From owner-freebsd-arch@freebsd.org Thu Jul 12 18:15:41 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 23CF8102F4F6 for ; Thu, 12 Jul 2018 18:15:41 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6A93B76DC4 for ; Thu, 12 Jul 2018 18:15:40 +0000 (UTC) (envelope-from sjg@juniper.net) Received: by mailman.ysv.freebsd.org (Postfix) id 2E445102F4F0; Thu, 12 Jul 2018 18:15:40 +0000 (UTC) Delivered-To: arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A234102F4EF for ; Thu, 12 Jul 2018 18:15:40 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "thawte SHA256 SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 62BD976DBC; Thu, 12 Jul 2018 18:15:39 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w6CI9wwS021721; Thu, 12 Jul 2018 11:15:38 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=5xNSKNgSU13fBCS3W/ZaZa8W/Cyde5UhRR4pG+yk41o=; b=YSGL5OB5GuxNa2OUYhwTGmSx9vC/yGGACGflBqjTw0sL4H8xPswlrSPOgql60tWWvHXX CruKlc6dot7mdWlTv04IglwbfxvMDsyQtBgwTCRwv63oOca4LluicHw2vQt9tPGHZEtR smvCkPyL3/QU/3tyfW24kpL1bwLNesR/bG3jMJVXo3cusEfmI+rRRC/6u19A7Jjel16G SwKw1C/wc2MPPYtaE7u8lasIsQeanNwe+iOabi6YZ+kieFgA3ZRGmk/vS5fXgvAKPIiW ej99IT3EXp41srchRpBxst5xM+kcCDfZ/y4JFgW/3ExqQqW39at8Bb+Gizz3RdW2xutq AQ== Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp0055.outbound.protection.outlook.com [216.32.181.55]) by mx0b-00273201.pphosted.com with ESMTP id 2k6an387ax-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 12 Jul 2018 11:15:38 -0700 Received: from DM5PR05CA0060.namprd05.prod.outlook.com (2603:10b6:4:39::49) by DM5PR05MB3178.namprd05.prod.outlook.com (2603:10b6:3:c7::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.7; Thu, 12 Jul 2018 18:15:36 +0000 Received: from DM3NAM05FT030.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::203) by DM5PR05CA0060.outlook.office365.com (2603:10b6:4:39::49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.952.15 via Frontend Transport; Thu, 12 Jul 2018 18:15:35 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.242.13 as permitted sender) Received: from P-EXFEND-EQX-02.jnpr.net (66.129.242.13) by DM3NAM05FT030.mail.protection.outlook.com (10.152.98.142) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.20.973.9 via Frontend Transport; Thu, 12 Jul 2018 18:15:35 +0000 Received: from P-EXFEND-EQX-02.jnpr.net (10.104.8.55) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.847.32; Thu, 12 Jul 2018 11:14:34 -0700 Received: from P-EMFE01C-SAC.jnpr.net (172.24.192.43) by P-EXFEND-EQX-02.jnpr.net (10.104.8.55) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Frontend Transport; Thu, 12 Jul 2018 11:14:34 -0700 Received: from p-mailhub01.juniper.net (10.47.226.20) by P-EMFE01C-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 12 Jul 2018 11:14:34 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w6CIEXWR009751; Thu, 12 Jul 2018 11:14:34 -0700 (envelope-from sjg@juniper.net) Received: by kaos.jnpr.net (Postfix, from userid 1377) id E3A2611711; Thu, 12 Jul 2018 11:14:33 -0700 (PDT) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id E343811710; Thu, 12 Jul 2018 11:14:33 -0700 (PDT) To: , "freebsd-arch@freebsd.org" , "Stephen J. Kiernan" , Subject: Re: Veriexec In-Reply-To: <88827.1530660165@kaos.jnpr.net> References: <88827.1530660165@kaos.jnpr.net> Comments: In-reply-to: "Simon J. Gerraty" message dated "Tue, 03 Jul 2018 16:22:45 -0700." