Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

BPF_LSM and fsverity for Binary Authorization

Linux Plumbers Conference via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a flexible and low-overhead solution for binary authorization using BPF_LSM and fsverity in this Linux Plumbers Conference talk. Learn about a security approach that allows only securely authorized binaries to perform risky operations, such as binding specific ports or writing to critical raw block devices. Discover how this method combines fs-verity for file integrity checksums, a secure binary signing service, xattrs for storing fs-verity root hash signatures, and BPF_LSM for enforcing access control. Understand the design components, including the user space daemon for managing keyrings and BPF_LSM programs. Gain insights into the required kernel work, including new kfuncs like bpf_fsverity_get_digest() and bpf_vfs_getxattr(). Hear about the upcoming patchset and proof of concept for this innovative security solution that aims to provide fine-grained control with minimal overhead.

Syllabus

BPF_LSM + fsverity for Binary Authorization - Song Liu, Boris Burkov

Taught by

Linux Plumbers Conference

Reviews

Start your review of BPF_LSM and fsverity for Binary Authorization

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.