Microsoft Proposes "Hornet" Security Module For The Linux Kernel

Written by Michael Larabel in Microsoft on 21 March 2025 at 02:21 PM EDT. 28 Comments

Microsoft's newest open-source contribution to the Linux kernel being proposed is... Hornet, a Linux security module (LSM) for providing signature verification of eBPF programs.

Microsoft has been a longtime proponent of eBPF for running custom programs within the Linux kernel safely and efficiently. There have been eBPF programs providing much value around networking, security, tracing, and more. Microsoft even brought eBPF to Windows and was one of the founders of the eBPF Foundation. Microsoft's been embracing eBPF for years and now their latest is Hornet for helping with verification around eBPF programs.

👁 Microsoft Hornet

The Hornet Linux Security Module is self-described as:

"Hornet uses a similar signature verification scheme similar to that of kernel modules. A pkcs#7 signature is appended to the end of an executable file. During an invocation of bpf_prog_load, the signature is fetched from the current task's executable file. That signature is used to verify the integrity of the bpf instructions and maps which where passed into the kernel. Additionally, Hornet implicitly trusts any programs which where loaded from inside kernel rather than userspace, which allows BPF_PRELOAD programs along with outputs for BPF_SYSCALL programs to run.

Hornet allows users to continue to maintain an invariant that all code running inside of the kernel has been signed and works well with light-skeleton based loaders, or any statically generated program that doesn't require userspace instruction rewriting."

In addition to the Hornet LSM itself that is gated by the "SECURITY_HORNET" Kconfig option, the patch series also proposes sign-ebpf as a new tool within the Linux kernel source tree for signing eBPF programs.

Those interested in the initial Microsoft Hornet LSM patches for Linux can see the RFC patch series for all the details.

28 Comments

Microsoft Announces Coreutils For Windows: Derived From Rust Coreutils

New Patches Allow The Microsoft Surface Pro 9 5G To Be More Useful Under Linux

Microsoft Releases Azure Linux 3.0.20260506 With Many Security Fixes

WireGuard For Windows Reaches v1.0

Microsoft Upgrades Its WSL2 Kernel Against Linux 6.18 LTS

Microsoft's Newest Open-Source Project: Runtime Security For AI Agents

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages

ReactOS "Open-Source Windows" Reaches The Milestone Of Being Able To Run Half-Life

macOS 27 Beta Breaks The Ability To Boot Asahi Linux

Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack

Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR

YSERVER: Modern X11 Server Written In Rust With The Help Of Claude Code

AMD Opens Pre-Orders For The Linux-Friendly Ryzen AI Halo Developer Platform

Support Phoronix
While Having Ad-Free Browsing,
Single-Page Article Viewing

Legal Disclaimer, Privacy Policy, Cookies | | Contact

URL: https://www.phoronix.com/news/Microsoft-Hornet-Linux-LSM

⇱ Microsoft Proposes "Hornet" Security Module For The Linux Kernel - Phoronix

Microsoft Proposes "Hornet" Security Module For The Linux Kernel