module-signing.txt - OpenGrok cross reference for /linux-4.4.14/Documentation/module-signing.txt

Lines Matching refs:be
33 standard (though it is pluggable and permits others to be used).  The possible
34 hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
49  (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)
56      be marked as being tainted, and the concerned modules will be marked as
60      signature that can be verified by a public key in the kernel's possession
61      will be loaded.  All other modules will generate an error.
64      cannot be parsed, it will be rejected out of hand.
69      If this is on then modules will be automatically signed during the
71      be signed manually using:
76  (3) "Which hash algorithm should modules be signed with?"
87      The algorithm selected here will also be built into the kernel (rather
96      and allow the kernel modules to be signed with a key of your choosing.
104      PKCS#11 token requries a PIN, this can be provided at build time by
110      This option can be set to the filename of a PEM-encoded file containing
111      additional certificates which will be included in the system keyring by
125 it can be deleted or stored securely.  The public key gets built into the
126 kernel so that it can be used to check the signatures as the modules are
135 during the building of vmlinux (the public part of the key needs to be built
145 should be altered from the default:
152 The generated RSA key size can also be set with:
167 The full pathname for the resulting kernel_key.pem file can then be specified
169 be used instead of an autogenerated keypair.
176 The kernel contains a ring of public keys that can be viewed by root.  They're
177 in a keyring called ".system_keyring" that can be seen by:
186 trusted certificates can be provided in a PEM-encoded file referenced by the
200 Note, however, that the kernel will only permit keys to be added to
215 	4.  The kernel module to be signed
224 kernel or can be loaded without requiring itself.
226 If the private key requires a passphrase or PIN, it can be provided in the
239 container.  Thus they MAY NOT be stripped once the signature is computed and
261 a signature mismatch will not be permitted to load.
263 Any module that has an unparseable signature will be rejected.
272 private key must be either destroyed or moved to a secure location and not kept