Merge branch 'master' into for-next

[~andy/linux] / init / Kconfig

diff --git a/init/Kconfig b/init/Kconfig
index 296dfcaf613fcc5daa618f263ebd5435028f0cb4..12d61f82e5f7eb0c345d9d53326eaa8f73b51f82 100644 (file)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -532,7 +532,7 @@ config CONTEXT_TRACKING_FORCE
          dynticks subsystem by forcing the context tracking on all
          CPUs in the system.
 
-         Say Y only if you're working on the developpement of an
+         Say Y only if you're working on the development of an
          architecture backend for the context tracking.
 
          Say N otherwise, this option brings an overhead that you
@@ -1655,6 +1655,18 @@ config BASE_SMALL
        default 0 if BASE_FULL
        default 1 if !BASE_FULL
 
+config SYSTEM_TRUSTED_KEYRING
+       bool "Provide system-wide ring of trusted keys"
+       depends on KEYS
+       help
+         Provide a system keyring to which trusted keys can be added.  Keys in
+         the keyring are considered to be trusted.  Keys may be added at will
+         by the kernel from compiled-in data and from hardware key stores, but
+         userspace may only add extra keys if those keys can be verified by
+         keys already in the keyring.
+
+         Keys in this keyring are used by module signature checking.
+
 menuconfig MODULES
        bool "Enable loadable module support"
        option modules
@@ -1728,6 +1740,7 @@ config MODULE_SRCVERSION_ALL
 config MODULE_SIG
        bool "Module signature verification"
        depends on MODULES
+       select SYSTEM_TRUSTED_KEYRING
        select KEYS
        select CRYPTO
        select ASYMMETRIC_KEY_TYPE