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <6312.1531419273.1@kaos.jnpr.net> Date: Thu, 12 Jul 2018 11:14:33 -0700 Message-ID: <8666.1531419273@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.242.13; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(136003)(376002)(39860400002)(396003)(2980300002)(69234005)(199004)(189003)(55674003)(2810700001)(97756001)(106466001)(6266002)(450100002)(186003)(97736004)(23726003)(7116003)(5660300001)(2906002)(229853002)(476003)(9686003)(53936002)(68736007)(7126003)(305945005)(11346002)(50466002)(221733001)(90966002)(69596002)(8676002)(8936002)(55016002)(117636001)(3480700004)(14444005)(50226002)(336012)(446003)(356003)(81166006)(86362001)(478600001)(110136005)(47776003)(76506005)(26005)(46406003)(105596002)(26826003)(486006)(77096007)(97876018)(16586007)(53416004)(6246003)(1941001)(7696005)(81156014)(126002)(316002)(76176011)(2101003)(42262002)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3178; H:P-EXFEND-EQX-02.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1; MX:1; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT030; 1:H6lsD8NC3DOGepLJtzqP0F09+uHLdCuAwHgVUhhm2s1ta0f39vTmZw4TaxjioFc1lxn6/LyXdk1pmJNUMFyusQVYxEMpHGSusKSNy/U2wmbGAnDyrIjDOE/I6OIGKyJ4 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7455ed38-127c-4672-9f55-08d5e82376cc X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060); SRVR:DM5PR05MB3178; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3178; 3:3eaSLXM4P5Ktps2EhMRyPwyXnL84gZ583l5io/1eurb3DBOH5iSwJLUUBsOEQjTS1ErxGWp7ZIefx/HA71OAs2pb5Xp+Rr4Qq4T1H6iuEK+jRh14dEVy9Y89uuEf5aKppFhks1EcqHJ484Me33aNUUfkmfXnicUL6F0WZB93PZ7yu4xjEwIxpNW85JYc0DSYXrcTtqsLLTdvbQF/bvQVTsAfxgnXzKvjCfj/EzOYuf4xIHuc3EwRHGPsAsYFVndqq+Z5TFX4kgB65O9E+f1ng/S0agLKr6rHMcpb5TSZAfhizADXP0kNq0TQ+Eg/MO+aocp3Ur79TmxDCBCRzvNIn9m7WglP8rhPpbxsu6a0U/g=; 25:Z2FqDS4dWz4bPF4pvyhy67IZpzvZuhe5El0PVQPAdVf7pwBtqk9augmv7xVdqO0ih28NlOAiS+DKV5vL6roK6w7ujFwRWeMC6crpmqqkoN9MJDR+2BehNNS6swpO3BK55qzlFSLGRPYTY9Ko0aXwMUNPq8w7slFdE6diJyTzEAAjjiWQewXBfWyvkyn8tiZS5hpf65CcsQMBeQTyv+qWTk9P6df9vp1m0cYD8LcALCyBTLmqKrjq5jfT/XeSkRioTqV1kky0068Bh07VH/EXwmWDwRsDzfAgv8C8ZpTdkBweJVGmDy86QJY4Io4LC9e8I5vK+P44Ah5Thz7YaQuttw== X-MS-TrafficTypeDiagnostic: DM5PR05MB3178: X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3178; 31:Hc1O6LVDneEfvALVWWG779zitkpFvKGd4RU3DQzRmMRQv1M5dk6N5tnEleJOKWSXiDrXv+NFlT89KiA3/mYXy+IW50V1dFSVx2KYGLdzboUOO0GFXrw6CWL/bfLdWAqZhDgWB6bwakvBjF0pEcs3Dg3N0C+ptWi1WnVvLYLCC5iIPhEXbpvcMsjhOgRwqt7K9BiI8UXSrNrM17s9icaUjTe1R1GO2RpnFb5jE66g0tQ=; 