VERIFIEDEXEC(4) NetBSD Kernel Interfaces Manual VERIFIEDEXEC(4)Powered by man-cgi (2024-03-20). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.
NAME
verifiedexec - Verified exec signature loader device
SYNOPSIS
options VERIFIED_EXEC pseudo-device verifiedexec 1
DESCRIPTION
The verifiedexec driver provides a method of loading the fingerprints used by the verified exec feature. The fingerprints are loaded by open- ing verifiedexec and then using the VERIEXECLOAD ioctl to feed the fin- gerprints into kernel space. Note that the loading should only be done after a mount of all file systems that contain files which have finger- prints associated with them. Signatures may only be loaded when the ker- nel securelevel is set to 0.
ERRORS
The verifiedexec device will return EPERM if securelevel is greater than 0. An ENOENT error will be returned if the file path passed in does not exist.
SEE ALSO
ioctl(2), sysctl(8)
AUTHORS
The verifiedexec driver was originally written for NetBSD by Brett Lymn. NetBSD 2.1 October 24, 2002 NetBSD 2.1