Merge remote-tracking branch 'pekey/devel-pekey'

author: Stephen Rothwell <sfr@canb.auug.org.au> 2013-02-20 13:38:59 +1100
committer: Stephen Rothwell <sfr@canb.auug.org.au> 2013-02-20 13:38:59 +1100
commit: ebb53e194580242a89b6b189690a87079a46119d (patch)
tree: 7d10279a6535e1dcfb0b52fd9e0dd27393102c30 /init
parent: 50ce2b9aea4b198be410824322e5209bd95ae061 (diff)
parent: 736c71ba3288ffb44b52ac59b1b5e3443dc48500 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 59eec5ff6946..0906608a8fae 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1583,6 +1583,18 @@ config BASE_SMALL
 	default 0 if BASE_FULL
 	default 1 if !BASE_FULL
 
+config SYSTEM_TRUSTED_KEYRING
+	bool "Provide system-wide ring of trusted keys"
+	depends on KEYS
+	help
+	  Provide a system keyring to which trusted keys can be added.  Keys in
+	  the keyring are considered to be trusted.  Keys may be added at will
+	  by the kernel from compiled-in data and from hardware key stores, but
+	  userspace may only add extra keys if those keys can be verified by
+	  keys already in the keyring.
+
+	  Keys in this keyring are used by module signature checking.
+
 menuconfig MODULES
 	bool "Enable loadable module support"
 	help
@@ -1655,6 +1667,7 @@ config MODULE_SRCVERSION_ALL
 config MODULE_SIG
 	bool "Module signature verification"
 	depends on MODULES
+	select SYSTEM_TRUSTED_KEYRING
 	select KEYS
 	select CRYPTO
 	select ASYMMETRIC_KEY_TYPE
author	Stephen Rothwell <sfr@canb.auug.org.au>	2013-02-20 13:38:59 +1100
committer	Stephen Rothwell <sfr@canb.auug.org.au>	2013-02-20 13:38:59 +1100
commit	ebb53e194580242a89b6b189690a87079a46119d (patch)
tree	7d10279a6535e1dcfb0b52fd9e0dd27393102c30 /init
parent	50ce2b9aea4b198be410824322e5209bd95ae061 (diff)
parent	736c71ba3288ffb44b52ac59b1b5e3443dc48500 (diff)