boscaccy
2025-10-03 19:02 ` KP Singh
2025-10-03 2:35 ` Paul Moore
2025-10-03 16:24 ` KP Singh
2025-10-06 3:08 ` Paul Moore
2025-10-07 13:53 ` KP Singh
2025-10-07 19:59 ` James Bottomley
2025-10-09 20:47 ` Paul Moore
2025-10-10 1:00 ` Alexei Starovoitov
2025-10-10 15:53 ` James Bottomley
2025-10-10 19:39 ` Paul Moore
2025-10-10 23:06 ` Alexei Starovoitov
2025-10-11 14:52 ` James Bottomley
2025-10-11 16:31 ` Alexei Starovoitov
2025-10-11 17:09 ` James Bottomley
2025-10-13 2:12 ` Paul Moore
2025-10-16 20:51 ` Paul Moore
2025-10-16 22:00 ` Alexei Starovoitov
2025-10-17 1:36 ` Paul Moore
2025-10-17 18:03 ` Alexei Starovoitov [this message]
2025-10-17 18:39 ` Paul Moore
2025-10-20 23:13 ` James Bottomley
2025-10-21 1:25 ` Alexei Starovoitov
2025-10-22 21:10 ` James Bottomley
2025-10-23 15:39 ` KP Singh
2025-10-23 17:53 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAADnVQLRtfPrH6sffaPVyFP4Aib+e7uVVWLi7bb79d9TrHjHpQ@mail.gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=james.bottomley@hansenpartnership.com \
--cc=kpsingh@kernel.org \
--cc=kys@microsoft.com \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=qmo@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wufan@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).