...
PEN request
- Raga: Schedule call after this meeting
- Dave: What layer of the org is the PEN assigned to?
- L3AFD project, LF, L3AFP?
- Louis: Just put it under LFN. Ramnifications?
- Dave: Next PEN would probably have a sub-delegation under the original PEN
- This is how MSFT does this so that there is a single management point.
- Lous: Difference between L3AFd and L3AFP?
- Dave: Github organization with different GitHub repos under it.
- Louis: PEN that covers L3AF as a project and all current and future repos?
- Dave: Common use of PENS is for OID and PEN is inserted into the OID with arbitrary number of layers underneath.
- OIDs are used in x.509 certificats, etc.
- Lous: How are we going to use the PEN for L3AF? Want a PEN that covers all of L3AF, but not all of LF or LFN,
- Raga: As part of flow exporter we will add custom field support identified with PEN number.
- Dave: Inventing a new slot that fields are going to go in, can it be just an array of fields of integers?
- Raga: Will dig more and find out?
- Dave: It matters to how we will fill out the application.
- Raga: This is a requirement for the flow_exporter. We will not need another PEN number for L3AF.
- Lous: Will reconsult with legal and set up call with Raga. Review by email with rest of L3AF team (if this is doable).
- Dave: It's just a simple web form and cannot be pending
- Dave: Do we use LF, L3AFP or L3AFd for the name?
- Lous: Will discuss with legal.
- Dev testing forum
- Set date and time for MSFT presentation
- Cross platform signing
- Matteo: No way to do cross platform signing with eBPF programs
- Implementation that allows loading eBPF programs to kernel that takes care of relocation
- Created patch that does this. Creates eBPF prog and adds sig to it.
- Dave: talked about 3 peices in kernel function marketplace
- Orchestrator pulls stuff from marketplace
- Can you put signed programs in the marketplace
- We are discussing an option that allows remote distribution and is compatible with L3AF.
- The other approach does not play well with the L3AF vision that we have discussed.
- Vicky: Do we have representation as the L3AF at the kernel level where these decisions will be made?
- Dave: Need Karan, Chris, ect. If we had a collective decision it would carry more weight.
- This could be a call to create new contacts.
- Dave: Need Karan, Chris, ect. If we had a collective decision it would carry more weight.
- Dave: This discussion is happening on the Linux kernel list
- MSFT would like cross-platform
- Move to the eBPF foundation (which is cross-platform)?
- Dave: Next BPF steering committee meeting would like L3AF to present.
- Invited Karan.
- Dave: BSC does not officially have an answer if the meeting is open.
- Still have time to ask. Should be a yes answer (at least for this meeting)
- Matteo: Proposed to BPF ML & then another solution appeared from the BPF maintainer
- Very different solution: create an approve-list of programs that can load BPF programs
- Only allow programs loaded from progs on this approve-list
- Suspects this solution won't be cross-platform: verification requires Linux fs verity method
- Also allows L3AFd to install anything it wants if L3AFd is in the allow list, Could be a security flaw
- Matteo's approach allows individual signing and allows individual verfication, reputation, etc.
- Raga: Where is the signature exactly? Do you still have the verification step on signed programs? Use case please.
- Matteo: XDP. SOme BPF programs take actions on packets. These can be loaded and attached to network drivers.
- Malicious programs can mangle pacet traffic (very dnagerous). Must make sure that program is safe.
- Dave: Big value add: signing instead of verification step.
- Verification step can be CPU intensive. Signature check is cheap.
- Verification and signing together does not give this benefit. This is what the patch does.
- Raga: Does this work for UM progs also? Yes.
- Dave: Other approach with white list? How is this different from cap BPF?
- Matteo: Whitelist enforces Cap BPF.
- Dave: L3AFd pushes out both kernel function as well as a program that can use the kernel function.
- Matteo: Whitelist is a list programs that can be loaded
- Matteo: Sig verification is before verification check.
- Dave: Also reduces DOS style attacks.
- If sig check fails then verification does not run and waste cycles.
- Santhosh: Verifier runs only once at load time.
- Dave: Yes, but you can spin the loader.
- Dave: That is the intro.
- If we can get several orgs to support this then we can approach the BSC.
- Vicky: Once the video for the call is available we can take this to the mailing list.
- Lous: Cancelling next weeks call on the 22nd?
- Dave: Nope, on vacation.
- Vicky: Probably most people have made plans so Jan 5th would be better.
- Matteo: PR is urgent for MSFT because we want a signature system.
- It's too dangerous to load untrusted BPF programs
- Dave: Please post opinions on Linux Kernel mailing list sooner rather than later.
- Dave: Include signing into the BSC meeting on Jan 12th at 1PM PST.
- Lous: Please register for Dev and Test Forum
Action Items
- Schdule Dev & Testing Forum L3AF session (LJ/Daniel/Poorna)
- Schedule call with Raga to fill out the PEN application. (LJ/Raga)
- Ask BSC if the meeting can be open to the public (Dave)
- Vicky: Will post to mailing list so that people can discuss signing on list after watching video.
Future Agenda Items
***** Minutes from previous call *****
...