20:1Umhuhl2PIWOJGFcCPDRWVc6CRswTVLDV97o+3cSVQecz+N5ZWQEwakyjFsEg1lzJA/rKSDmtdsQX+zk5HKNwUIN1veFXQuGHNMoaVlvCQZ1yLMXgFY14uPUROu79eFtFiIeENPx97odw8fcNt7jNeRWJTL4nXXavfo0gKzNXK4dgpIi4PjZg7lPhCQvGm/UtZX4gM9dZs3nUaeY/w0rQteBHtDuNCBRy1Nd7KIqLUjigbvvH/ddabpA5cHNRsyXZzDUwAN4daQnJoplUHRT+xn0WAU4+urxKAa4nhQvQgmMiz01OW8ZZ9uEbniOdMmGz2iNgK/+ccrUBfP9rYeg+ndH71IRBtOEnKTaB2SeXO+nfZwxK0UxlPlzDSlCU4hiVuA9i/ce7PtHVjbNSJUgE4cujmEVLEvyOv5g54J99ji6zQN5PBnXLz2wb76Gys4SzPsUkLzSdEBeC0JBXnzpmRGo5jCaTUlH14BHqD55Ag157s9onwdMBbP7Vb2Dtc6s X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(138986009662008); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93003095)(10201501046)(3002001)(3231311)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:DM5PR05MB3178; BCL:0; PCL:0; RULEID:; SRVR:DM5PR05MB3178; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3178; 4:M6UENrwU0oIs4VUesFW8/MAl2icdGC6yt1ph+Th+Ee+Ne5js5MF8MBzZ3yuiSOgZbpaCaVmCOumiQpnZTqZgRUzc/YkaTM6kc6aZQNzSucZ6WsTXtYEMRxj4UxMQaqR0n0OE1YLML+lH8wWrYmxEz3yRda1tEwPkabVgHrtmEg/naMQ70ua/j3roQgNp0RTnO7D1VKZkhPHdNGj0m2z63zgSJZpOJAjSLaU0CL2QQbPwQ8XHFdaLnCuHHulLHf8MqKt/k9d+xP8MVVvhCmqWpwPceRixoPC/pvcyuGxNljmby15vJUBPveoFiAmpl2NH X-Forefront-PRVS: 0731AA2DE6 X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR05MB3178; 23:ZZyLmveX1htnRI9s4cH3WcxOAssUEintPyK5t3QML?= =?us-ascii?Q?bQ8lwu18HIDRJJpA5ckVvWsk4cI5dRSRTshXpWen5qVTseXrVcQPzBblMGsn?= =?us-ascii?Q?46uYaFhHDZZMz3gaJBt8aF8g1BSG6t1xK+hBz9ZFkVt6Eqofrpx+sUhS6dZ6?= =?us-ascii?Q?gxovKCA6eCYL1OSy5RRdzshhQu70PMWi9HM7kfQwTHcVNFq7XPrkd/wOf1py?= =?us-ascii?Q?k0IqEOf1fvThl68ZKtixonalMovr9xrEZPHPAqAubrDsVgAFvcU71XJ6MMk0?= =?us-ascii?Q?TvhGyMYoVwAY+ErkMVXp9TkzJGZMcZP2+AJve6kiVnOwhH421A90Q0UvFmJI?= =?us-ascii?Q?a+d7L2BsmGnWy2OplWmIDXCvLnAz5p1CpYRudAxeXpIMVGcIygg/MWhdaeW5?= =?us-ascii?Q?ZzhMfVuD0dJtBNLRv/tN6INzKN80itlBe9PkyIzchcFtP0mtdHioQRrcycr9?= =?us-ascii?Q?PDEztDgUJzBItTZfy//i0Qf/O1JMOPpYo3YLQ9SqQk2h6OEQHCGSF+lzUdXi?= =?us-ascii?Q?PEk1yKsusadUaBemG1nKiVIDhIByvslpL/LbTl1TdhGolUO7/RkG/QBy8uag?= =?us-ascii?Q?ffB4WBUEPjmVDB/A1HxV9/eR1nRxxP9x+PKVGYF+RD8uYhy66xASH3MfcRup?= =?us-ascii?Q?NfHqSafEIJbq5NivgKMR6RAEODHGYkFLUKt6bxsCxc8SjRjjzb4JsGo/VahK?= =?us-ascii?Q?kUtY0+Z/yUOc1RzltBdCfy6wRcsYIec0UjECy5u/WWjbexHtM950lB8YITJD?= =?us-ascii?Q?SF/5bzrAW1jbZTeb5sg8gYf9sM0NRfS3zm3MpLz3UvCLnZiLeBMzF9eq+q4p?= =?us-ascii?Q?Qt4+14/1biXkqSho5gWWepGjiDzrsTIj737vYS9TnfjxEzi6aE2AS1qA7710?= =?us-ascii?Q?oKA3ZFma6epnx/JJQ+Cd6lw0bFnb7HRf04tJ1d1Px2iiO+PVljJ5UmsZG8W7?= =?us-ascii?Q?MRiCPPbnShK9j8VZWnM7G2ZsUpQ9iVDPzFUa70fasfoAgI9yj6HVnmiQY/65?= =?us-ascii?Q?oqlVv7lYTjcHvVWWlKxfAgaIiNrE8KZ38o6rkxf4C19Z5u2DP1e+F3LimCXt?= =?us-ascii?Q?TVFQMPIS7vxw7JaDCZity0z0SpohJHhhlTxOhv6ZO/sUDftJ90wL7fbYk13B?= =?us-ascii?Q?KINNH268s3aFtPoKAN+1qv2jZumemyZLFsMITBIHaVPOSeuJbRPCkVW49rkZ?= =?us-ascii?Q?IKdLHaVo2kzyIIje03z4G8shr06ld+51sbOg0whnqzzt+DB7ftG/VNX9EW3N?= =?us-ascii?Q?3powi3H4iEvZZESOPufznSa0tk9DucyXK3kMux1Y/VROlkDknfXySPTqepsS?= =?us-ascii?Q?ZIxAb6V8CMTXfFvcRJ2dg3pEh25K03WHANq/3phIoxOVedifK0kdeRbWWo7X?= =?us-ascii?Q?bvE3gLtas/XYTKY/rNJTLXwHu8+Z4oEFOp8gwLy5t1sJbiJVgKfaIHI9dKD1?= =?us-ascii?Q?C4P18xKX6xnmRIPYBn711GG/jWmhQIRUGtWGUSCvFAUI757QpmmuCxglFzOM?= =?us-ascii?Q?p8VSq6bIVAl+NncBVbwcpjDE/LldYzt0KA=3D?