diff --git a/sys/dev/verified_exec.c b/sys/dev/verified_exec.c
index 65bc41b9f67e..8cda7aecb5f8 100644
--- a/sys/dev/verified_exec.c
+++ b/sys/dev/verified_exec.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $	*/
+/*	$NetBSD: verified_exec.c,v 1.10 2005/05/22 22:34:01 elad Exp $	*/
 
 /*-
  * Copyright 2005 Elad Efrat <elad@bsd.org.il>
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.10 2005/05/22 22:34:01 elad Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $\n$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $");
+__RCSID("$Id: verified_exec.c,v 1.10 2005/05/22 22:34:01 elad Exp $\n$NetBSD: verified_exec.c,v 1.10 2005/05/22 22:34:01 elad Exp $");
 #endif
 
 #include <sys/param.h>
@@ -59,6 +59,8 @@ __RCSID("$Id: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $\n$NetBSD: ver
 #include <sys/vnode.h>
 #include <sys/fcntl.h>
 #include <sys/namei.h>
+#include <sys/sysctl.h>
+#define VERIEXEC_NEED_NODE
 #include <sys/verified_exec.h>
 
 /* count of number of times device is open (we really only allow one open) */
@@ -167,6 +169,7 @@ veriexecioctl(dev_t dev __unused, u_long cmd, caddr_t data,
 	case VERIEXEC_TABLESIZE: {
 		struct veriexec_sizing_params *params =
 			(struct veriexec_sizing_params *) data;
+		u_char node_name[16];
 
 		/* Allocate and initialize a Veriexec hash table. */
 		tbl = malloc(sizeof(struct veriexec_hashtbl), M_TEMP,
@@ -175,9 +178,18 @@ veriexecioctl(dev_t dev __unused, u_long cmd, caddr_t data,
 		tbl->hash_dev = params->dev;
 		tbl->hash_tbl = hashinit(params->hash_size, HASH_LIST, M_TEMP,
 					 M_WAITOK, &hashmask);
+		tbl->hash_count = 0;
 
 		LIST_INSERT_HEAD(&veriexec_tables, tbl, hash_list);
 
+		snprintf(node_name, sizeof(node_name), "dev_%u",
+			 tbl->hash_dev);
+
+		sysctl_createv(NULL, 0, &veriexec_count_node, NULL,
+			       CTLFLAG_READONLY, CTLTYPE_QUAD, node_name,
+			       NULL, NULL, 0, &tbl->hash_count, 0,
+			       tbl->hash_dev, CTL_EOL);
+
 		break;
 		}
 
diff --git a/sys/kern/init_sysctl.c b/sys/kern/init_sysctl.c
index 8e9a5db178be..ae469458a86c 100644
--- a/sys/kern/init_sysctl.c
+++ b/sys/kern/init_sysctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: init_sysctl.c,v 1.38 2005/05/19 20:16:19 elad Exp $ */
+/*	$NetBSD: init_sysctl.c,v 1.39 2005/05/22 22:34:01 elad Exp $ */
 
 /*-
  * Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.38 2005/05/19 20:16:19 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.39 2005/05/22 22:34:01 elad Exp $");
 
 #include "opt_sysv.h"
 #include "opt_multiprocessor.h"
@@ -69,6 +69,7 @@ __KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.38 2005/05/19 20:16:19 elad Exp $"
 #include <sys/exec.h>
 #include <sys/conf.h>
 #include <sys/device.h>
+#define	VERIEXEC_NEED_NODE
 #include <sys/verified_exec.h>
 
 #if defined(SYSVMSG) || defined(SYSVSEM) || defined(SYSVSHM)
@@ -758,6 +759,12 @@ SYSCTL_SETUP(sysctl_kern_setup, "sysctl kern subtree setup")
 				    "algorithms"),
 		       sysctl_kern_veriexec, 0, NULL, 0,
 		       CTL_KERN, KERN_VERIEXEC, VERIEXEC_ALGORITHMS, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, &veriexec_count_node,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "count",
+		       SYSCTL_DESCR("Number of fingerprints on device(s)"),
+		       NULL, 0, NULL, 0,
+		       CTL_KERN, KERN_VERIEXEC, VERIEXEC_COUNT, CTL_EOL);
 #endif /* VERIFIED_EXEC */
 }
 
diff --git a/sys/kern/kern_verifiedexec.c b/sys/kern/kern_verifiedexec.c
index 420215fa2963..286d1c2ecfd9 100644
--- a/sys/kern/kern_verifiedexec.c
+++ b/sys/kern/kern_verifiedexec.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_verifiedexec.c,v 1.15 2005/05/19 20:16:19 elad Exp $	*/
+/*	$NetBSD: kern_verifiedexec.c,v 1.16 2005/05/22 22:34:01 elad Exp $	*/
 
