forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-05-10 23fa18eaa71266feff7ba8d83022d9e1cc83c65a 
 kernel/certs/Kconfig
....@@ -83,4 +83,21 @@
8383 	  wrapper to incorporate the list into the kernel.  Each <hash> should
8484 	  be a string of hex digits.
8585 
86
+config SYSTEM_REVOCATION_LIST
87
+	bool "Provide system-wide ring of revocation certificates"
88
+	depends on SYSTEM_BLACKLIST_KEYRING
89
+	depends on PKCS7_MESSAGE_PARSER=y
90
+	help
91
+	  If set, this allows revocation certificates to be stored in the
92
+	  blacklist keyring and implements a hook whereby a PKCS#7 message can
93
+	  be checked to see if it matches such a certificate.
94
+
95
+config SYSTEM_REVOCATION_KEYS
96
+	string "X.509 certificates to be preloaded into the system blacklist keyring"
97
+	depends on SYSTEM_REVOCATION_LIST
98
+	help
99
+	  If set, this option should be the filename of a PEM-formatted file
100
+	  containing X.509 certificates to be included in the default blacklist
101
+	  keyring.
102
+
86103 endmenu