051dbb918c
This patch implements RSA digital signature verification using GnuPG library. The format of the signature and the public key is defined by their respective headers. The signature header contains version information, algorithm, and keyid, which was used to generate the signature. The key header contains version and algorythim type. The payload of the signature and the key are multi-precision integers. The signing and key management utilities evm-utils provide functionality to generate signatures and load keys into the kernel keyring. When the key is added to the kernel keyring, the keyid defines the name of the key. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Acked-by: Mimi Zohar <zohar@us.ibm.com>
305 lines
6.9 KiB
Plaintext
305 lines
6.9 KiB
Plaintext
#
|
|
# Library configuration
|
|
#
|
|
|
|
config BINARY_PRINTF
|
|
def_bool n
|
|
|
|
menu "Library routines"
|
|
|
|
config RAID6_PQ
|
|
tristate
|
|
|
|
config BITREVERSE
|
|
tristate
|
|
|
|
config RATIONAL
|
|
boolean
|
|
|
|
config GENERIC_FIND_FIRST_BIT
|
|
bool
|
|
|
|
config CRC_CCITT
|
|
tristate "CRC-CCITT functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC-CCITT functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC-CCITT
|
|
functions require M here.
|
|
|
|
config CRC16
|
|
tristate "CRC16 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC16 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC16
|
|
functions require M here.
|
|
|
|
config CRC_T10DIF
|
|
tristate "CRC calculation for the T10 Data Integrity Field"
|
|
help
|
|
This option is only needed if a module that's not in the
|
|
kernel tree needs to calculate CRC checks for use with the
|
|
SCSI data integrity subsystem.
|
|
|
|
config CRC_ITU_T
|
|
tristate "CRC ITU-T V.41 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC ITU-T V.41 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC ITU-T V.41
|
|
functions require M here.
|
|
|
|
config CRC32
|
|
tristate "CRC32 functions"
|
|
default y
|
|
select BITREVERSE
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC32 functions, but a module built outside the
|
|
kernel tree does. Such modules that use library CRC32 functions
|
|
require M here.
|
|
|
|
config CRC7
|
|
tristate "CRC7 functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC7 functions, but a module built outside
|
|
the kernel tree does. Such modules that use library CRC7
|
|
functions require M here.
|
|
|
|
config LIBCRC32C
|
|
tristate "CRC32c (Castagnoli, et al) Cyclic Redundancy-Check"
|
|
select CRYPTO
|
|
select CRYPTO_CRC32C
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require CRC32c functions, but a module built outside the
|
|
kernel tree does. Such modules that use library CRC32c functions
|
|
require M here. See Castagnoli93.
|
|
Module will be libcrc32c.
|
|
|
|
config CRC8
|
|
tristate "CRC8 function"
|
|
help
|
|
This option provides CRC8 function. Drivers may select this
|
|
when they need to do cyclic redundancy check according CRC8
|
|
algorithm. Module will be called crc8.
|
|
|
|
config AUDIT_GENERIC
|
|
bool
|
|
depends on AUDIT && !AUDIT_ARCH
|
|
default y
|
|
|
|
#
|
|
# compression support is select'ed if needed
|
|
#
|
|
config ZLIB_INFLATE
|
|
tristate
|
|
|
|
config ZLIB_DEFLATE
|
|
tristate
|
|
|
|
config LZO_COMPRESS
|
|
tristate
|
|
|
|
config LZO_DECOMPRESS
|
|
tristate
|
|
|
|
source "lib/xz/Kconfig"
|
|
|
|
#
|
|
# These all provide a common interface (hence the apparent duplication with
|
|
# ZLIB_INFLATE; DECOMPRESS_GZIP is just a wrapper.)
|
|
#
|
|
config DECOMPRESS_GZIP
|
|
select ZLIB_INFLATE
|
|
tristate
|
|
|
|
config DECOMPRESS_BZIP2
|
|
tristate
|
|
|
|
config DECOMPRESS_LZMA
|
|
tristate
|
|
|
|
config DECOMPRESS_XZ
|
|
select XZ_DEC
|
|
tristate
|
|
|
|
config DECOMPRESS_LZO
|
|
select LZO_DECOMPRESS
|
|
tristate
|
|
|
|
#
|
|
# Generic allocator support is selected if needed
|
|
#
|
|
config GENERIC_ALLOCATOR
|
|
boolean
|
|
|
|
#
|
|
# reed solomon support is select'ed if needed
|
|
#
|
|
config REED_SOLOMON
|
|
tristate
|
|
|
|
config REED_SOLOMON_ENC8
|
|
boolean
|
|
|
|
config REED_SOLOMON_DEC8
|
|
boolean
|
|
|
|
config REED_SOLOMON_ENC16
|
|
boolean
|
|
|
|
config REED_SOLOMON_DEC16
|
|
boolean
|
|
|
|
#
|
|
# BCH support is selected if needed
|
|
#
|
|
config BCH
|
|
tristate
|
|
|
|
config BCH_CONST_PARAMS
|
|
boolean
|
|
help
|
|
Drivers may select this option to force specific constant
|
|
values for parameters 'm' (Galois field order) and 't'
|
|
(error correction capability). Those specific values must
|
|
be set by declaring default values for symbols BCH_CONST_M
|
|
and BCH_CONST_T.
