1.\" $NetBSD: veriexec.4,v 1.2 2002/10/29 12:42:10 wiz Exp $ 2.\" 3.\" Copyright (c) 2002, Brett Lymn. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. The name of the author may not be used to endorse or promote products 14.\" derived from this software without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" 27.\" 28.Dd October 24, 2002 29.Dt VERIEXEC 4 30.Os 31.Sh NAME 32.Nm veriexec 33.Nd Verified exec signature loader device 34.Sh SYNOPSIS 35.Cd "pseudo-device veriexec" 36.Sh DESCRIPTION 37The 38.Nm 39driver provides a method of loading the fingerprints used by the 40verified exec feature. 41The fingerprints are loaded by opening 42.Nm 43and then using the 44.Dv VERIEXECLOAD 45ioctl to feed the fingerprints into kernel space. 46Note that the loading should only be done after a mount of all file systems 47that contain files which have fingerprints associated with them. 48Signatures may only be loaded when the kernel 49.Dv securelevel 50is set to 0. 51.Sh ERRORS 52The 53.Nm 54device will return 55.Er EPERM 56if 57.Dv securelevel 58is greater than 0. 59An 60.Er ENOENT 61error will be returned if the file path passed in does not exist. 62.Sh SEE ALSO 63.Xr ioctl 2 , 64.Xr sysctl 8 65.Sh AUTHORS 66The 67.Nm 68driver was originally written for 69.Nx 70by 71.An Brett Lymn . 72