 /*-
  * Copyright 2005 Elad Efrat <elad@bsd.org.il>
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.15 2005/05/19 20:16:19 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.16 2005/05/22 22:34:01 elad Exp $");
 
 #include <sys/param.h>
 #include <sys/mount.h>
@@ -40,6 +40,8 @@ __KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.15 2005/05/19 20:16:19 elad
 #include <sys/exec.h>
 #include <sys/proc.h>
 #include <sys/syslog.h>
+#include <sys/sysctl.h>
+#define VERIEXEC_NEED_NODE
 #include <sys/verified_exec.h>
 #if defined(__FreeBSD__)
 # include <sys/systm.h>
@@ -58,6 +60,8 @@ int veriexec_strict = 0;
 char *veriexec_fp_names;
 unsigned int veriexec_name_max;
 
+struct sysctlnode *veriexec_count_node = NULL;
+
 /* prototypes */
 static void
 veriexec_add_fp_name(char *name);
@@ -323,6 +327,8 @@ veriexec_hashadd(struct veriexec_hashtbl *tbl, struct veriexec_hash_entry *e)
 
 	LIST_INSERT_HEAD(vhh, e, entries);
 
+	tbl->hash_count++;
+
 	return (0);
 }
 
@@ -542,6 +548,7 @@ veriexec_rm:
 	LIST_REMOVE(vhe, entries);
 	free(vhe->fp, M_TEMP);
 	free(vhe, M_TEMP);
+	tbl->hash_count--;
 
 	return (error);
 }
diff --git a/sys/sys/verified_exec.h b/sys/sys/verified_exec.h
index f8ffb96fc920..7915b6a61ff9 100644
--- a/sys/sys/verified_exec.h
+++ b/sys/sys/verified_exec.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: verified_exec.h,v 1.9 2005/05/20 19:52:52 elad Exp $	*/
+/*	$NetBSD: verified_exec.h,v 1.10 2005/05/22 22:34:01 elad Exp $	*/
 
 /*-
  * Copyright 2005 Elad Efrat <elad@bsd.org.il>
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.9 2005/05/20 19:52:52 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.10 2005/05/22 22:34:01 elad Exp $");
 
 /*
  *
@@ -74,6 +74,7 @@ struct veriexec_sizing_params {
 #define	VERIEXEC_VERBOSE	1 /* Verbosity level. */
 #define	VERIEXEC_STRICT		2 /* Strict mode level. */
 #define	VERIEXEC_ALGORITHMS	3 /* Supported hashing algorithms. */
+#define	VERIEXEC_COUNT		4 /* # of fingerprinted files on device. */
 
 #ifdef _KERNEL
 void	veriexecattach(struct device *, struct device *, void *);
@@ -85,6 +86,10 @@ int     veriexecioctl(dev_t, u_long, caddr_t, int, struct proc *);
 extern char *veriexec_fp_names;
 extern int veriexec_verbose;
 extern int veriexec_strict;
+/* this one requires sysctl.h to be included before verified_exec.h */
+#ifdef VERIEXEC_NEED_NODE
+extern struct sysctlnode *veriexec_count_node;
+#endif /* VERIEXEC_NEED_NODE */
 
 /*
  * Operations vector for verified exec, this defines the characteristics
@@ -126,6 +131,7 @@ struct veriexec_hashtbl {
         struct veriexec_hashhead *hash_tbl;
         size_t hash_size;       /* Number of slots in the table. */
         dev_t hash_dev;         /* Device ID the hash table refers to. */
+	uint64_t hash_count;	/* # of fingerprinted files in table. */
         LIST_ENTRY(veriexec_hashtbl) hash_list;
 };