summaryrefslogtreecommitdiff
path: root/certs/Kconfig
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2016-03-04 11:39:53 +1100
committerJames Morris <james.l.morris@oracle.com>2016-03-04 11:39:53 +1100
commit88a1b564a20e371e6be41b39b85673e9c1959491 (patch)
treef70850f5242470d479711ddb816ac05f47b15642 /certs/Kconfig
parent5804602536649bccc907cbdd7e31b8797bdb6c45 (diff)
parent4e8ae72a75aae285ec5b93518b9680da198afd0d (diff)
downloadlinux-88a1b564a20e371e6be41b39b85673e9c1959491.tar.gz
Merge tag 'keys-next-20160303' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
Diffstat (limited to 'certs/Kconfig')
-rw-r--r--certs/Kconfig16
1 files changed, 16 insertions, 0 deletions
diff --git a/certs/Kconfig b/certs/Kconfig
index b030b9c7ed34..f0f8a4433685 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -39,4 +39,20 @@ config SYSTEM_TRUSTED_KEYS
form of DER-encoded *.x509 files in the top-level build directory,
those are no longer used. You will need to set this option instead.
+config SYSTEM_EXTRA_CERTIFICATE
+ bool "Reserve area for inserting a certificate without recompiling"
+ depends on SYSTEM_TRUSTED_KEYRING
+ help
+ If set, space for an extra certificate will be reserved in the kernel
+ image. This allows introducing a trusted certificate to the default
+ system keyring without recompiling the kernel.
+
+config SYSTEM_EXTRA_CERTIFICATE_SIZE
+ int "Number of bytes to reserve for the extra certificate"
+ depends on SYSTEM_EXTRA_CERTIFICATE
+ default 4096
+ help
+ This is the number of bytes reserved in the kernel image for a
+ certificate to be inserted.
+
endmenu