Index: sys/security/mac_veriexec_parser/mac_veriexec_parser.c
===================================================================
--- sys/security/mac_veriexec_parser/mac_veriexec_parser.c
+++ sys/security/mac_veriexec_parser/mac_veriexec_parser.c
@@ -65,6 +65,7 @@
 #if MAXFINGERPRINTLEN >= SHA512_DIGEST_LENGTH
 	{"sha512=", SHA512_DIGEST_LENGTH},
 #endif
+	{"no_hash", 0},
 	{NULL, 0}
 };
 
@@ -197,7 +198,8 @@
 			 * Split entry into three parts:
 			 * path, fp_type and digest.
 			 */
-			local_digest[-1] = '\0';
+			if (local_digest[-1] == '=')
+				local_digest[-1] = '\0';
 			*delimiter = '\0';
 			fp_type[-1] = '\0';
 			break;
@@ -331,6 +333,9 @@
 	if (rc != 0)
 		return (rc);
 
+	if (strcmp(fp_type, "no_hash") == 0)
+		return (0);
+
 	rc = hexstring_to_bin(digest);
 	if (rc != 0)
 		return (rc);
@@ -350,8 +355,23 @@
 
 	rc = open_file(path, &nid);
 	NDFREE(&nid, NDF_ONLY_PNBUF);
-	if (rc != 0)
+	if (rc != 0) {
+		if (rc == ENOENT) {
+			strlcat(path, ".gz", sizeof(path));
+			rc = open_file(path, &nid);
+			NDFREE(&nid, NDF_ONLY_PNBUF);
+			if (rc == 0) {
+				/*
+				 * A compressed version of this entry exists.
+				 * These can't be loaded by kldload anyway,
+				 * so just ignore this entry.
+				 */
+				goto out;
+			}
+			rc = ENOENT;
+		}
 		return (rc);
+	}
 
 	rc = VOP_GETATTR(nid.ni_vp, &va, curthread->td_ucred);
 	if (rc != 0)