Lines Matching +full:system +full:- +full:on +full:- +full:module

1 # SPDX-License-Identifier: GPL-2.0
5 	string "File name or PKCS#11 URI of module signing key"
7 	depends on MODULE_SIG
16          certificate as described in Documentation/admin-guide/module-signing.rst
19 	bool "Provide system-wide ring of trusted keys"
20 	depends on KEYS
21 	depends on ASYMMETRIC_KEY_TYPE
23 	  Provide a system keyring to which trusted keys can be added.  Keys in
25 	  by the kernel from compiled-in data and from hardware key stores, but
29 	  Keys in this keyring are used by module signature checking.
32 	string "Additional X.509 keys for default system keyring"
33 	depends on SYSTEM_TRUSTED_KEYRING
35 	  If set, this option should be the filename of a PEM-formatted file
37 	  system keyring. Any certificate used for module signing is implicitly
40 	  NOTE: If you previously provided keys for the system keyring in the
41 	  form of DER-encoded *.x509 files in the top-level build directory,
46 	depends on SYSTEM_TRUSTED_KEYRING
50 	  system keyring without recompiling the kernel.
54 	depends on SYSTEM_EXTRA_CERTIFICATE
62 	depends on SYSTEM_TRUSTED_KEYRING
69 	bool "Provide system-wide ring of blacklisted keys"
70 	depends on KEYS
72 	  Provide a system keyring to which blacklisted keys can be added.
74 	  keyring are used by the module signature checking to reject loading
78 	string "Hashes to be preloaded into the system blacklist keyring"
79 	depends on SYSTEM_BLACKLIST_KEYRING
87 	bool "Provide system-wide ring of revocation certificates"
88 	depends on SYSTEM_BLACKLIST_KEYRING
89 	depends on PKCS7_MESSAGE_PARSER=y
96 	string "X.509 certificates to be preloaded into the system blacklist keyring"
97 	depends on SYSTEM_REVOCATION_LIST
99 	  If set, this option should be the filename of a PEM-formatted file