Lines Matching full:keys
39 Note: Remove all ECDSA signing keys, e.g. certs/signing_key.pem,
78 bool "Provide system-wide ring of trusted keys"
79 depends on KEYS
83 Provide a system keyring to which trusted keys can be added. Keys in
84 the keyring are considered to be trusted. Keys may be added at will
86 userspace may only add extra keys if those keys can be verified by
87 keys already in the keyring.
89 Keys in this keyring are used by module signature checking.
92 string "Additional X.509 keys for default system keyring"
100 NOTE: If you previously provided keys for the system keyring in the
121 bool "Provide a keyring to which extra trustable keys may be added"
124 If set, provide a keyring to which extra keys may be added, provided
125 those keys are not blacklisted and are vouched for by a key built
130 bool "Only allow additional certs signed by keys on the builtin trusted keyring"
133 If set, only certificates signed by keys on the builtin trusted
139 linking code signing keys with imputed trust to the secondary
143 bool "Provide system-wide ring of blacklisted keys"
144 depends on KEYS
146 Provide a system keyring to which blacklisted keys can be added.
147 Keys in the keyring are considered entirely untrusted. Keys in this
181 bool "Allow root to add signed blacklist keys"
185 If set, provide the ability to load new blacklist keys at run time if
188 payload. Blacklist keys cannot be removed.