= X-Microsoft-Antispam-Message-Info: /5Y3dxltA0BF0KAyjT3QrWL8pAy0RZLwCDUUQ9VWPB4iAq5m7c4eTvDxgUXYkoeBImqpL8DUwpxgvCwYRKiyKhuQiRmlnuoEaVJK5ZkcxWFgqVXJJ54D6Xb4mPHVHBWx3XSbZuFfeJ1C6Ex09+bybWqa75p0Cb686sHVBBZe8QftTxTVPK1ZKqHw4LPoI+Djp2at8xiFYibrm4fxTI7ofTPFuS+Xt+ZZAAU7SDltoynK/THW+viK42/NfwAtwpvb6WpNGTSkE9itkJU18yT3LXWGcKU3AmgIOfBoQsiOlZLnDy8bPb7DbQ0YaLXrhwuWkIQdUY+o/G5GgqAwya28hQ6PlVi4QJfRRZPze9byyvyzEXTP+6GWX9vzeqVbPYepESVnSu/Zqo3W+RC/5hHmxw== X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3178; 6:YUHyrN+q8b/ln5mwtSrsS//IV3YurONnpPXIdAuLIGtXs2QcRmsMGdNjiErCdg+9fIRnPdOV4a0DfTeO3iO/xpf0UZ6aldLlKxVYxzS6mtwg5zee4y2nzXA4G8Xs3CG4id1nZzXvrAu35HkbBgVnUBP8kBEhwThfJmfpcYK1ainHCwp1n7AA23mxO/YFabUKphn6hcAl9BUxuhTYZXJdBjjOpI8OpEVXChEqaDJh4R5mjbyQhnFb/MbKbVIwXDdbObk6re5qxGRYHCLa3jcMirQGxMDxbC2+sN670yTHGKp6ZCf4H0p7w6UDI/yl4yXXP0orabF3SHRp5ySLL9cY2uxT37wB3jJs3VVSXKUhiWhoUPsK/g3ZqQSbQMkDrzEyVFFm5ZlPysVl8grbOAm31ZfBchiLjjn8IC/2EOydSVJaai/dKYrr+k+NlSm2b5VMIADKlZZUDKo7TTBMzBSh1A==; 5:FFqWxChyYhlVsCy8IQ0nadEDGKriqbq9diqy2nQQA3eP5ShRxbOIRw95iKxkhWG0que5XtXl+VTrL7NDa0XVFpQV2J3qPYBGOyl3d8TrOP1+8srzVlL71B+2XIZrS3rJAfzlRSahwHBZWSO1PbUdUwNVYcQrf1hVwoTb1Y9Mq4M=; 24:cRmqhVjN91RhfNNRCOZmIf79m8VbKxBzYnmJIat7yZxKlNt98dv9Zf868tCqXvK1lc8BhUjz+ezRJnB1/O/L00eJ2i6vnswvb1uQeK0D4os= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3178; 7:yY2Ir61B3vYaT/yxSQN4kSLyFws7UgUDrwzQFTz4YXWWparGL6flzsHAoOhni95Cka3Ss7ESvqhrFkUuUCOr5VIZw/k29LwssqpnkTm6Z/kTD6yY/Gwc47s7y5fPhg+BaN9PXZvi7ni1l9igPgRL4WS/nRrYf2RtXkx8h4Z3CFyJ+UFHz++K50E8t91bUhecSrtQRuHKgzdQtS3h8YKnR7E/C2otndd4F058xulwVfBdT6NOL14KMBFswkspNoE8 X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2018 18:15:35.5382 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7455ed38-127c-4672-9f55-08d5e82376cc X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.13]; Helo=[P-EXFEND-EQX-02.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3178 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-12_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=866 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807120191 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2018 18:15:41 -0000 Simon J. Gerraty wrote: > I've been working on tweaks to libve to make it suitable for use for a > new loader that can verify the manifest signatures. FYI this is done, and initial testing completed. The manifest parser/lexer are derrived from the one in Junos. The version of mac_veriexec in tree does not yet support storing maclabels so the veriexec util has some ifdef's to deal with that (same as Junos where we have to worry during upgrade about all combinations of new kernel/old util and vice versa.) I deally I'd like to see mac_veriexec up to date, so we can avoid all those ifdef's. Since it relies on the trust store and verification stuff in libve (D16155) I'm not sure there's any point posting diffs until we close on that, and in the meantime steve may find enough time to update mac_veriexec, though as I mentioned before work has an anoying habbit of getting in the way. A follow-on effort might be to allow libve to use either BearSSL (needed for loader due to size), or OpenSSL. --sjg