On Jul 19, 2005, at 2:02 PM, Matt Thomas wrote:

> 1) Limit this to ELF only.  This eliminates ns32k/pc532, but does
>    that really matter.

More motivation for getting ns32k up to snuff ;-)

> 2) Add a ELF Note per PT_LOAD section that has three pieces of
>    information: verification algorithm (16 bits), program header
>    number (16 bits), the actual verification data (variable sized).
>    Since the ELF note itself has a size, keeping the size of the data
>    isn't needed.

So, the size is "size of section - size of note"?  I guess that  
sounds OK.

> 3) Place these notes in the .text PT_LOAD section of the kernel.  Add
>    symbols for them: verification_notes_{start,end}.

Make sure the linker script puts them either at the very end or the  
very beginning of the section.

> 4) Allow various algorithms: SHA1, MD5, etc.

Sounds fine...

> 5) Extend mdsetimage(8) or add a new utility to set/test these notes.

I would not use mdsetimage.  I would rather either a new utility.  It  
can be simply -- it just has to patch up existing binary blobs in an  
ELF file.

> 6) Add a libkern support to check them.

Overall sounds terrific.

>
> Any suggestions or ideas?
>
> -- 
> Matt Thomas                     email: matt@3am-software.com
> 3am Software Foundry              www: http://3am-software.com/bio/ 
> matt/
> Cupertino, CA              disclaimer: I avow all knowledge of this  
> message.
>

-- thorpej