Lines Matching full:keys
39 Note: Remove all ECDSA signing keys, e.g. certs/signing_key.pem,
45 bool "Provide system-wide ring of trusted keys"
46 depends on KEYS
50 Provide a system keyring to which trusted keys can be added. Keys in
51 the keyring are considered to be trusted. Keys may be added at will
53 userspace may only add extra keys if those keys can be verified by
54 keys already in the keyring.
56 Keys in this keyring are used by module signature checking.
59 string "Additional X.509 keys for default system keyring"
67 NOTE: If you previously provided keys for the system keyring in the
88 bool "Provide a keyring to which extra trustable keys may be added"
91 If set, provide a keyring to which extra keys may be added, provided
92 those keys are not blacklisted and are vouched for by a key built
97 bool "Only allow additional certs signed by keys on the builtin trusted keyring"
100 If set, only certificates signed by keys on the builtin trusted
106 linking code signing keys with imputed trust to the secondary
110 bool "Provide system-wide ring of blacklisted keys"
111 depends on KEYS
113 Provide a system keyring to which blacklisted keys can be added.
114 Keys in the keyring are considered entirely untrusted. Keys in this
148 bool "Allow root to add signed blacklist keys"
152 If set, provide the ability to load new blacklist keys at run time if
155 payload. Blacklist keys cannot be removed.