diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2015-07-20 21:16:29 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2015-08-07 16:26:14 +0100 |
commit | 19e91b69d77bab16405cc284b451378e89a4110c (patch) | |
tree | 5f4d0904c0b1b98ef728bde634240ec4678fca22 /init | |
parent | 6e3e281f39af78bd680b82d9762bf6c4f8f3f5f4 (diff) | |
download | linux-19e91b69d77bab16405cc284b451378e89a4110c.tar.bz2 |
modsign: Allow external signing key to be specified
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 14b3d8422502..1b1148e9181b 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1948,6 +1948,20 @@ config MODULE_SIG_HASH default "sha384" if MODULE_SIG_SHA384 default "sha512" if MODULE_SIG_SHA512 +config MODULE_SIG_KEY + string "File name or PKCS#11 URI of module signing key" + default "signing_key.priv" + depends on MODULE_SIG + help + Provide the file name of a private key in PKCS#8 PEM format, or + a PKCS#11 URI according to RFC7512. The corresponding X.509 + certificate in DER form should be present in signing_key.x509 + in the top-level build directory. + + If this option is unchanged from its default "signing_key.priv", + then the kernel will automatically generate the private key and + certificate as described in Documentation/module-signing.txt + config MODULE_COMPRESS bool "Compress modules on installation" depends on MODULES |