Lines Matching +full:system +full:- +full:on +full:- +full:module
1 # SPDX-License-Identifier: GPL-2.0
5 string "File name or PKCS#11 URI of module signing key"
7 depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
16 certificate as described in Documentation/admin-guide/module-signing.rst
19 prompt "Type of module signing key to be generated"
20 depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
22 The type of module signing key type to generate. This option
28 Use an RSA key for module signing.
34 Use an elliptic curve key (NIST P384) for module signing. Consider
43 bool "Provide system-wide ring of trusted keys"
44 depends on KEYS
45 depends on ASYMMETRIC_KEY_TYPE
46 depends on X509_CERTIFICATE_PARSER = y
48 Provide a system keyring to which trusted keys can be added. Keys in
50 by the kernel from compiled-in data and from hardware key stores, but
54 Keys in this keyring are used by module signature checking.
57 string "Additional X.509 keys for default system keyring"
58 depends on SYSTEM_TRUSTED_KEYRING
60 If set, this option should be the filename of a PEM-formatted file
62 system keyring. Any certificate used for module signing is implicitly
65 NOTE: If you previously provided keys for the system keyring in the
66 form of DER-encoded *.x509 files in the top-level build directory,
71 depends on SYSTEM_TRUSTED_KEYRING
75 system keyring without recompiling the kernel.
79 depends on SYSTEM_EXTRA_CERTIFICATE
87 depends on SYSTEM_TRUSTED_KEYRING
94 bool "Provide system-wide ring of blacklisted keys"
95 depends on KEYS
97 Provide a system keyring to which blacklisted keys can be added.
99 keyring are used by the module signature checking to reject loading
103 string "Hashes to be preloaded into the system blacklist keyring"
104 depends on SYSTEM_BLACKLIST_KEYRING
112 tools/certs/print-cert-tbs-hash.sh .
115 bool "Provide system-wide ring of revocation certificates"
116 depends on SYSTEM_BLACKLIST_KEYRING
117 depends on PKCS7_MESSAGE_PARSER=y
124 string "X.509 certificates to be preloaded into the system blacklist keyring"
125 depends on SYSTEM_REVOCATION_LIST
127 If set, this option should be the filename of a PEM-formatted file
133 depends on SYSTEM_BLACKLIST_KEYRING
134 depends on SYSTEM_DATA_VERIFICATION