Lines Matching +full:system +full:- +full:on +full:- +full:module
1 # SPDX-License-Identifier: GPL-2.0
5 string "File name or PKCS#11 URI of module signing key"
7 depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
16 certificate as described in Documentation/admin-guide/module-signing.rst
19 prompt "Type of module signing key to be generated"
20 depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
22 The type of module signing key type to generate. This option
28 Use an RSA key for module signing.
33 depends on !(MODULE_SIG_SHA256 || MODULE_SIG_SHA3_256)
35 Use an elliptic curve key (NIST P384) for module signing. Use
45 bool "Provide system-wide ring of trusted keys"
46 depends on KEYS
47 depends on ASYMMETRIC_KEY_TYPE
48 depends on X509_CERTIFICATE_PARSER = y
50 Provide a system keyring to which trusted keys can be added. Keys in
52 by the kernel from compiled-in data and from hardware key stores, but
56 Keys in this keyring are used by module signature checking.
59 string "Additional X.509 keys for default system keyring"
60 depends on SYSTEM_TRUSTED_KEYRING
62 If set, this option should be the filename of a PEM-formatted file
64 system keyring. Any certificate used for module signing is implicitly
67 NOTE: If you previously provided keys for the system keyring in the
68 form of DER-encoded *.x509 files in the top-level build directory,
73 depends on SYSTEM_TRUSTED_KEYRING
77 system keyring without recompiling the kernel.
81 depends on SYSTEM_EXTRA_CERTIFICATE
89 depends on SYSTEM_TRUSTED_KEYRING
97 bool "Only allow additional certs signed by keys on the builtin trusted keyring"
98 depends on SECONDARY_TRUSTED_KEYRING
100 If set, only certificates signed by keys on the builtin trusted
110 bool "Provide system-wide ring of blacklisted keys"
111 depends on KEYS
113 Provide a system keyring to which blacklisted keys can be added.
115 keyring are used by the module signature checking to reject loading
119 string "Hashes to be preloaded into the system blacklist keyring"
120 depends on SYSTEM_BLACKLIST_KEYRING
128 tools/certs/print-cert-tbs-hash.sh .
131 bool "Provide system-wide ring of revocation certificates"
132 depends on SYSTEM_BLACKLIST_KEYRING
133 depends on PKCS7_MESSAGE_PARSER=y
140 string "X.509 certificates to be preloaded into the system blacklist keyring"
141 depends on SYSTEM_REVOCATION_LIST
143 If set, this option should be the filename of a PEM-formatted file
149 depends on SYSTEM_BLACKLIST_KEYRING
150 depends on SYSTEM_DATA_VERIFICATION