Module Name: src
Committed By: sevan
Date: Wed Jan 17 12:41:48 UTC 2018
Modified Files:
src/share/man/man4: veriexec.4
src/sys/arch/macppc/conf: GENERIC
Log Message:
Enable veriexec(4) support by default on the macppc port and update the manual
to mention it.
Closes PR port-powerpc/52908
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/share/man/man4/veriexec.4
cvs rdiff -u -r1.337 -r1.338 src/sys/arch/macppc/conf/GENERIC
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man4/veriexec.4
diff -u src/share/man/man4/veriexec.4:1.25 src/share/man/man4/veriexec.4:1.26
--- src/share/man/man4/veriexec.4:1.25 Wed Aug 30 05:47:24 2017
+++ src/share/man/man4/veriexec.4 Wed Jan 17 12:41:48 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexec.4,v 1.25 2017/08/30 05:47:24 wiz Exp $
+.\" $NetBSD: veriexec.4,v 1.26 2018/01/17 12:41:48 sevan Exp $
.\"
.\" Copyright 2005 Elad Efrat <[email protected]>
.\" Copyright 2005 Brett Lymn <[email protected]>
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd August 30, 2017
+.Dd January 17, 2018
.Dt VERIEXEC 4
.Os
.Sh NAME
@@ -153,7 +153,7 @@ are not permitted once the strict level
.Sh NOTES
.Nm
is part of the default configuration on the following architectures: amd64,
-i386, prep, sparc64.
+i386, macppc, prep, sparc64.
.Sh AUTHORS
.An Brett Lymn Aq Mt [email protected]
.An Elad Efrat Aq Mt [email protected]
Index: src/sys/arch/macppc/conf/GENERIC
diff -u src/sys/arch/macppc/conf/GENERIC:1.337 src/sys/arch/macppc/conf/GENERIC:1.338
--- src/sys/arch/macppc/conf/GENERIC:1.337 Wed Dec 27 18:30:02 2017
+++ src/sys/arch/macppc/conf/GENERIC Wed Jan 17 12:41:48 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.337 2017/12/27 18:30:02 sevan Exp $
+# $NetBSD: GENERIC,v 1.338 2018/01/17 12:41:48 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/macppc/conf/std.macppc"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.337 $"
+#ident "GENERIC-$Revision: 1.338 $"
maxusers 32
@@ -650,17 +650,19 @@ pseudo-device putter # for puffs and p
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
+options FILEASSOC # fileassoc(9) - needed by Veriexec
+
# Veriexec
#
# a pseudo device needed for veriexec
-#pseudo-device veriexec
+pseudo-device veriexec
#
# Uncomment the fingerprint methods below that are desired. Note that
# removing fingerprint methods will have almost no impact on the kernel
# code size.
#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+options VERIFIED_EXEC_FP_SHA256
+options VERIFIED_EXEC_FP_SHA384
+options VERIFIED_EXEC_FP_SHA512
#options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
