[redhat] New configs in certs/Kconfig (!2798) · Merge requests · cki-project / kernel-ark

CKI ARK Bot requested to merge configs/os-build/2023-11-03/certs/Kconfig into os-build Nov 03, 2023

Hi,

As part of the ongoing rebase effort, the following configuration options need to be reviewed.

As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.

If the value for a file that is added should be changed, please reply with a better option.

Symbol: SECONDARY_TRUSTED_KEYRING_SIGNED_BY_BUILTIN [=n] Type : bool Defined at certs/Kconfig:96 Prompt: Only allow additional certs signed by keys on the builtin trusted keyring Depends on: CRYPTO [=y] && SECONDARY_TRUSTED_KEYRING [=y] Location: -> Cryptographic API (CRYPTO [=y]) -> Certificates for signature checking -> Provide system-wide ring of trusted keys (SYSTEM_TRUSTED_KEYRING [=y]) -> Provide a keyring to which extra trustable keys may be added (SECONDARY_TRUSTED_KEYRING [=y]) -> Only allow additional certs signed by keys on the builtin trusted keyring (SECONDARY_TRUSTED_KEYRING_SIGNED_BY_BUILTIN [=n])

Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org

[redhat] New configs in certs/Kconfig

Merge request reports