projects / linux-2.6-microblaze.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'keys-cve-2020-26541-v3' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux-2.6-microblaze.git] / certs / Kconfig
diff --git a/certs/Kconfig b/certs/Kconfig
index c94e93d..ab88d2a 100644 (file)
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -83,4 +83,21 @@ config SYSTEM_BLACKLIST_HASH_LIST
          wrapper to incorporate the list into the kernel.  Each <hash> should
          be a string of hex digits.
 
+config SYSTEM_REVOCATION_LIST
+       bool "Provide system-wide ring of revocation certificates"
+       depends on SYSTEM_BLACKLIST_KEYRING
+       depends on PKCS7_MESSAGE_PARSER=y
+       help
+         If set, this allows revocation certificates to be stored in the
+         blacklist keyring and implements a hook whereby a PKCS#7 message can
+         be checked to see if it matches such a certificate.
+
+config SYSTEM_REVOCATION_KEYS
+       string "X.509 certificates to be preloaded into the system blacklist keyring"
+       depends on SYSTEM_REVOCATION_LIST
+       help
+         If set, this option should be the filename of a PEM-formatted file
+         containing X.509 certificates to be included in the default blacklist
+         keyring.
+
 endmenu
MicroBlaze GIT Repository