diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index 159db8728bbb..1237c5a12293 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -1,4 +1,4 @@
-.\"	$NetBSD: sysctl.8,v 1.119 2005/05/19 20:16:19 elad Exp $
+.\"	$NetBSD: sysctl.8,v 1.120 2005/05/20 19:52:52 elad Exp $
 .\"
 .\" Copyright (c) 2004 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -365,6 +365,7 @@ privilege can change the value.
 .It kern.vdisable	integer	no
 .It kern.veriexec.verbose	integer	yes
 .It kern.veriexec.strict	integer	raise only
+.It kern.veriexec.algorithms	string	no
 .It kern.version	string	no
 .It machdep.console_device	dev_t	no
 .It net.bpf.maxbufsize	integer	yes
diff --git a/sbin/veriexecctl/veriexecctl.8 b/sbin/veriexecctl/veriexecctl.8
index b5c00fa554f2..ac8cbc8cb05b 100644
--- a/sbin/veriexecctl/veriexecctl.8
+++ b/sbin/veriexecctl/veriexecctl.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexecctl.8,v 1.11 2005/04/24 13:23:55 blymn Exp $
+.\" $NetBSD: veriexecctl.8,v 1.12 2005/05/20 19:52:52 elad Exp $
 .\"
 .\" Copyright (c) 1999
 .\"	Brett Lymn - blymn@baea.com.au, brett_lymn@yahoo.com.au
@@ -29,7 +29,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$Id: veriexecctl.8,v 1.11 2005/04/24 13:23:55 blymn Exp $
+.\"	$Id: veriexecctl.8,v 1.12 2005/05/20 19:52:52 elad Exp $
 .\"
 .Dd April 22, 2005
 .Dt VERIEXECCTL 8
@@ -50,26 +50,6 @@ Verified Exec must have been configured into the booted kernel for this
 commaned to work.
 .Sh COMMANDS
 .Bl -tag -width 25n
-.It Cm fingerprints
-Report the fingerprint methods that are available in the currently running
-kernel.
-This command will return a space separated list of supported fingerprint
-methods that will be accepted by the kernel.
-The default list is:
-.Bl -item -offset indent -compact
-.It
-MD5
-.It
-RMD160
-.It
-SHA1
-.It
-SHA256
-.It
-SHA384
-.It
-SHA512
-.El
 .It Cm load Ar veriexec.conf
 Load the fingerprint entries contained in
 .Ar veriexec.conf
diff --git a/sbin/veriexecctl/veriexecctl.c b/sbin/veriexecctl/veriexecctl.c
index ddb29029da4f..450909afc2d4 100644
--- a/sbin/veriexecctl/veriexecctl.c
+++ b/sbin/veriexecctl/veriexecctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: veriexecctl.c,v 1.8 2005/04/21 12:45:12 christos Exp $	*/
+/*	$NetBSD: veriexecctl.c,v 1.9 2005/05/20 19:52:52 elad Exp $	*/
 
 /*-
  * Copyright 2005 Elad Efrat <elad@bsd.org.il>
@@ -190,8 +190,8 @@ fingerprint_load(char *ifile)
 static void
 usage(void)
 {
-	(void)fprintf(stderr, "Usage: %s [-v] [load <signature_file>] "
-	     "[fingerprints]", getprogname());
+	(void)fprintf(stderr, "Usage: %s [-v] [load <signature_file>] ", 
+	    getprogname());
 	exit(1);
 }
 
@@ -221,37 +221,13 @@ main(int argc, char **argv)
 	if ((gfd = open(VERIEXEC_DEVICE, O_RDWR, 0)) == -1)
 		err(1, "Cannot open `%s'", VERIEXEC_DEVICE);
 
-	  /*
-	   * Handle the different commands we can do.
-	   */
+	/*
+	 * Handle the different commands we can do.
+	 */
 	if (argc == 2 && strcasecmp(argv[0], "load") == 0) {
 		line = 0;
 		filename = argv[1];
 		fingerprint_load(argv[1]);
-	} else if (argc == 1 && strcasecmp(argv[0], "fingerprints") == 0) {
-		size = report.size = 100;
-		if ((report.fingerprints = malloc(report.size)) == NULL)
-			err(1, "malloc fingeprints");
-		
-		if (ioctl(gfd, VERIEXEC_FINGERPRINTS, &report) == -1)
-			err(1, "fingerprints ioctl");
-
-		if (size != report.size) {
-			if (verbose)
-				(void)printf("fingerprints: buffer too small, "
-				    "reallocating to %d bytes.\n",
-				    report.size);
-			
-			/* fingerprint store was not large enough
-			   make more room and try again. */
-			if ((newp = realloc(report.fingerprints, report.size))
-			    == NULL)
-				err(1, "realloc fingeprints");
-			if (ioctl(gfd, VERIEXEC_FINGERPRINTS,
-			    &report) == -1)
-				err(1, "fingerprints ioctl");
-		}
-		printf("Supported fingerprints: %s\n", report.fingerprints);
 	} else
 		usage();
 
