Versions Compared

Old Version 10

changes.mady.by.user LJ Illuzzi

Saved on

compared with

New Version 11

changes.mady.by.user VM (Vicky) Brasseur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Cross platform signing
    • DaveT: Was anybody able to review the patch.
      • Brian: Went through the conversation
    • DaveT: Topic will be discussed in the eBPF foundation BSC meeting. 1 Week from today L3AF will be presenting. Next meeting - design of signing needs to be cross-platform.
      • Two proposals:
        • Matteo's - cross-platform, very well aligned with L3AFd.
          • Would be helpful if the L3AF community supported this proposal
        • Other - approved list of binaries (Linux centric)
          • Can load anything that is on the authorized list.
          • Does not meet L3AF or eBPF for Windows needs.
        • Would be fine if both were merged
    • DaveT: Cisco's (Chris) opinion would be very helpful
      • Weigh in on the Linux discussion group and on the BSC call.
      • Karan could add a bullet point to presentation - collective opinion of the L3AF community.
      • Brian: Add a point in your document about this?
        • Matteo's original patch was a config option to add only signed programs.
        • Alexi's other patch is moving forward
        • John Fastabend (on Linux discussion) and Luca agreed that the features needed by MSFT could be implemented inside of libBPF and as an eBPF program
        • This conversation ended on Dec. 9th (Before Matteo presented at L3AF)
      • DaveT: Meeting with Matteo after this call
      • Brian: L3AF could include the signing eBPF program as part of its eBPF program chain. (According to discussion on Linux group)
      • Vicky: Invite Matteo to next weeks meeting.
      • Have L3AF call next week to discuss signing before BSC meeting.
      • Louis: Will not be at the L3AF call next week , but will give the keys to an appropriate host.
  • Brian: L3AF Kernel Marketplace
    • https://github.com/l3af-project/l3af-arch/discussions/9
    • DaveT suggests adding this as a PR for line-level comments (Brian will do)
    • DaveT: Kernel functions only diss-allows eBPF programs that can be uploaded to NICs. Suggest a name change.
    • Vicky: Suggest package manager as a concept for the name. Define broadly. Names have power.
    • DaveT: The name implies scope.
  • Brian: What should we name it?
    • eBPF is difficult to say and will probably need an acronym.
    • Vicky: eBPF Package Manager == EPM
    • Karan: EPM / eBPF package manager does make a lot of sense, in terms of scope
  • Brian: is the Kernel Function Marketplace part of the L3AF project?
    • May make sense to migrate to its own project.
      • In the future a platform agnostic place may be apropos for the EPM
        • Vicky: L3AF could be its initial client. This could really help L3AF. Define it as something standardized that a package manager can use.
        • This way the EPM would be a force to increase L3AF adoption and help us push towards standardization for both EPM and L3AF.
    • DaveT: Benefits to both ways of doing this:
      • Inside L3AF then it is closely located with all the other parts of L3AF. This could help widen the scope of L3AF.
      • Outside L3AF then it can include things that do not work with the current version of L3AF.
      • There isn't a BSC opinion yet. It is forming now.
      • Distinguish between L3AFd and eBPF.
      • Answer: What is the L3AF project? 
        • Today it is the L3AFd, but in the future we will expand scope.
    • Vicky: EPM should be outside L3AF because there will be others working on it.
    • DaveT: Is it part of one of these or both?
      • Thing that LF sanctions - L3AFP (legal entity)
      • L3AFp - Github repo
  • DaveT: eBPF code signing portion in additional bullet point in the lifecycle management section.
    • Brian: 2 different layers of signing
      • Package contribs of compiled source code (signed). This is app layer packaging.
      • Signing of eBPF programs.
      • Doc only currently talks about package signing
    • DaveT: Please put that in proposal.
      • Some cases where signing should be done by author, others signed by the repository.
  • Brian: Initial version Github repo may be sufficient 
    • Assumes that everyone will be okay pushing their code to a L3AF Project repo
    • Revisions could be tested and reviewed by L3AF team
  • DaveT: Requiring manual review? Good/Bad?
    • Brian: Short term - no manual vetting
      • We currently do not have automatic review
    • DaveT: Requirement to have automated review.
    • Vicky: Marketplace needs manual review for safety.
    • DaveT: Manual review could be optional.
    • Vicky: Is part of the review going to be for security.
      • Automatic review - definitely. Manual reviews - maybe. (at the start)
    • DaveT: Notion of private repo
    • Jason: For startup we need manual review
  • Brian: Hosting source code or packages
    • Source code - versioning etc.
    • Package or archive - what is needed to run the program along with docs
      • Signed by repo
  • Karan: Please review doc. We will discuss in next meeting.
    • This is the area where we need support from the community.
  • Brian: Will put up the pull request today.
    • Please discuss on PR.
  • Louis: LEAF session is 8:15 ET will this work?
    • Daniel: Will check with Poorna
    • Need email for presenters.
  • LFN induction - Need a separate meeting to discuss this
    • Needs a lot of community input.
    • General agreement.



*** Minutes from 12/15/2021 ***

...