diff options
author | David Howells <dhowells@redhat.com> | 2013-01-15 18:39:54 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2013-01-18 13:54:08 +0000 |
commit | ebe2e946f60e0012c02a27845bdab70e34cc4202 (patch) | |
tree | fececef0102cdee94777781e033f934ba3e9d237 /init | |
parent | ee70863519e4c9558c861bcf5e30c07803c3d4e9 (diff) |
KEYS: Separate the kernel signature checking keyring from module signing
Separate the kernel signature checking keyring from module signing so that it
can be used by code other than the module-signing code.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 7d30240e5bfe..65bcf1264e44 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1568,6 +1568,18 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL +config SYSTEM_TRUSTED_KEYRING + bool "Provide system-wide ring of trusted keys" + depends on KEYS + help + Provide a system keyring to which trusted keys can be added. Keys in + the keyring are considered to be trusted. Keys may be added at will + by the kernel from compiled-in data and from hardware key stores, but + userspace may only add extra keys if those keys can be verified by + keys already in the keyring. + + Keys in this keyring are used by module signature checking. + menuconfig MODULES bool "Enable loadable module support" help @@ -1640,6 +1652,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES + select SYSTEM_TRUSTED_KEYRING select KEYS select CRYPTO select ASYMMETRIC_KEY_TYPE |