freebsd-skq/sys/modules/veriexec/Makefile
stevek faba5effd4 Device for user space to interface with MAC/veriexec.
The veriexec device features the following ioctl commands:

VERIEXEC_ACTIVE
  Activate veriexec functionality
VERIEXEC_DEBUG_ON
  Enable debugging mode and increment or set the debug level
VERIEXEC_DEBUG_OFF
  Disable debugging mode
VERIEXEC_ENFORCE
  Enforce veriexec fingerprinting (and acitvate if not already)
VERIEXEC_GETSTATE
  Get current veriexec state
VERIEXEC_LOCK
  Lock changes to veriexec meta-data store
VERIEXEC_LOAD
  Load veriexec fingerprint if secure level is not raised (and passes the
  checks for VERIEXEC_SIGNED_LOAD)
VERIEXEC_SIGNED_LOAD
  Load veriexec fingerprints from loader that supports signed manifest
  (and thus we can be more lenient about secure level being raised.)
  Fingerprints can be loaded if the meta-data store is not locked. Also
  securelevel must not have been raised or some fingerprints must have
  already been loaded, otherwise it would be dangerous to allow loading.
  (Note: this assumes that the fingerprints in the meta-data store at
         least cover the fingerprint loader.)

Reviewed by:	jtl
Obtained from:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D8561
2018-06-20 00:48:46 +00:00

13 lines
175 B
Makefile

# $FreeBSD$
.PATH: ${.PARSEDIR:H:H}/dev/veriexec
.include <bsd.own.mk>
KMOD= veriexec
SRCS= verified_exec.c
SRCS+= bus_if.h device_if.h vnode_if.h
.include <bsd.kmod.mk>