d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
36180cd53d
freebsd-dev/sys
History
Stephen J. Kiernan ed7b25da78 Device for user space to interface with MAC/veriexec. 
The veriexec device features the following ioctl commands:

VERIEXEC_ACTIVE
  Activate veriexec functionality
VERIEXEC_DEBUG_ON
  Enable debugging mode and increment or set the debug level
VERIEXEC_DEBUG_OFF
  Disable debugging mode
VERIEXEC_ENFORCE
  Enforce veriexec fingerprinting (and acitvate if not already)
VERIEXEC_GETSTATE
  Get current veriexec state
VERIEXEC_LOCK
  Lock changes to veriexec meta-data store
VERIEXEC_LOAD
  Load veriexec fingerprint if secure level is not raised (and passes the
  checks for VERIEXEC_SIGNED_LOAD)
VERIEXEC_SIGNED_LOAD
  Load veriexec fingerprints from loader that supports signed manifest
  (and thus we can be more lenient about secure level being raised.)
  Fingerprints can be loaded if the meta-data store is not locked. Also
  securelevel must not have been raised or some fingerprints must have
  already been loaded, otherwise it would be dangerous to allow loading.
  (Note: this assumes that the fingerprints in the meta-data store at
         least cover the fingerprint loader.)

Reviewed by:	jtl
Obtained from:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D8561
2018-06-20 00:48:46 +00:00
..
amd64 remove ixl iwarp and ixlv from the build until they are in a working state 2018-06-19 02:48:53 +00:00
arm Move common GIC interrupt numbers to the common header. These are the same 2018-06-19 16:14:23 +00:00
arm64 Move common GIC interrupt numbers to the common header. These are the same 2018-06-19 16:14:23 +00:00
bsm
cam Fix setting RCA for MMC cards 2018-06-19 20:02:03 +00:00
cddl This originated from ZFS On Linux, as 2018-06-08 17:38:28 +00:00
compat linuxulator: handle V3 capget/capset 2018-06-19 21:26:23 +00:00
conf MAC/veriexec implements a verified execution environment using the MAC 2018-06-20 00:41:30 +00:00
contrib Really fix the style. 2018-06-19 18:43:02 +00:00
crypto disable printing value of SKEIN_LOOP during standard out, 2018-05-19 18:27:14 +00:00
ddb Extend show proc with reaper, sigparent, and vmspace information 2018-05-25 13:59:48 +00:00
dev Device for user space to interface with MAC/veriexec. 2018-06-20 00:48:46 +00:00
dts
fs Revert r335263, since it can cause crashes in unusual circumstances. 2018-06-17 23:08:54 +00:00
gdb
geom gpart: add EFI alias for MBR partition scheme 2018-06-17 20:10:48 +00:00
gnu dts: Update our copy to Linux 4.17 2018-06-14 07:12:10 +00:00
i386 linuxulator: do not include legacy syscalls on arm64 2018-06-15 14:41:51 +00:00
isa
kern convert inpcbinfo hash and info rwlocks to epoch + mutex 2018-06-19 01:54:00 +00:00
kgssapi
libkern str(r)chr: Replace union abuse with __DECONST 2018-06-04 18:47:14 +00:00
mips hwpmc: yet another missed fixup 2018-06-08 18:54:47 +00:00
modules Device for user space to interface with MAC/veriexec. 2018-06-20 00:48:46 +00:00
net Move BPFIF_* macro definitions into .c file, where struct bpf_if is 2018-06-19 10:34:45 +00:00
net80211
netgraph Catch up two more places to the V_ifnet change to a CK_STAILQ. 2018-05-24 00:06:55 +00:00
netinet Make sure that the t_peakrate_thr is not compiled in 2018-06-19 11:20:28 +00:00
netinet6 Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
netipsec uma: implement provisional api for per-cpu zones 2018-06-08 21:40:03 +00:00
netpfil Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
netsmb
nfs Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
nfsclient
nfsserver
nlm
ofed Revert r335094 and properly fix OFED build after r335053. 2018-06-14 07:55:10 +00:00
opencrypto
powerpc Split the PowerISA 3.0 HPT implementation from historic 2018-06-14 17:23:51 +00:00
riscv Don't jump to VA space until kernel is ready. 2018-06-13 10:32:21 +00:00
rpc
security MAC/veriexec implements a verified execution environment using the MAC 2018-06-20 00:41:30 +00:00
sparc64 Define memmove and make bcopy alt entry point 2018-05-24 21:11:28 +00:00
sys libnv: Add nvlist_append_*_array() family of functions. 2018-06-18 22:57:32 +00:00
teken teken: Fix sequences header which was crossing the 80-col boundary 2018-05-29 08:41:44 +00:00
tests epoch(9): Make epochs non-preemptible by default 2018-05-18 17:29:43 +00:00
tools
ufs ufs: remove cgbno variable where unused 2018-05-19 19:30:42 +00:00
vm Name the implementation of brk and sbrk sys_break(). 2018-06-14 21:27:25 +00:00
x86 Untangle configuration ifdefs a little. On x86, msi is optional on pci, 2018-06-10 14:49:13 +00:00
xdr
xen xen: remove dead code from gnttab.h 2018-05-25 08:44:00 +00:00
Makefile