diff --git a/share/man/man4/veriexec.4 b/share/man/man4/veriexec.4
index 8143af962cb2..56adb1823956 100644
--- a/share/man/man4/veriexec.4
+++ b/share/man/man4/veriexec.4
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexec.4,v 1.5 2005/04/24 13:16:26 blymn Exp $
+.\" $NetBSD: veriexec.4,v 1.6 2005/05/20 19:52:52 elad Exp $
 .\"
 .\" Copyright 2005 Elad Efrat <elad@bsd.org.il>
 .\" Copyright 2005 Brett Lymn <blymn@netbsd.org>
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$Id: veriexec.4,v 1.5 2005/04/24 13:16:26 blymn Exp $
+.\"	$Id: veriexec.4,v 1.6 2005/05/20 19:52:52 elad Exp $
 .\"
 .Dd March 24, 2005
 .Dt VERIEXEC 4
@@ -39,9 +39,8 @@
 The
 .Nm
 pseudo-device is used to interface the kernel's Veriexec data-structures.
-It is used to size the kernel data structures, load the Veriexec
-fingerprints into kernel memory and report the fingerprint methods
-supported by the currently running kernel.
+It is used to size the kernel data structures and load the Veriexec
+fingerprints into kernel memory.
 .Ss Veriexec file operations
 All the following operations are invoked using the
 .Xr ioctl 2
@@ -54,7 +53,7 @@ parameters.
 The following section lists the requests that can be made via
 .Xr ioctl 2 .
 .Ss Veriexec file request descriptions
-.Bl -tag -width VERIEXEC_FINGERPRINTS
+.Bl -tag -width VERIEXEC_TABLESIZE
 .It Dv VERIEXEC_TABLESIZE Fa struct veriexec_sizing_params
 Sizes the in kernel hash tables to accommodate the fingerprint entries.
 This request must be made prior to loading the fingerprints into the
@@ -99,20 +98,6 @@ fingerprint, this is used by the kernel to provide a simple sanity check
 on the fingerprint passed.
 Lastly, the fingerprint is a pointer to an
 array of characters that comprise the fingerprint for the file.
-.It Dv VERIEXEC_FINGERPRINTS Fa struct veriexec_fp_report
-Copies a string that contains the fingerprint methods supported by the
-kernel into the buffer pointed to in the argument structure.
-The argument structure also contains the size of the storage that has
-been allocated by the caller to hold the string.
-If the size of the storage is insufficient to hold the entire string,
-then the string will not be copied into the buffer by the kernel; instead
-the size field will be updated with the amount of storage required to hold
-the fingerprint string.
-After performing this request the caller must check the size field in the
-argument structure.
-If this field differs from what was set prior to the
-request then the caller should reallocate the storage with the updated size
-and perform the request again.
 .El
 .Pp
 Note that the requests
diff --git a/sys/dev/verified_exec.c b/sys/dev/verified_exec.c
index 673fd74c19d0..65bc41b9f67e 100644
--- a/sys/dev/verified_exec.c
+++ b/sys/dev/verified_exec.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $	*/
+/*	$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $	*/
 
 /*-
  * Copyright 2005 Elad Efrat <elad@bsd.org.il>
@@ -31,9 +31,9 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $\n$NetBSD: verified_exec.c,v 1.8 2005/05/19 20:16:19 elad Exp $");
+__RCSID("$Id: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $\n$NetBSD: verified_exec.c,v 1.9 2005/05/20 19:52:52 elad Exp $");
 #endif
 
 #include <sys/param.h>
@@ -154,11 +154,9 @@ veriexecioctl(dev_t dev __unused, u_long cmd, caddr_t data,
 	u_long hashmask;
 
 	/*
-	 * Don't allow updates in multi-user mode, but we will allow
-	 * queries of supported fingerprints.
-	 *
+	 * Don't allow updates in multi-user mode.
 	 */
-	if ((securelevel >= 1) && (cmd != VERIEXEC_FINGERPRINTS)) {
+	if (securelevel >= 1) {
 		printf("Veriexec: veriexecioctl: Securelevel raised, loading"
 		       "fingerprints is not permitted\n");
 
@@ -293,20 +291,6 @@ veriexecioctl(dev_t dev __unused, u_long cmd, caddr_t data,
 		break;
 		}
 
-	case VERIEXEC_FINGERPRINTS: {
-		struct veriexec_fp_report *params =
-			(struct veriexec_fp_report *) data;
-		
-		if (strlen(veriexec_fp_names) >= params->size) {
-			params->size = strlen(veriexec_fp_names) + 1;
-		} else {
-			strlcpy(params->fingerprints, veriexec_fp_names,
-				params->size);
-		}
-		
-		break;
-		}
-	
 	default:
 		/* Invalid operation. */
 		error = ENODEV;
diff --git a/sys/sys/verified_exec.h b/sys/sys/verified_exec.h
index 3ad9cf653c8d..f8ffb96fc920 100644
--- a/sys/sys/verified_exec.h
+++ b/sys/sys/verified_exec.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: verified_exec.h,v 1.8 2005/05/19 20:16:19 elad Exp $	*/
+/*	$NetBSD: verified_exec.h,v 1.9 2005/05/20 19:52:52 elad Exp $	*/
 
 /*-
  * Copyright 2005 Elad Efrat <elad@bsd.org.il>
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.8 2005/05/19 20:16:19 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.h,v 1.9 2005/05/20 19:52:52 elad Exp $");
 
 /*
  *
@@ -60,12 +60,6 @@ struct veriexec_sizing_params {
 	size_t hash_size;
 };
 
-struct veriexec_fp_report {
-	unsigned int size;
-	unsigned char *fingerprints;
-};
-
-	
 /*
  * Types of veriexec inodes we can have
  */
@@ -75,7 +69,6 @@ struct veriexec_fp_report {
 
 #define VERIEXEC_LOAD _IOW('S', 0x1, struct veriexec_params)
 #define VERIEXEC_TABLESIZE _IOW('S', 0x2, struct veriexec_sizing_params)
-#define VERIEXEC_FINGERPRINTS _IOWR('S', 0x3, struct veriexec_fp_report)
 
 /* Verified exec sysctl objects. */
 #define	VERIEXEC_VERBOSE	1 /* Verbosity level. */