diff options
author | Stephen Rothwell <sfr@canb.auug.org.au> | 2013-02-20 13:38:59 +1100 |
---|---|---|
committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2013-02-20 13:38:59 +1100 |
commit | ebb53e194580242a89b6b189690a87079a46119d (patch) | |
tree | 7d10279a6535e1dcfb0b52fd9e0dd27393102c30 /init | |
parent | 50ce2b9aea4b198be410824322e5209bd95ae061 (diff) | |
parent | 736c71ba3288ffb44b52ac59b1b5e3443dc48500 (diff) |
Merge remote-tracking branch 'pekey/devel-pekey'
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 59eec5ff6946..0906608a8fae 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1583,6 +1583,18 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL +config SYSTEM_TRUSTED_KEYRING + bool "Provide system-wide ring of trusted keys" + depends on KEYS + help + Provide a system keyring to which trusted keys can be added. Keys in + the keyring are considered to be trusted. Keys may be added at will + by the kernel from compiled-in data and from hardware key stores, but + userspace may only add extra keys if those keys can be verified by + keys already in the keyring. + + Keys in this keyring are used by module signature checking. + menuconfig MODULES bool "Enable loadable module support" help @@ -1655,6 +1667,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES + select SYSTEM_TRUSTED_KEYRING select KEYS select CRYPTO select ASYMMETRIC_KEY_TYPE |