I'm currently encountering a situation in which a kernel loaded from
a storage device is not being correctly copied to memory.  To detect
this, I want to add generic support to detect this.

1) Limit this to ELF only.  This eliminates ns32k/pc532, but does
    that really matter.

2) Add a ELF Note per PT_LOAD section that has three pieces of
    information: verification algorithm (16 bits), program header
    number (16 bits), the actual verification data (variable sized).
    Since the ELF note itself has a size, keeping the size of the data
    isn't needed.

3) Place these notes in the .text PT_LOAD section of the kernel.  Add
    symbols for them: verification_notes_{start,end}.

4) Allow various algorithms: SHA1, MD5, etc.

5) Extend mdsetimage(8) or add a new utility to set/test these notes.

6) Add a libkern support to check them.

Any suggestions or ideas?

-- 
Matt Thomas                     email: matt@3am-software.com
3am Software Foundry              www: http://3am-software.com/bio/matt/
Cupertino, CA              disclaimer: I avow all knowledge of this message.