Skip to content

Adding driver tests for proof of verification#4975

Open
nmlud21 wants to merge 43 commits intomicrosoft:mainfrom
nmlud21:issue4715
Open

Adding driver tests for proof of verification#4975
nmlud21 wants to merge 43 commits intomicrosoft:mainfrom
nmlud21:issue4715

Conversation

@nmlud21
Copy link
Copy Markdown
Contributor

@nmlud21 nmlud21 commented Feb 2, 2026
edited
Loading

Description

Resolves #4715

Adding driver tests to validate that production signed eBPF programs can be loaded, and that non-production-signed programs are correctly rejected. Pulling production signed binaries from 1es Azure storage blobs.

  • Added positive and negative driver tests for proof of verification, one loads a production-signed driver (should succeed), the other loads a test-signed driver (should be rejected).
  • Added a proof of verification registry toggle during test that allows for dynamically enabling/disabling production signature checks on native eBPF drivers, even when test signing is enabled, so CI tests can validate the signature verification path.
  • Added CI infrastructure to provision signed binaries to 1es test runners, signed drivers are copied from the host into runners so the tests can find them at runtime.

Testing

This is adding a new test for proof of verification driver loading.

Documentation

None

Installation

None

@nmlud21 nmlud21 force-pushed the issue4715 branch 2 times, most recently from 31244b4 to 2d504c3 Compare February 3, 2026 17:56
@nmlud21 nmlud21 changed the title Issue4715 Adding driver tests for proof of verification Feb 4, 2026
nmlud21 and others added 4 commits February 10, 2026 13:48
@nmlud21
Added positive proof of verification test.
35f3eb6 
Signed-off-by: Nicholas L <nickl239@att.net>
Added Nuget.config
cafda1e 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Added driver test for proof of verification.
9ecfa24 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Signed binary copies to out dir on build.
917827b 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Nicholas Ludwig and others added 8 commits February 10, 2026 14:44
Added reg key to toggle proof of verification for tests
7b4a223 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Updated include
94b5733 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Toggles proof of verification reg key in test
e28f8a9 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Changed check
c8f6d32 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Test cleans up on even on failure
6096405 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
@nmlud21
Merge branch 'main' into issue4715
6a829d6
Copy drivers fro outer VM to inner VM on creation.
3129d1f 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Removed conflict
5e8dbee 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
nmlud21 and others added 12 commits February 17, 2026 15:52
@nmlud21
Merge branch 'main' into issue4715
0414da3
Fixed build error
b9bb5c3 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Merge branch 'issue4715' of https://github.com/nmlud21/ebpf-for-windows
768d6ec 
… into issue4715
Fixed test filepath
0d0e68a 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
@nmlud21
Merge branch 'main' into issue4715
32b1eba
Updated setup
d817792 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Merge branch 'issue4715' of https://github.com/nmlud21/ebpf-for-windows
3c3a344 
… into issue4715
@nmlud21
Merge branch 'main' into issue4715
fe746ea
@nmlud21
Merge branch 'main' into issue4715
7ff4114
Test should skip if not running on 1es runner with copied signed bina…
010aeb6 
…ries.

Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Merge branch 'issue4715' of https://github.com/nmlud21/ebpf-for-windows
f522496 
… into issue4715
@nmlud21
Merge branch 'main' into issue4715
bb13ed3
shankarseal
shankarseal reviewed Mar 23, 2026
View reviewed changes
shankarseal
shankarseal reviewed Mar 23, 2026
View reviewed changes
Cleaned up tests.
602e582 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
Alan-Jowett
Alan-Jowett reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Alan-Jowett Alan-Jowett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit for overall test hygiene: if any of the REQUIRE() assertions below this point fail, bpf_object__close(object) on line 3661 will never execute, leaking the loaded driver.

Other tests in this file already use the RAII pattern to avoid this (e.g. line 1926, 2350, 2505):

auto object_cleanup = std::unique_ptr<bpf_object, decltype(&bpf_object__close)>(object, bpf_object__close);

Would be nice to use the same pattern here so cleanup is guaranteed regardless of assertion outcomes.

Nicholas Ludwig and others added 2 commits April 1, 2026 13:25
Use RAII for cleanup
fdc2c08 
Signed-off-by: Nicholas Ludwig <nludwig@microsoft.com>
@nmlud21
Merge branch 'main' into issue4715
b727f7e
shankarseal
shankarseal reviewed Apr 6, 2026
View reviewed changes
libs/store_helper/ebpf_store_helper.c Outdated

Exit:
ebpf_close_registry_key(root_key);
return result;
Copy link
Copy Markdown
Collaborator

@shankarseal shankarseal Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use EBPF_RETURN_RESULT

Copy link
Copy Markdown
Contributor Author

@nmlud21 nmlud21 Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shankarseal EBPF_RETURN_RESULT is not used in ebpf_store_helper.c Should all functions be updated to use this as well?

shankarseal
shankarseal reviewed Apr 6, 2026
View reviewed changes
shankarseal
shankarseal reviewed Apr 6, 2026
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Alan-Jowett Alan-Jowett Alan-Jowett left review comments

@shankarseal shankarseal shankarseal left review comments

@dthaler dthaler Awaiting requested review from dthaler dthaler is a code owner

@LakshK98 LakshK98 Awaiting requested review from LakshK98 LakshK98 is a code owner

@matthewige matthewige Awaiting requested review from matthewige matthewige is a code owner

@mikeagun mikeagun Awaiting requested review from mikeagun mikeagun is a code owner

@mtfriesen mtfriesen Awaiting requested review from mtfriesen mtfriesen is a code owner

@poornagmsft poornagmsft Awaiting requested review from poornagmsft poornagmsft is a code owner

@saxena-anurag saxena-anurag Awaiting requested review from saxena-anurag saxena-anurag is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

eBPF for Windows Triage
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add test for proof of verification

3 participants

@nmlud21 @Alan-Jowett @shankarseal