1*b77f6185SSimon J. Gerraty.\"- 2*b77f6185SSimon J. Gerraty.\" SPDX-License-Identifier: BSD-2-Clause 3*b77f6185SSimon J. Gerraty.\" 4*b77f6185SSimon J. Gerraty.\" Copyright (c) 2024, Juniper Networks, Inc. 5*b77f6185SSimon J. Gerraty.\" 6*b77f6185SSimon J. Gerraty.\" Redistribution and use in source and binary forms, with or without 7*b77f6185SSimon J. Gerraty.\" modification, are permitted provided that the following conditions 8*b77f6185SSimon J. Gerraty.\" are met: 9*b77f6185SSimon J. Gerraty.\" 1. Redistributions of source code must retain the above copyright 10*b77f6185SSimon J. Gerraty.\" notice, this list of conditions and the following disclaimer. 11*b77f6185SSimon J. Gerraty.\" 2. Redistributions in binary form must reproduce the above copyright 12*b77f6185SSimon J. Gerraty.\" notice, this list of conditions and the following disclaimer in the 13*b77f6185SSimon J. Gerraty.\" documentation and/or other materials provided with the distribution. 14*b77f6185SSimon J. Gerraty.\" 15*b77f6185SSimon J. Gerraty.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16*b77f6185SSimon J. Gerraty.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17*b77f6185SSimon J. Gerraty.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 18*b77f6185SSimon J. Gerraty.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 19*b77f6185SSimon J. Gerraty.\" OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20*b77f6185SSimon J. Gerraty.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 21*b77f6185SSimon J. Gerraty.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22*b77f6185SSimon J. Gerraty.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23*b77f6185SSimon J. Gerraty.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24*b77f6185SSimon J. Gerraty.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25*b77f6185SSimon J. Gerraty.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26*b77f6185SSimon J. Gerraty.\" 27*b77f6185SSimon J. Gerraty.Dd August 1, 2024 28*b77f6185SSimon J. Gerraty.Dt VERIEXEC 4 29*b77f6185SSimon J. Gerraty.Os 30*b77f6185SSimon J. Gerraty.Sh NAME 31*b77f6185SSimon J. Gerraty.Nm veriexec 32*b77f6185SSimon J. Gerraty.Nd the veriexec device 33*b77f6185SSimon J. Gerraty.Sh SYNOPSIS 34*b77f6185SSimon J. Gerraty.In dev/veriexec/veriexec_ioctl.h 35*b77f6185SSimon J. Gerraty.Sh DESCRIPTION 36*b77f6185SSimon J. GerratyThe 37*b77f6185SSimon J. Gerraty.Nm 38*b77f6185SSimon J. Gerratydevice is used by 39*b77f6185SSimon J. Gerraty.Xr veriexec 8 40*b77f6185SSimon J. Gerratyto query and modify the state of 41*b77f6185SSimon J. Gerraty.Xr mac_veriexec 4 . 42*b77f6185SSimon J. Gerraty.Pp 43*b77f6185SSimon J. GerratyOnce 44*b77f6185SSimon J. Gerraty.Xr mac_veriexec 4 45*b77f6185SSimon J. Gerratyis active, only a process which is marked as 46*b77f6185SSimon J. Gerraty.Ql trusted 47*b77f6185SSimon J. Gerraty(normally only 48*b77f6185SSimon J. Gerraty.Xr veriexec 8 ) 49*b77f6185SSimon J. Gerratyis able to more than the 50*b77f6185SSimon J. Gerraty.Dv VERIEXEC_GETSTATE 51*b77f6185SSimon J. Gerratyioctl. 52*b77f6185SSimon J. Gerraty.Sh IOCTLS 53*b77f6185SSimon J. GerratyThe supported ioctls are described below. 54*b77f6185SSimon J. Gerraty.Bl -tag 55*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_SIGNED_LOAD Vt struct verified_exec_params 56*b77f6185SSimon J. GerratyPass file information to 57*b77f6185SSimon J. Gerraty.Xr mac_veriexec 4 . 58*b77f6185SSimon J. Gerraty.Bd -literal 59*b77f6185SSimon J. Gerratystruct verified_exec_params { 60*b77f6185SSimon J. Gerraty unsigned char flags; 61*b77f6185SSimon J. Gerraty char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 62*b77f6185SSimon J. Gerraty char file[MAXPATHLEN]; 63*b77f6185SSimon J. Gerraty unsigned char fingerprint[MAXFINGERPRINTLEN]; 64*b77f6185SSimon J. Gerraty}; 65*b77f6185SSimon J. Gerraty.Ed 66*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_LABEL_LOAD Vt struct verified_exec_label_params 67*b77f6185SSimon J. GerratyPass file information and a label to 68*b77f6185SSimon J. Gerraty.Xr mac_veriexec 4 . 69*b77f6185SSimon J. Gerraty.Bd -literal 70*b77f6185SSimon J. Gerratystruct verified_exec_label_params { 71*b77f6185SSimon J. Gerraty struct verified_exec_params params; 72*b77f6185SSimon J. Gerraty char label[MAXLABELLEN]; 73*b77f6185SSimon J. Gerraty}; 74*b77f6185SSimon J. Gerraty.Ed 75*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_ACTIVE 76*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_DEBUG_OFF 77*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_DEBUG_ON Vt int level 78*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_ENFORCE 79*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_GETSTATE 80*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_GETVERSION 81*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_LOCK 82*b77f6185SSimon J. Gerraty.It Dv VERIEXEC_VERIFIED_FILE Vt int fd 83*b77f6185SSimon J. GerratyRarely needed. 84*b77f6185SSimon J. GerratyTells 85*b77f6185SSimon J. Gerraty.Xr mac_veriexec 4 86*b77f6185SSimon J. Gerratythat the file associated with 87*b77f6185SSimon J. Gerraty.Va fd 88*b77f6185SSimon J. Gerratyis verified. 89*b77f6185SSimon J. Gerraty.El 90*b77f6185SSimon J. Gerraty.Sh HISTORY 91*b77f6185SSimon J. GerratyA 92*b77f6185SSimon J. Gerraty.Nm 93*b77f6185SSimon J. Gerratydevice first appeared in 94*b77f6185SSimon J. Gerraty.Nx . 95*b77f6185SSimon J. GerratyIt was added to 96*b77f6185SSimon J. Gerraty.Fx 13.1 . 97