mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-21 03:33:59 +08:00
432434c9f8
To meet some users' needs, add optional support for having fs-verity handle a portion of the authentication policy in the kernel. An ".fs-verity" keyring is created to which X.509 certificates can be added; then a sysctl 'fs.verity.require_signatures' can be set to cause the kernel to enforce that all fs-verity files contain a signature of their file measurement by a key in this keyring. See the "Built-in signature verification" section of Documentation/filesystems/fsverity.rst for the full documentation. Reviewed-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Eric Biggers <ebiggers@google.com>
11 lines
216 B
Makefile
11 lines
216 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
obj-$(CONFIG_FS_VERITY) += enable.o \
|
|
hash_algs.o \
|
|
init.o \
|
|
measure.o \
|
|
open.o \
|
|
verify.o
|
|
|
|
obj-$(CONFIG_FS_VERITY_BUILTIN_SIGNATURES) += signature.o
|