| Kconfig (e4fc02f24c223ee8d668bf2d39bb8a2dbd61b40e) | Kconfig (cfc411e7fff3e15cd6354ff69773907e2c9d1c0c) |
|---|---|
| 1config ARCH 2 string 3 option env="ARCH" 4 5config KERNELVERSION 6 string 7 option env="KERNELVERSION" 8 --- 1726 unchanged lines hidden (view full) --- 1735 1736 Because of the obvious security issues, this option should only be 1737 enabled on embedded devices where you control what is run in 1738 userspace. Since that isn't generally a problem on no-MMU systems, 1739 it is normally safe to say Y here. 1740 1741 See Documentation/nommu-mmap.txt for more information. 1742 | 1config ARCH 2 string 3 option env="ARCH" 4 5config KERNELVERSION 6 string 7 option env="KERNELVERSION" 8 --- 1726 unchanged lines hidden (view full) --- 1735 1736 Because of the obvious security issues, this option should only be 1737 enabled on embedded devices where you control what is run in 1738 userspace. Since that isn't generally a problem on no-MMU systems, 1739 it is normally safe to say Y here. 1740 1741 See Documentation/nommu-mmap.txt for more information. 1742 |
| 1743config SYSTEM_TRUSTED_KEYRING 1744 bool "Provide system-wide ring of trusted keys" 1745 depends on KEYS 1746 help 1747 Provide a system keyring to which trusted keys can be added. Keys in 1748 the keyring are considered to be trusted. Keys may be added at will 1749 by the kernel from compiled-in data and from hardware key stores, but 1750 userspace may only add extra keys if those keys can be verified by 1751 keys already in the keyring. 1752 1753 Keys in this keyring are used by module signature checking. 1754 1755config SYSTEM_TRUSTED_KEYS 1756 string "Additional X.509 keys for default system keyring" 1757 depends on SYSTEM_TRUSTED_KEYRING 1758 help 1759 If set, this option should be the filename of a PEM-formatted file 1760 containing trusted X.509 certificates to be included in the default 1761 system keyring. Any certificate used for module signing is implicitly 1762 also trusted. 1763 1764 NOTE: If you previously provided keys for the system keyring in the 1765 form of DER-encoded *.x509 files in the top-level build directory, 1766 those are no longer used. You will need to set this option instead. 1767 | |
| 1768config SYSTEM_DATA_VERIFICATION 1769 def_bool n 1770 select SYSTEM_TRUSTED_KEYRING 1771 select KEYS 1772 select CRYPTO 1773 select ASYMMETRIC_KEY_TYPE 1774 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 1775 select PUBLIC_KEY_ALGO_RSA --- 184 unchanged lines hidden (view full) --- 1960 string 1961 depends on MODULE_SIG 1962 default "sha1" if MODULE_SIG_SHA1 1963 default "sha224" if MODULE_SIG_SHA224 1964 default "sha256" if MODULE_SIG_SHA256 1965 default "sha384" if MODULE_SIG_SHA384 1966 default "sha512" if MODULE_SIG_SHA512 1967 | 1743config SYSTEM_DATA_VERIFICATION 1744 def_bool n 1745 select SYSTEM_TRUSTED_KEYRING 1746 select KEYS 1747 select CRYPTO 1748 select ASYMMETRIC_KEY_TYPE 1749 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 1750 select PUBLIC_KEY_ALGO_RSA --- 184 unchanged lines hidden (view full) --- 1935 string 1936 depends on MODULE_SIG 1937 default "sha1" if MODULE_SIG_SHA1 1938 default "sha224" if MODULE_SIG_SHA224 1939 default "sha256" if MODULE_SIG_SHA256 1940 default "sha384" if MODULE_SIG_SHA384 1941 default "sha512" if MODULE_SIG_SHA512 1942 |
| 1968config MODULE_SIG_KEY 1969 string "File name or PKCS#11 URI of module signing key" 1970 default "signing_key.pem" 1971 depends on MODULE_SIG 1972 help 1973 Provide the file name of a private key/certificate in PEM format, 1974 or a PKCS#11 URI according to RFC7512. The file should contain, or 1975 the URI should identify, both the certificate and its corresponding 1976 private key. 1977 1978 If this option is unchanged from its default "signing_key.pem", 1979 then the kernel will automatically generate the private key and 1980 certificate as described in Documentation/module-signing.txt 1981 | |
| 1982config MODULE_COMPRESS 1983 bool "Compress modules on installation" 1984 depends on MODULES 1985 help 1986 1987 Compresses kernel modules when 'make modules_install' is run; gzip or 1988 xz depending on "Compression algorithm" below. 1989 --- 76 unchanged lines hidden --- | 1943config MODULE_COMPRESS 1944 bool "Compress modules on installation" 1945 depends on MODULES 1946 help 1947 1948 Compresses kernel modules when 'make modules_install' is run; gzip or 1949 xz depending on "Compression algorithm" below. 1950 --- 76 unchanged lines hidden --- |