Kconfig - OpenGrok cross reference for /kernel/linux/linux-5.10/certs/Kconfig

Lines Matching +full:system +full:- +full:on +full:- +full:module
1 # SPDX-License-Identifier: GPL-2.0
5 	string "File name or PKCS#11 URI of module signing key"
7 	depends on MODULE_SIG
16          certificate as described in Documentation/admin-guide/module-signing.rst
19 	prompt "Type of module signing key to be generated"
22 	 The type of module signing key type to generate. This option
27 	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
29 	 Use an RSA key for module signing.
34 	depends on MODULE_SIG || (IMA_APPRAISE_MODSIG && MODULES)
36 	 Use an elliptic curve key (NIST P384) for module signing. Consider
45 	bool "Provide system-wide ring of trusted keys"
46 	depends on KEYS
47 	depends on ASYMMETRIC_KEY_TYPE
49 	  Provide a system keyring to which trusted keys can be added.  Keys in
51 	  by the kernel from compiled-in data and from hardware key stores, but
55 	  Keys in this keyring are used by module signature checking.
58 	string "Additional X.509 keys for default system keyring"
59 	depends on SYSTEM_TRUSTED_KEYRING
61 	  If set, this option should be the filename of a PEM-formatted file
63 	  system keyring. Any certificate used for module signing is implicitly
66 	  NOTE: If you previously provided keys for the system keyring in the
67 	  form of DER-encoded *.x509 files in the top-level build directory,
72 	depends on SYSTEM_TRUSTED_KEYRING
76 	  system keyring without recompiling the kernel.
80 	depends on SYSTEM_EXTRA_CERTIFICATE
88 	depends on SYSTEM_TRUSTED_KEYRING
95 	bool "Provide system-wide ring of blacklisted keys"
96 	depends on KEYS
98 	  Provide a system keyring to which blacklisted keys can be added.
100 	  keyring are used by the module signature checking to reject loading
104 	string "Hashes to be preloaded into the system blacklist keyring"
105 	depends on SYSTEM_BLACKLIST_KEYRING
113 	bool "Provide system-wide ring of revocation certificates"
114 	depends on SYSTEM_BLACKLIST_KEYRING
115 	depends on PKCS7_MESSAGE_PARSER=y
122 	string "X.509 certificates to be preloaded into the system blacklist keyring"
123 	depends on SYSTEM_REVOCATION_LIST
125 	  If set, this option should be the filename of a PEM-formatted file