| VERIEXEC(4) | Device Drivers Manual | VERIEXEC(4) | 
veriexec —
pseudo-device veriexec
The veriexec pseudo-device is used to load
    and delete entries to and from the in-kernel Veriexec
    databases, as well as query information about them. It can also be used to
    dump the entire database.
VERIEXEC_LOADThe dictionary passed contains the following elements:
| Name | Type | Purpose | 
| file | string | filename for this entry | 
| entry-type | uint8 | entry type (see below) | 
| fp-type | string | fingerprint hashing algorithm | 
| fp | data | the fingerprint | 
| keep-filename | bool | whether or not to retain the entry's filename | 
“entry-type” can be one or more (binary-OR'd) of the following:
| Type | Effect | 
| VERIEXEC_DIRECT | can execute directly | 
| VERIEXEC_INDIRECT | can execute indirectly (interpreter, mmap(2)) | 
| VERIEXEC_FILE | can be opened | 
| VERIEXEC_UNTRUSTED | located on untrusted storage | 
VERIEXEC_DELETEThe dictionary passed contains the following elements:
| Name | Type | Purpose | 
| file | string | filename or mount-point | 
VERIEXEC_DUMPOnly files for which the filename was kept will be dumped. The returned array contains dictionaries with the following elements:
| Name | Type | Purpose | 
| file | string | filename | 
| fp-type | string | fingerprint hashing algorithm | 
| fp | data | the fingerprint | 
| entry-type | uint8 | entry type (see above) | 
VERIEXEC_FLUSHThis command has no parameters.
VERIEXEC_QUERYThe dictionary passed contains the following elements:
| Name | Type | Purpose | 
| file | string | filename | 
The dictionary returned contains the following elements:
| Name | Type | Purpose | 
| entry-type | uint8 | entry type (see above) | 
| status | uint8 | entry status | 
| fp-type | string | fingerprint hashing algorithm | 
| fp | data | the fingerprint | 
“status” can be one of the following:
| Status | Meaning | 
| FINGERPRINT_NOTEVAL | not evaluated | 
| FINGERPRINT_VALID | fingerprint match | 
| FINGERPRINT_MISMATCH | fingerprint mismatch | 
Note that the requests VERIEXEC_LOAD,
    VERIEXEC_DELETE, and
    VERIEXEC_FLUSH are not permitted once the strict
    level has been raised past 0.
veriexec is part of the default configuration on the
  following architectures: amd64, i386, macppc, prep, sparc64.
| January 17, 2018 | NetBSD 9.4 |