Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable veriexec(4) support by default on the macppc port and update the manual to mention it.

Browse Source 
Closes PR port-powerpc/52908
This commit is contained in:
sevan 2018-01-17 12:41:48 +00:00
parent c218eec932
commit a278b65172
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
share/man/man4/veriexec.4
View File

@ -1,4 +1,4 @@
.\" $NetBSD: veriexec.4,v 1.25 2017/08/30 05:47:24 wiz Exp $
.\" $NetBSD: veriexec.4,v 1.26 2018/01/17 12:41:48 sevan Exp $
.\"
.\" Copyright 2005 Elad Efrat <elad@bsd.org.il>
.\" Copyright 2005 Brett Lymn <blymn@netbsd.org>
@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd August 30, 2017
.Dd January 17, 2018
.Dt VERIEXEC 4
.Os
.Sh NAME
@ -153,7 +153,7 @@ are not permitted once the strict level has been raised past 0.
.Sh NOTES
.Nm
is part of the default configuration on the following architectures: amd64,
i386, prep, sparc64.
i386, macppc, prep, sparc64.
.Sh AUTHORS
.An Brett Lymn Aq Mt blymn@NetBSD.org
.An Elad Efrat Aq Mt elad@NetBSD.org

14
sys/arch/macppc/conf/GENERIC
View File

@ -1,4 +1,4 @@
# $NetBSD: GENERIC,v 1.337 2017/12/27 18:30:02 sevan Exp $
# $NetBSD: GENERIC,v 1.338 2018/01/17 12:41:48 sevan Exp $
#
# GENERIC machine description file
#
@ -22,7 +22,7 @@ include "arch/macppc/conf/std.macppc"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
#ident "GENERIC-$Revision: 1.337 $"
#ident "GENERIC-$Revision: 1.338 $"
maxusers 32
@ -650,17 +650,19 @@ pseudo-device putter # for puffs and pud
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
options FILEASSOC # fileassoc(9) - needed by Veriexec
# Veriexec
#
# a pseudo device needed for veriexec
#pseudo-device veriexec
pseudo-device veriexec
#
# Uncomment the fingerprint methods below that are desired. Note that
# removing fingerprint methods will have almost no impact on the kernel
# code size.
#
#options VERIFIED_EXEC_FP_SHA256
#options VERIFIED_EXEC_FP_SHA384
#options VERIFIED_EXEC_FP_SHA512
options VERIFIED_EXEC_FP_SHA256
options VERIFIED_EXEC_FP_SHA384
options VERIFIED_EXEC_FP_SHA512
#options PAX_MPROTECT=0 # PaX mprotect(2) restrictions