lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sat, 5 Oct 2019 16:45:25 +0200
From:   klondike <klondike@...ndike.es>
To:     David Howells <dhowells@...hat.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     Vivek Goyal <vgoyal@...hat.com>, keyrings@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH] init: Make SYSTEM_DATA_VERIFICATION a visible symbol

PKCS7_TEST_KEY and SIGNED_PE_FILE_VERIFICATION both depend on
SYSTEM_DATA_VERIFICATION which is non-visibile. As result these symbols
can not be chosen unless another symbol selecting
SYSTEM_DATA_VERIFICATION is already chosen.

Make SYSTEM_DATA_VERIFICATION visible so that PKCS7_TEST_KEY and
SIGNED_PE_FILE_VERIFICATION can be chosen by users when other symbols
selecting SYSTEM_DATA_VERIFICATION are not selected.

Also complete the help section so that this becomes clear to users.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@...ndike.es>
Cc: David Howells <dhowells@...hat.com>
Cc: Vivek Goyal <vgoyal@...hat.com>

diff --git a/init/Kconfig b/init/Kconfig
index b4daad2bac23..6e2efdff8cf7 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1921,7 +1921,8 @@ config MMAP_ALLOW_UNINITIALIZED
See Documentation/nommu-mmap.txt for more information.
config SYSTEM_DATA_VERIFICATION
- def_bool n
+ bool "Support signed data verification"
+ default n
select SYSTEM_TRUSTED_KEYRING
select KEYS
select CRYPTO
@@ -1938,6 +1939,9 @@ config SYSTEM_DATA_VERIFICATION
module verification, kexec image verification and firmware blob
verification.
+ If you want to be able to verify the signatures of images sent to
+ kexec, you must enable this option.
+
config PROFILING
bool "Profiling support"
help

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