summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2015-07-20 21:16:29 +0100
committerDavid Howells <dhowells@redhat.com>2015-08-07 16:26:14 +0100
commit19e91b69d77bab16405cc284b451378e89a4110c (patch)
tree5f4d0904c0b1b98ef728bde634240ec4678fca22 /init
parent6e3e281f39af78bd680b82d9762bf6c4f8f3f5f4 (diff)
modsign: Allow external signing key to be specified
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig14
1 files changed, 14 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 14b3d8422502..1b1148e9181b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1948,6 +1948,20 @@ config MODULE_SIG_HASH
default "sha384" if MODULE_SIG_SHA384
default "sha512" if MODULE_SIG_SHA512
+config MODULE_SIG_KEY
+ string "File name or PKCS#11 URI of module signing key"
+ default "signing_key.priv"
+ depends on MODULE_SIG
+ help
+ Provide the file name of a private key in PKCS#8 PEM format, or
+ a PKCS#11 URI according to RFC7512. The corresponding X.509
+ certificate in DER form should be present in signing_key.x509
+ in the top-level build directory.
+
+ If this option is unchanged from its default "signing_key.priv",
+ then the kernel will automatically generate the private key and
+ certificate as described in Documentation/module-signing.txt
+
config MODULE_COMPRESS
bool "Compress modules on installation"
depends on MODULES