eBPF is restricted when booted in a SB environment, but it's not nonfunctional. The default config puts the kernel into "integrity" mode of Kernel Lockdown, which reduces scope of access and enforces read-only usage.
Whether or not the specific functions needed to replicate this tool are impacted is beyond my knowledge.
mroche|3 months ago
Whether or not the specific functions needed to replicate this tool are impacted is beyond my knowledge.
grigio|3 months ago