Index: stand/ficl.mk
===================================================================
--- stand/ficl.mk
+++ stand/ficl.mk
@@ -16,3 +16,7 @@
 
 CFLAGS+=	-I${FICLSRC} -I${FICLSRC}/${FICL_CPUARCH} -I${LDRSRC}
 CFLAGS+=	-DBF_DICTSIZE=15000
+
+.if ${MK_LOADER_VERIEXEC} != "no"
+CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h
+.endif
Index: stand/ficl/loader.c
===================================================================
--- stand/ficl/loader.c
+++ stand/ficl/loader.c
@@ -502,6 +502,23 @@
 
     /* open the file */
     fd = open(name, mode);
+#ifdef LOADER_VERIEXEC
+    if (fd >= 0) {
+	if (verify_file(fd, name, 0, VE_GUESS) < 0) {
+	    /* not verified writing ok but reading is not */
+	    if ((mode & (O_WRONLY|O_RDWR)) != O_WRONLY) {
+		close(fd);
+		fd = -1;
+	    }
+	} else {
+	    /* verified reading ok but writing is not */
+	    if ((mode & (O_WRONLY|O_RDWR)) != 0) {
+		close(fd);
+		fd = -1;
+	    }
+	}
+    }
+#endif
     free(name);
     stackPushINT(pVM->pStack, fd);
     return;