1.\"- 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 2024, Juniper Networks, Inc. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 18.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 19.\" OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 21.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" 27.Dd August 1, 2024 28.Dt VERIEXEC 4 29.Os 30.Sh NAME 31.Nm veriexec 32.Nd the veriexec device 33.Sh SYNOPSIS 34.In dev/veriexec/veriexec_ioctl.h 35.Sh DESCRIPTION 36The 37.Nm 38device is used by 39.Xr veriexec 8 40to query and modify the state of 41.Xr mac_veriexec 4 . 42.Pp 43Once 44.Xr mac_veriexec 4 45is active, only a process which is marked as 46.Ql trusted 47(normally only 48.Xr veriexec 8 ) 49is able to more than the 50.Dv VERIEXEC_GETSTATE 51ioctl. 52.Sh IOCTLS 53The supported ioctls are described below. 54.Bl -tag 55.It Dv VERIEXEC_SIGNED_LOAD Vt struct verified_exec_params 56Pass file information to 57.Xr mac_veriexec 4 . 58.Bd -literal 59struct verified_exec_params { 60 unsigned char flags; 61 char fp_type[VERIEXEC_FPTYPELEN]; /* type of fingerprint */ 62 char file[MAXPATHLEN]; 63 unsigned char fingerprint[MAXFINGERPRINTLEN]; 64}; 65.Ed 66.It Dv VERIEXEC_LABEL_LOAD Vt struct verified_exec_label_params 67Pass file information and a label to 68.Xr mac_veriexec 4 . 69.Bd -literal 70struct verified_exec_label_params { 71 struct verified_exec_params params; 72 char label[MAXLABELLEN]; 73}; 74.Ed 75.It Dv VERIEXEC_ACTIVE 76.It Dv VERIEXEC_DEBUG_OFF 77.It Dv VERIEXEC_DEBUG_ON Vt int level 78.It Dv VERIEXEC_ENFORCE 79.It Dv VERIEXEC_GETSTATE 80.It Dv VERIEXEC_GETVERSION 81.It Dv VERIEXEC_LOCK 82.It Dv VERIEXEC_VERIFIED_FILE Vt int fd 83Rarely needed. 84Tells 85.Xr mac_veriexec 4 86that the file associated with 87.Va fd 88is verified. 89.El 90.Sh HISTORY 91A 92.Nm 93device first appeared in 94.Nx . 95It was added to 96.Fx 13.1 . 97