> How feasible would it be to add some form of verification check to
> the kernel's bootloader?  For example, a CRC over the kernel text and
> data which is checked by the bootloader before executing the image.

On ports where the bootloader is NetBSD code, probably fairly easy - I
think others have addressed this side of it as well as I can.

But...

> I ask because I've just spent a day tracking down the cause of a
> kernel image corruption on mvme68k.  It eventually turned out to be a
> bizarre SCSI cable related problem (at least, it went away after
> reseating the cables ;-), which caused the same five bytes at the
> same file offsets to be corrupted with exactly the same corrupt data!

...as a defense against this, I don't really see much point.  Why try
to protect the kernel in particular?  Why not do this with every disk
block, or every file, or what have you?  Similar corruption striking
the bootloader itself, or init, or sh, or what have you, could cause
equally troublesome problems, and is at least equally likely.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B