The kernel’s BPF virtual machine is versatile;
it is possible to load BPF programs into the kernel to carry out
a large (and growing) set of tasks. The growing body of BPF code can
reasonably be
thought of as kernel code in its own right. But, while the kernel can
check signatures on loadable modules and prevent the loading of modules
that are not properly signed, there is no such mechanism for BPF programs;
any sufficiently privileged process can load any program that will pass the
verifier. One might think that adding this checking for BPF would be
straightforward, but that subsystem has some unique characteristics that
make things more challenging than one might expect. There may be a
solution in the works, though; fittingly, it works by loading yet another BPF
program.

Source: LWN.net – [$] Toward signed BPF programs