Open magicalo opened 3 years ago
@qmonnet Can you paste the link to what Linux is working on? Thanks!
Sure. On Linux, Alexei has been exploring several ways to implement signature for eBPF programs. He finally went for an approach including a special “loader” eBPF program. As I understand it, the signature would be computed on this loader program, which would embed the other (regular) eBPF program.
Status: The first parts of this work have been merged in bpf-next, and from there into net-next, and it should land into Linux 5.14. But the feature is not complete yet, and some follow-up work is necessary before program signing is supported.
Here is the link to the thread for the patchset that was merged.
An early version of this set was also the subject for a LWN.net article.
I could not find any documentation on eBPF code-singing (WSDL-like program). Is this in the works?