Toward signed BPF programs

I view BPF programs as effectively use-space programs that rely on a different mechanism for privilege separation (in that case the BPF VM instead of the CPU's MMU) for performance reasons. You could design the kernel in such a manner that everything BPF does could also be done in userspace (and the vast majority of it actually could), albeit with a lot of performance penalties that make some things intractable.

From that perspective: what's the threat model that these signatures try to fend off? If you really want to make sure that only signed code is running, why couldn't that also be accomplished by requiring signatures on the user-space programs that set up the BPF programs? Then you'd have implicitly signed the BPF programs themselves. And if you don't want to require signatures on all user-space programs, but don't trust the BPF verifier, you should disable BPF entirely and just put your specialized functionality into a custom kernel module that can be signed.

But even if you wanted to sign BPF programs: the current solution appears to be overly complicated. Why not compile them into kernel modules (that already can be signed) that create and register the programs, and allow userspace to select a program from the list of registered signed BPF programs?