[src/netbsd-3]: src/sys/arch/i386/conf Pull up revision 1.667 (requested by e...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/03451fb0cb23
branches:  netbsd-3
changeset: 576101:03451fb0cb23
user:      tron <tron%NetBSD.org@localhost>
date:      Fri Jun 10 14:49:03 2005 +0000

description:
Pull up revision 1.667 (requested by elad in ticket #389):
Rototill of the verified exec functionality.
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.

diffstat:

 sys/arch/i386/conf/GENERIC |  24 ++++++++++++++++++++++--
 1 files changed, 22 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r 99a6b3add2e7 -r 03451fb0cb23 sys/arch/i386/conf/GENERIC
--- a/sys/arch/i386/conf/GENERIC        Fri Jun 10 14:48:56 2005 +0000
+++ b/sys/arch/i386/conf/GENERIC        Fri Jun 10 14:49:03 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.661.2.1 2005/04/17 11:44:31 tron Exp $
+# $NetBSD: GENERIC,v 1.661.2.2 2005/06/10 14:49:03 tron Exp $
 #
 # GENERIC machine description file
 #
@@ -22,7 +22,7 @@
 
 options        INCLUDE_CONFIG_FILE     # embed config file in kernel binary
 
-#ident                 "GENERIC-$Revision: 1.661.2.1 $"
+#ident                 "GENERIC-$Revision: 1.661.2.2 $"
 
 maxusers       32              # estimated number of users
 
@@ -207,6 +207,23 @@
 #options       ALTQ_RIO        # RED with IN/OUT
 #options       ALTQ_WFQ        # Weighted Fair Queueing
 
+# These options control the verified exec feature
+#options VERIFIED_EXEC
+#
+# Uncomment the fingerprint methods below that are desired.  Note that
+# removing fingerprint methods will have almost no impact on the kernel
+# code size.
+#
+#options VERIFIED_EXEC_FP_RMD160
+#options VERIFIED_EXEC_FP_SHA256
+#options VERIFIED_EXEC_FP_SHA384
+#options VERIFIED_EXEC_FP_SHA512
+#options VERIFIED_EXEC_FP_SHA1
+#options VERIFIED_EXEC_FP_MD5
+#
+#options VERIFIED_EXEC_DEBUG
+#options VERIFIED_EXEC_DEBUG_VERBOSE
+
 # These options enable verbose messages for several subsystems.
 # Warning, these may compile large string tables into the kernel!
 #options       ACPIVERBOSE     # verbose ACPI device autoconfig messages
@@ -1253,6 +1270,9 @@
 # a pseudo device needed for SMBFS
 pseudo-device  nsmb                    # experimental - SMB requester
 
+# a pseudo device needed for verified exec
+#pseudo-device verifiedexec        1
+
 # wscons pseudo-devices
 pseudo-device  wsmux                   # mouse & keyboard multiplexor
 pseudo-device  wsfont