Merge branch 'akpm' (second patchbomb from Andrew Morton)

[deliverable/linux.git] / arch / x86 / Kconfig

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index c915cc6e40be0e47f1b3f68c4ba8ff8405256a5b..4aafd322e21e273e902870f2cdcbcc6cd0937d36 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1582,6 +1582,9 @@ source kernel/Kconfig.hz
 
 config KEXEC
        bool "kexec system call"
+       select BUILD_BIN2C
+       select CRYPTO
+       select CRYPTO_SHA256
        ---help---
          kexec is a system call that implements the ability to shutdown your
          current kernel, and to start another kernel.  It is like a reboot
@@ -1596,6 +1599,28 @@ config KEXEC
          interface is strongly in flux, so no good recommendation can be
          made.
 
+config KEXEC_VERIFY_SIG
+       bool "Verify kernel signature during kexec_file_load() syscall"
+       depends on KEXEC
+       ---help---
+         This option makes kernel signature verification mandatory for
+         kexec_file_load() syscall. If kernel is signature can not be
+         verified, kexec_file_load() will fail.
+
+         This option enforces signature verification at generic level.
+         One needs to enable signature verification for type of kernel
+         image being loaded to make sure it works. For example, enable
+         bzImage signature verification option to be able to load and
+         verify signatures of bzImage. Otherwise kernel loading will fail.
+
+config KEXEC_BZIMAGE_VERIFY_SIG
+       bool "Enable bzImage signature verification support"
+       depends on KEXEC_VERIFY_SIG
+       depends on SIGNED_PE_FILE_VERIFICATION
+       select SYSTEM_TRUSTED_KEYRING
+       ---help---
+         Enable bzImage signature verification support.
+
 config CRASH_DUMP
        bool "kernel crash dumps"
        depends on X86_64 || (X86_32 && HIGHMEM)