Re: trying to compile veriexec and PAX functionality into my domU pv

[Michael Litchard <michael%schmong.org@localhost>]

As sometimes happens, I found the solution right after sending this mail.
Turns out 5.0.1 has veriexec built in, but /dev/veriexec needed to be made.

On Tue, Aug 25, 2009 at 10:11 PM, Michael Litchard <michael%schmong.org@localhost> wrote:

PAX works great, but when I add to my config file, the lines suggested by man veriexec, I get the following errors on compile

#   compile  secure_XEN3_DOMU/vers.o
cc  -mcmodel=kernel -mno-red-zone -ffreestanding -fno-zero-initialized-in-bss -g
 -O2 -fno-omit-frame-pointer -std=gnu99 -fno-strict-aliasing   -Werror -Wall -Wn
o-main -Wno-format-zero-length -Wpointer-arith -Wmissing-prototypes -Wstrict-pro
totypes -Wswitch -Wshadow -Wcast-qual -Wwrite-strings -Wno-unreachable-code -Wno
-sign-compare -Wno-pointer-sign -Wno-attributes -Wextra -Wno-unused-parameter  -
Werror   -Damd64 -Dx86_64 -I. -I/usr/src/sys/arch/amd64/compile/secure_XEN3_DOMU
/xen-ma -I../../../../../common/include -I../../../../arch  -I../../../.. -nostd
inc -DMAXPHYS="32768" -DLKM -DDIAGNOSTIC -DDEBUG -DMAXUSERS=32 -D_KERNEL -D_KERN
EL_OPT -I../../../../lib/libkern/../../../common/lib/libc/quad -I../../../../lib
/libkern/../../../common/lib/libc/string -I../../../../lib/libkern/../../../comm
on/lib/libc/arch/x86_64/string   -I../../../../dist/ipf  -c vers.c
#      link  secure_XEN3_DOMU/netbsd
ld -Map netbsd.map --cref -T ../../../../arch/amd64/conf/kern.ldscript.Xescript.Xen -Ttex
t 0xffffffff80100000 -e start -X -o netbsd ${SYSTEM_OBJ} ${EXTRA_OBJ} vers.o
kern_verifiedexec.o: In function `veriexec_dump':
../../../../kern/kern_verifiedexec.c:1541: undefined reference to `fileassoc_tab
le_run'
kern_verifiedexec.o: In function `veriexec_file_delete':
../../../../kern/kern_verifiedexec.c:1369: undefined reference to `fileassoc_cle
ar'
kern_verifiedexec.o: In function `veriexec_file_add':
../../../../kern/kern_verifiedexec.c:1304: undefined reference to `fileassoc_add
'
kern_verifiedexec.o: In function `veriexec_raw_cb':
../../../../kern/kern_verifiedexec.c:1111: undefined reference to `fileassoc_tab
le_run'
kern_verifiedexec.o: In function `veriexec_init':
../../../../kern/kern_verifiedexec.c:314: undefined reference to `fileassoc_regi
ster'
kern_verifiedexec.o: In function `veriexec_get':
../../../../kern/kern_verifiedexec.c:528: undefined reference to `fileassoc_look
up'
kern_verifiedexec.o: In function `veriexec_table_delete':
../../../../kern/kern_verifiedexec.c:1356: undefined reference to `fileassoc_tab
le_clear'
*** Error code 1

Stop.
make: stopped in /usr/src/sys/arch/amd64/compile/secure_XEN3_DOMU

for this test I omitted for PAX.
my config file is a copy of XEN3_DOMU with the following lines added

 pseudo-device veriexec 1

           options VERIFIED_EXEC_FP_SHA256
           options VERIFIED_EXEC_FP_SHA512

could someone tell me why this isn't working, and what I should do next to solve the problem?

P.S. here is the output from uname -a
NetBSD michael.schmong.org 5.0.1 NetBSD 5.0.1 (secure_XEN3_DOMU) #0: Tue Aug 25 14:34:42 PDT 2009  michael%michael.schmong.org@localhost:/usr/src/sys/arch/amd64/compile/secure_XEN3_DOMU amd64


I really appreciate this list. :)