diff options
| author | David Howells <dhowells@redhat.com> | 2013-08-30 16:07:30 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2013-09-25 17:17:01 +0100 |
| commit | b56e5a17b6b9acd16997960504b9940d0d7984e7 (patch) | |
| tree | 3041aadaf0eb3e79c0a5d1e7f9715489340f868a /init/Kconfig | |
| parent | 0fbd39cf7ffe3b6a787b66b672d21b84e4675352 (diff) | |
| download | linux-b56e5a17b6b9acd16997960504b9940d0d7984e7.tar.gz | |
KEYS: Separate the kernel signature checking keyring from module signing
Separate the kernel signature checking keyring from module signing so that it can be used by code other than the module-signing code. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'init/Kconfig')
| -rw-r--r-- | init/Kconfig | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 3ecd8a1178f1..0ff5407a8378 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1668,6 +1668,18 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL +config SYSTEM_TRUSTED_KEYRING + bool "Provide system-wide ring of trusted keys" + depends on KEYS + help + Provide a system keyring to which trusted keys can be added. Keys in + the keyring are considered to be trusted. Keys may be added at will + by the kernel from compiled-in data and from hardware key stores, but + userspace may only add extra keys if those keys can be verified by + keys already in the keyring. + + Keys in this keyring are used by module signature checking. + menuconfig MODULES bool "Enable loadable module support" option modules @@ -1741,6 +1753,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES + select SYSTEM_TRUSTED_KEYRING select KEYS select CRYPTO select ASYMMETRIC_KEY_TYPE |