|
|
Doing so will enable extra compiler optimizations,
|
|
improving encoding and decoding performance up to 2x for
|
|
usual (m,t) values (typically such that m*t < 200).
|
|
When this option is selected, the BCH library supports
|
|
only a single (m,t) configuration. This is mainly useful
|
|
for NAND flash board drivers requiring known, fixed BCH
|
|
parameters.
|
|
|
|
config BCH_CONST_M
|
|
int
|
|
range 5 15
|
|
help
|
|
Constant value for Galois field order 'm'. If 'k' is the
|
|
number of data bits to protect, 'm' should be chosen such
|
|
that (k + m*t) <= 2**m - 1.
|
|
Drivers should declare a default value for this symbol if
|
|
they select option BCH_CONST_PARAMS.
|
|
|
|
config BCH_CONST_T
|
|
int
|
|
help
|
|
Constant value for error correction capability in bits 't'.
|
|
Drivers should declare a default value for this symbol if
|
|
they select option BCH_CONST_PARAMS.
|
|
|
|
#
|
|
# Textsearch support is select'ed if needed
|
|
#
|
|
config TEXTSEARCH
|
|
boolean
|
|
|
|
config TEXTSEARCH_KMP
|
|
tristate
|
|
|
|
config TEXTSEARCH_BM
|
|
tristate
|
|
|
|
config TEXTSEARCH_FSM
|
|
tristate
|
|
|
|
config BTREE
|
|
boolean
|
|
|
|
config HAS_IOMEM
|
|
boolean
|
|
depends on !NO_IOMEM
|
|
default y
|
|
|
|
config HAS_IOPORT
|
|
boolean
|
|
depends on HAS_IOMEM && !NO_IOPORT
|
|
default y
|
|
|
|
config HAS_DMA
|
|
boolean
|
|
depends on !NO_DMA
|
|
default y
|
|
|
|
config CHECK_SIGNATURE
|
|
bool
|
|
|
|
config CPUMASK_OFFSTACK
|
|
bool "Force CPU masks off stack" if DEBUG_PER_CPU_MAPS
|
|
help
|
|
Use dynamic allocation for cpumask_var_t, instead of putting
|
|
them on the stack. This is a bit more expensive, but avoids
|
|
stack overflow.
|
|
|
|
config DISABLE_OBSOLETE_CPUMASK_FUNCTIONS
|
|
bool "Disable obsolete cpumask functions" if DEBUG_PER_CPU_MAPS
|
|
depends on EXPERIMENTAL && BROKEN
|
|
|
|
config CPU_RMAP
|
|
bool
|
|
depends on SMP
|
|
|
|
#
|
|
# Netlink attribute parsing support is select'ed if needed
|
|
#
|
|
config NLATTR
|
|
bool
|
|
|
|
#
|
|
# Generic 64-bit atomic support is selected if needed
|
|
#
|
|
config GENERIC_ATOMIC64
|
|
bool
|
|
|
|
config LRU_CACHE
|
|
tristate
|
|
|
|
config AVERAGE
|
|
bool "Averaging functions"
|
|
help
|
|
This option is provided for the case where no in-kernel-tree
|
|
modules require averaging functions, but a module built outside
|
|
the kernel tree does. Such modules that use library averaging
|
|
functions require Y here.
|
|
|
|
If unsure, say N.
|
|
|
|
config CORDIC
|
|
tristate "Cordic function"
|
|
help
|
|
The option provides arithmetic function using cordic algorithm
|
|
so its calculations are in fixed point. Modules can select this
|
|
when they require this function. Module will be called cordic.
|
|
|
|
config MPILIB
|
|
tristate "Multiprecision maths library"
|
|
help
|
|
Multiprecision maths library from GnuPG.
|
|
It is used to implement RSA digital signature verification,
|
|
which is used by IMA/EVM digital signature extension.
|
|
|
|
config MPILIB_EXTRA
|
|
bool "Multiprecision maths library - additional sources"
|
|
depends on MPILIB
|
|
help
|
|
Multiprecision maths library from GnuPG.
|
|
It is used to implement RSA digital signature verification,
|
|
which is used by IMA/EVM digital signature extension.
|
|
This code in unnecessary for RSA digital signature verification,
|
|
and can be compiled if needed.
|
|
|
|
config DIGSIG
|
|
tristate "In-kernel signature checker"
|
|
depends on CRYPTO
|
|
select MPILIB
|
|
help
|
|
Digital signature verification. Currently only RSA is supported.
|
|
Implementation is done using GnuPG MPI library
|
|
|
|
endmenu
|