port-powerpc/52908: Enable veriexec support by default in GENERIC kernel

To: port-powerpc-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-powerpc/52908: Enable veriexec support by default in GENERIC kernel
From: venture37%geeklan.co.uk@localhost
Date: Sun, 7 Jan 2018 21:55:00 +0000 (UTC)

>Number:         52908
>Category:       port-powerpc
>Synopsis:       Enable veriexec support by default in GENERIC kernel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-powerpc-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 07 21:55:00 +0000 2018
>Originator:     Sevan Janiyan
>Release:        NetBSD-HEAD
>Organization:
>Environment:
NetBSD 8.0_BETA macppc powerpc
>Description:
Attached patch adds the FILEASSOC option to the GENERIC kernel and enables veriexec support.
veriexec(4) is updated to note macppc also includes support by default. 
>How-To-Repeat:

>Fix:
Index: sys/arch/macppc/conf/GENERIC
===================================================================
RCS file: /cvsroot/src/sys/arch/macppc/conf/GENERIC,v
retrieving revision 1.337
diff -u -r1.337 GENERIC
--- sys/arch/macppc/conf/GENERIC	27 Dec 2017 18:30:02 -0000	1.337
+++ sys/arch/macppc/conf/GENERIC	7 Jan 2018 21:25:21 -0000
@@ -650,17 +650,19 @@
 # userland interface to drivers, including autoconf and properties retrieval
 pseudo-device   drvctl
 
+options 	FILEASSOC		# fileassoc(9) - needed by Veriexec
+
 # Veriexec
 #
 # a pseudo device needed for veriexec
-#pseudo-device	veriexec
+pseudo-device	veriexec
 #
 # Uncomment the fingerprint methods below that are desired. Note that
 # removing fingerprint methods will have almost no impact on the kernel
 # code size.
 #
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+options VERIFIED_EXEC_FP_SHA256
+options VERIFIED_EXEC_FP_SHA384
+options VERIFIED_EXEC_FP_SHA512
 
 #options PAX_MPROTECT=0			# PaX mprotect(2) restrictions
Index: share/man/man4/veriexec.4
===================================================================
RCS file: /cvsroot/src/share/man/man4/veriexec.4,v
retrieving revision 1.25
diff -u -r1.25 veriexec.4
--- share/man/man4/veriexec.4	30 Aug 2017 05:47:24 -0000	1.25
+++ share/man/man4/veriexec.4	7 Jan 2018 21:25:23 -0000
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 30, 2017
+.Dd January 07, 2018
 .Dt VERIEXEC 4
 .Os
 .Sh NAME
@@ -153,7 +153,7 @@
 .Sh NOTES
 .Nm
 is part of the default configuration on the following architectures: amd64,
-i386, prep, sparc64.
+i386, macppc, prep, sparc64.
 .Sh AUTHORS
 .An Brett Lymn Aq Mt blymn%NetBSD.org@localhost
 .An Elad Efrat Aq Mt elad%NetBSD.org@localhost

Prev by Date: Add an ATF test for PR 52864
Next by Date: kern/52909: Note fileassoc(9) support is a dependency Veriexec
Previous by Thread: Add an ATF test for PR 52864
Next by Thread: kern/52909: Note fileassoc(9) support is a dependency Veriexec
Indexes:

Home | Main Index | Thread Index | Old Index