its/Blaise-Boscaccy/security-Hornet-LSM/20250405-055741
base:
https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git next
patch link:
https://lore.kernel.org/r/20250404215527.1563146-2-bboscaccy%40linux.microsoft.com
patch subject: [PATCH v2 security-next 1/4] security: Hornet
On Fri, Mar 21, 2025 at 5:21 PM Eric Snowberg wrote:
> > On Mar 21, 2025, at 12:57 PM, Paul Moore wrote:
> ...
> > , but I will note that I don't recall you offering to step
> > up and maintain Lockdown anywhere in this thread.
>
> I didn't realize that trying to contribute a new LSM and being wi
ser...@kernel.org writes:
> On Fri, Mar 21, 2025 at 09:45:03AM -0700, Blaise Boscaccy wrote:
>> This adds the Hornet Linux Security Module which provides signature
>> verification of eBPF programs.
>>
>> Hornet uses a similar signature verification scheme similar to that of
>
> used 'similar' twi
On Fri, Mar 21, 2025 at 12:37 PM Eric Snowberg wrote:
> > On Mar 20, 2025, at 3:36 PM, Paul Moore wrote:
> > On Thu, Mar 20, 2025 at 12:29 PM Eric Snowberg
> > wrote:
> >>> On Mar 6, 2025, at 7:46 PM, Paul Moore wrote:
> >>> On March 6, 2025 5:29:36 PM Eric Snowberg
> >>> wrote:
> >
> > ...
Jarkko Sakkinen writes:
Hi Jarkko,
Thanks for the comments. Paul did a very nice job providing some
background info, allow me to provide some additional data.
> On Fri, Mar 21, 2025 at 09:45:02AM -0700, Blaise Boscaccy wrote:
>> This patch series introduces the Hornet LSM.
>>
>> Hornet takes a
This introduces the sign-ebpf tool. It is very similar to the existing
sign-file script, with one key difference, it will sign a file with
with a signature computed off of arbitrary input data. This can used
to sign an ebpf light skeleton loader program for verification via
hornet.
Typical usage i
