On Sun, May 4, 2025 at 7:25 PM KP Singh kpsingh@kernel.org wrote:
On Sun, May 4, 2025 at 7:36 PM Paul Moore paul@paul-moore.com wrote:
On Fri, May 2, 2025 at 5:00 PM KP Singh kpsingh@kernel.org wrote:
...
... here's how we think it should be done:
- The core signing logic and the tooling stays in BPF, something that the users are already using. No new tooling.
I think we need a more detailed explanation of this approach on-list. There has been a lot of vague guidance on BPF signature validation from the BPF community which I believe has partly led us into the situation we are in now. If you are going to require yet another approach, I think we all need to see a few paragraphs on-list outlining the basic design.
Definitely, happy to share design / code.
At this point I think a quick paragraph or two on how you believe the design should work would be a good start, I don't think code is necessary unless you happen to already have something written.