ReleaseMicrosoftMicrosoftpublished Oct 23, 2025seen 5d

microsoft/ebpf-for-windows Release-v1.0.0-rc1

microsoft/ebpf-for-windows

Open original ↗

Captured source

source ↗
GH
GitHub/github.com/microsoft/ebpf-for-windows
microsoft/ebpf-for-windows Release-v1.0.0-rc1
Source ↗
published Oct 23, 2025seen 5dcaptured 9hhttp 200method plain

v1.0.0-rc1

Repository: microsoft/ebpf-for-windows

Tag: Release-v1.0.0-rc1

Published: 2025-10-23T15:14:54Z

Prerelease: yes

Release notes:

Highlights

This is the release-candidate for v1.0 of eBPF for Windows. The important changes include:

  • Proof of Verification: This feature enforces that only those native eBPF programs are loaded, that are packaged in kernel drivers that are signed by a Microsoft issued certificate with the "eBPF verification" EKU. This certificate proves that the native program was generated from an input BPF program that passed verification and was converted using the bpf2c toolchain.
  • Breaking changes in libbpf implementations: Changes in behavior in various libbpf functions including bpf_prog_attach, ring_buffer__new, perf_buffer__new and lifetime management functions for nested map types, to align closely with the Linux behavior.

What's Changed

  • Perf Event Array map user-mode API implementation with tests by @kumarvin123 in https://github.com/microsoft/ebpf-for-windows/pull/4302
  • [main] Update spd file for ebpfcore by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/4345
  • Cleanup map subscription on failure by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4347
  • run ring buffer stress on multiple cores. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/4348
  • Extend timeout of api_tests in the CICD task to 10 minutes by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/4350
  • Add CI/CD workflow to validate YAML files by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/4362
  • fixing configuration for driver_native_only_tests. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/4367
  • Fix a few NuGet packaging issues by @abeltrano in https://github.com/microsoft/ebpf-for-windows/pull/4328
  • update version to 0.22.0 by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/4336
  • Update OneBranch PostBuildEvent to use platform-scoped destination directory by @abeltrano in https://github.com/microsoft/ebpf-for-windows/pull/4372
  • Capture native image name during attach by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4374
  • Pickup latest ebpf-verifier by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4368
  • Update WDK from 10.0.26100.2454 to 10.0.26100.3323 by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4369
  • Fix redist nuspec by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/4382
  • Update regression tests by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/4383
  • bpf: support log_true_size for BPF_PROG_LOAD by @lmb in https://github.com/microsoft/ebpf-for-windows/pull/4360
  • Don't detach link if link doesn't exist by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4399
  • Pick latest verifier by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4400
  • Design proposal for new ring buffer API by @mikeagun in https://github.com/microsoft/ebpf-for-windows/pull/3848
  • Canonicalize pin paths by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/4274
  • JIT and bpf2c use different verifier options by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4324
  • [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in https://github.com/microsoft/ebpf-for-windows/pull/4415
  • Build arm64 binaries on arm64 runners by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4416
  • Arm64 test by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4417
  • Workflow to check PRs. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/4430
  • Add guidance to eBPF extension writers about pointers in contexts by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/4408
  • change to pull_request_target. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/4435
  • Proposal to introduce "Proof of Verification" feature for eBPF programs. by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4420
  • Remove ASAN workaround by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/4438
  • Update PR template to request references to issues and other miscellaneous changes. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/4332
  • Naming of fields in ebpf_core_object_t is inconstent by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4437
  • Implement hashing of native modules on load and add authorization calls by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4440
  • Always install ebpfsvc by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4442
  • Enable HVCI for native only tests by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4448
  • Move authorization to ebpfsvc by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4447
  • Added -g option to clang compile commands by @JustinHahn8902 in https://github.com/microsoft/ebpf-for-windows/pull/4461
  • Address YAML validation warnings by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/4456
  • Fix procdump security issue by specifying version in choco install commands by @Copilot in https://github.com/microsoft/ebpf-for-windows/pull/4462
  • Switch to static C++ runtime and dynamic C runtime by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4460
  • Copy signed binaries and headers to the output directory by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4458
  • Strip white space from end of lines by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4473
  • Fix failures caused by VS 2022 v17.14.7 by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/4477
  • Add negative lookup tests for inner map in hash_of_map test case by @nigriMSFT in https://github.com/microsoft/ebpf-for-windows/pull/4463
  • Add support for driver test execution on host; Add ARM64 driver tests by @matthewige in https://github.com/microsoft/ebpf-for-windows/pull/4449
  • Fix CI/CD failures by installing LLVM 18.1.8 explicitly by @Copilot in https://github.com/microsoft/ebpf-for-windows/pull/4505
  • Cleanup perf array test async calls on failure. by @mikeagun in https://github.com/microsoft/ebpf-for-windows/pull/4482
  • support both local and fork repos. by @shankarseal in…

Excerpt shown — open the source for the full document.

Notability

notability 5.0/10

Release candidate of significant tech