fb2b0e2901
* The metadata map is created with as an exclusive map (with an excl_prog_hash) This restricts map access exclusively to the signed loader program, preventing tampering by other processes. * The map is then frozen, making it read-only from userspace. * BPF_OBJ_GET_INFO_BY_ID instructs the kernel to compute the hash of the metadata map (H') and store it in bpf_map->sha. * The loader is then loaded with the signature which is then verified by the kernel. loading signed programs prebuilt into the kernel are not currently supported. These can supported by enabling BPF_OBJ_GET_INFO_BY_ID to be called from the kernel. Signed-off-by: KP Singh <kpsingh@kernel.org> Link: https://lore.kernel.org/r/20250921160120.9711-3-kpsingh@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|---|---|---|
| .. | ||
| api | ||
| bpf | ||
| perf | ||
| subcmd | ||
| symbol | ||
| thermal | ||
| argv_split.c | ||
| bitmap.c | ||
| cmdline.c | ||
| ctype.c | ||
| find_bit.c | ||
| hweight.c | ||
| list_sort.c | ||
| rbtree.c | ||
| slab.c | ||
| str_error_r.c | ||
| string.c | ||
| vsprintf.c | ||
| zalloc.c | ||