Speaker
KP Singh
Description
With the initial implementation for BPF signing nearly merged, more advanced signing use-cases can be discussed. There are three key cases for signed BPF programs:
- Applications that use light skeletons and a BPF loader program and a light skeleton.
- Applications that generate eBPF programs during their runtime (e.g. Cilium)
- Debugging tools that use a scripting language or command lines e.g. bpftrace
This initial implementation lays out the foundation for signing eBPF programs focussing on [1]. The talk is an open discussion format with anchoring on key ideas for building on security policy and signing approaches for [2] and [3] and any other use-cases.
