veriexec

Prerequisites

1. Check if your kernel (/usr/src/sys/arch/amd64/conf/GENERIC) has:

      pseudo-device veriexec
      options VERIFIED_EXEC_FP_MD5
      options VERIFIED_EXEC_FP_SHA1
      options VERIFIED_EXEC_FP_RMD160
      options VERIFIED_EXEC_FP_SHA512
      options VERIFIED_EXEC_FP_SHA384
      options VERIFIED_EXEC_FP_SHA256
    
      pseudo-device veriexec 1

2. check if you have /dev/veriexec
   • if it is missing cd /dev && sh MAKEDEV veriexec

initial setup

run veriexecgen (maybe veriexecgen -D)

/etc.rc.d/veriexec start

add veriexec=YES to your rc.conf

veriexecctl load /etc/signature

with kern.veriexec.strict=1 you can higher the security alter extensive testing!!!

Helpful links:

* http://www.netbsd.org/docs/guide/en/chap-veriexec.html