diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 17:39:57 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 17:39:57 +0000 |
| commit | dc50eab76b709d68175a358d6e23a5a3890764d3 (patch) | |
| tree | c754d0390db060af0213ff994f0ac310e4cfd6e9 /security/integrity/Kconfig | |
| parent | Adding debian version 6.6.15-2. (diff) | |
| download | linux-dc50eab76b709d68175a358d6e23a5a3890764d3.tar.xz linux-dc50eab76b709d68175a358d6e23a5a3890764d3.zip | |
Merging upstream version 6.7.7.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/integrity/Kconfig')
| -rw-r--r-- | security/integrity/Kconfig | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index b6e074ac02..3c45f4f345 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -34,10 +34,10 @@ config INTEGRITY_ASYMMETRIC_KEYS bool "Enable asymmetric keys support" depends on INTEGRITY_SIGNATURE default n - select ASYMMETRIC_KEY_TYPE - select ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select CRYPTO_RSA - select X509_CERTIFICATE_PARSER + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select CRYPTO_RSA + select X509_CERTIFICATE_PARSER help This option enables digital signature verification using asymmetric keys. @@ -53,14 +53,14 @@ config INTEGRITY_TRUSTED_KEYRING keyring. config INTEGRITY_PLATFORM_KEYRING - bool "Provide keyring for platform/firmware trusted keys" - depends on INTEGRITY_ASYMMETRIC_KEYS - depends on SYSTEM_BLACKLIST_KEYRING - help - Provide a separate, distinct keyring for platform trusted keys, which - the kernel automatically populates during initialization from values - provided by the platform for verifying the kexec'ed kerned image - and, possibly, the initramfs signature. + bool "Provide keyring for platform/firmware trusted keys" + depends on INTEGRITY_ASYMMETRIC_KEYS + depends on SYSTEM_BLACKLIST_KEYRING + help + Provide a separate, distinct keyring for platform trusted keys, which + the kernel automatically populates during initialization from values + provided by the platform for verifying the kexec'ed kerned image + and, possibly, the initramfs signature. config INTEGRITY_MACHINE_KEYRING bool "Provide a keyring to which Machine Owner Keys may be added" @@ -69,10 +69,10 @@ config INTEGRITY_MACHINE_KEYRING depends on SYSTEM_BLACKLIST_KEYRING depends on LOAD_UEFI_KEYS || LOAD_PPC_KEYS help - If set, provide a keyring to which Machine Owner Keys (MOK) may - be added. This keyring shall contain just MOK keys. Unlike keys - in the platform keyring, keys contained in the .machine keyring will - be trusted within the kernel. + If set, provide a keyring to which Machine Owner Keys (MOK) may + be added. This keyring shall contain just MOK keys. Unlike keys + in the platform keyring, keys contained in the .machine keyring will + be trusted within the kernel. config INTEGRITY_CA_MACHINE_KEYRING bool "Enforce Machine Keyring CA Restrictions" @@ -97,14 +97,14 @@ config INTEGRITY_CA_MACHINE_KEYRING_MAX .platform keyring. config LOAD_UEFI_KEYS - depends on INTEGRITY_PLATFORM_KEYRING - depends on EFI - def_bool y + depends on INTEGRITY_PLATFORM_KEYRING + depends on EFI + def_bool y config LOAD_IPL_KEYS - depends on INTEGRITY_PLATFORM_KEYRING - depends on S390 - def_bool y + depends on INTEGRITY_PLATFORM_KEYRING + depends on S390 + def_bool y config LOAD_PPC_KEYS bool "Enable loading of platform and blacklisted keys for POWER" |