diff options
author | David Howells <dhowells@redhat.com> | 2015-08-14 15:20:41 +0100 |
---|---|---|
committer | David Woodhouse <David.Woodhouse@intel.com> | 2015-08-14 16:06:13 +0100 |
commit | cfc411e7fff3e15cd6354ff69773907e2c9d1c0c (patch) | |
tree | c67e679c1c2bbe4a657ce58d60e995c63535952b /init | |
parent | 0e38c35815f50e5a347977d76fb5eb4c3bf020b5 (diff) | |
download | lwn-cfc411e7fff3e15cd6354ff69773907e2c9d1c0c.tar.gz lwn-cfc411e7fff3e15cd6354ff69773907e2c9d1c0c.zip |
Move certificate handling to its own directory
Move certificate handling out of the kernel/ directory and into a certs/
directory to get all the weird stuff in one place and move the generated
signing keys into this directory.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/init/Kconfig b/init/Kconfig index 5d1a703663ad..5526dfaac628 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1740,31 +1740,6 @@ config MMAP_ALLOW_UNINITIALIZED See Documentation/nommu-mmap.txt for more information. -config SYSTEM_TRUSTED_KEYRING - bool "Provide system-wide ring of trusted keys" - depends on KEYS - help - Provide a system keyring to which trusted keys can be added. Keys in - the keyring are considered to be trusted. Keys may be added at will - by the kernel from compiled-in data and from hardware key stores, but - userspace may only add extra keys if those keys can be verified by - keys already in the keyring. - - Keys in this keyring are used by module signature checking. - -config SYSTEM_TRUSTED_KEYS - string "Additional X.509 keys for default system keyring" - depends on SYSTEM_TRUSTED_KEYRING - help - If set, this option should be the filename of a PEM-formatted file - containing trusted X.509 certificates to be included in the default - system keyring. Any certificate used for module signing is implicitly - also trusted. - - NOTE: If you previously provided keys for the system keyring in the - form of DER-encoded *.x509 files in the top-level build directory, - those are no longer used. You will need to set this option instead. - config SYSTEM_DATA_VERIFICATION def_bool n select SYSTEM_TRUSTED_KEYRING @@ -1965,20 +1940,6 @@ config MODULE_SIG_HASH default "sha384" if MODULE_SIG_SHA384 default "sha512" if MODULE_SIG_SHA512 -config MODULE_SIG_KEY - string "File name or PKCS#11 URI of module signing key" - default "signing_key.pem" - depends on MODULE_SIG - help - Provide the file name of a private key/certificate in PEM format, - or a PKCS#11 URI according to RFC7512. The file should contain, or - the URI should identify, both the certificate and its corresponding - private key. - - If this option is unchanged from its default "signing_key.pem", - then the kernel will automatically generate the private key and - certificate as described in Documentation/module-signing.txt - config MODULE_COMPRESS bool "Compress modules on installation" depends on MODULES |