Subject: Re: verified executable kernel modification committed
To: Brett Lymn <blymn@baesystems.com.au>
From: Luke Mewburn <lukem@netbsd.org>
List: current-users
Date: 10/30/2002 09:05:25
On Wed, Oct 30, 2002 at 01:10:11AM +1030, Brett Lymn wrote:
  | Folks,
  |         First off let me say a big thanks to the people who told me
  | this crazy idea was good.  Especially thanks to Jason R Fink for doing
  | the hard yards and helping me out in thrashing this into the shape it
  | is currently in.  I feel this code is ready enough to be useful but
  | there are some aspects that can be improved on.

Excellent.


  | Q: How do I build a kernel with this feature?  A: Look for the
  |    GENERIC_VERIEXEC kernel config for a template on how to configure
  |    your kernel.  As of this moment I have only done this for i386 but
  |    all this should be machine independent.
  | 
  | Q: How are the fingerprints loaded into the kernel?
  | A: They are passed into the kernel via a pseudo-device (/dev/veriexec)
  |    by a loader app called verifiedexec_loader
  | 
  | Q: How do I generate the fingerprints?
  | A: You could look at the verifiedexec_load man page for the signature
  |    file format.  Or you can check out some simple minded scripts in
  |    /usr/share/example/verifiedexec_load that do a full scan of your
  |    system and generate the fingerprints for you.

A comment on the names ...

	Device:		/dev/veriexec
	Kernel option:	VERIFIED_EXEC
	Control prog:	/sbin/verifiedexec_load
	Examples:	/usr/share/example/verifiedexec_load

I would prefer to see some consistency within the suite and also with
prior art in NetBSD.

At a minimum, the control program (and associated examples) should be
"veriexecctl" or something like that (instead of "verifiedexec_load").
As for the kernel option name, that's probably OK.


Luke.