diff options
Diffstat (limited to 'init/Kconfig')
| -rw-r--r-- | init/Kconfig | 98 |
1 files changed, 96 insertions, 2 deletions
diff --git a/init/Kconfig b/init/Kconfig index cb003a3c9122..6fdd6e339326 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -496,6 +496,12 @@ config RCU_USER_QS excluded from the global RCU state machine and thus doesn't to keep the timer tick on for RCU. + Unless you want to hack and help the development of the full + tickless feature, you shouldn't enable this option. It adds + unnecessary overhead. + + If unsure say N + config RCU_USER_QS_FORCE bool "Force userspace extended QS by default" depends on RCU_USER_QS @@ -504,6 +510,12 @@ config RCU_USER_QS_FORCE test this feature that treats userspace as an extended quiescent state until we have a real user like a full adaptive nohz option. + Unless you want to hack and help the development of the full + tickless feature, you shouldn't enable this option. It adds + unnecessary overhead. + + If unsure say N + config RCU_FANOUT int "Tree-based hierarchical RCU fanout value" range 2 64 if 64BIT @@ -1125,10 +1137,12 @@ menuconfig EXPERT environments which can tolerate a "non-standard" kernel. Only use this if you really know what you are doing. +config HAVE_UID16 + bool + config UID16 bool "Enable 16-bit UID system calls" if EXPERT - depends on ARM || BLACKFIN || CRIS || FRV || H8300 || X86_32 || M68K || (S390 && !64BIT) || SUPERH || SPARC32 || (SPARC64 && COMPAT) || UML || (X86_64 && IA32_EMULATION) \ - || AARCH32_EMULATION + depends on HAVE_UID16 default y help This enables the legacy 16-bit UID syscall wrappers. @@ -1150,6 +1164,11 @@ config SYSCTL_SYSCALL If unsure say N here. +config SYSCTL_EXCEPTION_TRACE + bool + help + Enable support for /proc/sys/debug/exception-trace. + config KALLSYMS bool "Load all symbols for debugging/ksymoops" if EXPERT default y @@ -1199,6 +1218,7 @@ config BUG Just say Y. config ELF_CORE + depends on COREDUMP default y bool "Enable ELF core dumps" if EXPERT help @@ -1554,6 +1574,66 @@ config MODULE_SRCVERSION_ALL the version). With this option, such a "srcversion" field will be created for all modules. If unsure, say N. +config MODULE_SIG + bool "Module signature verification" + depends on MODULES + select KEYS + select CRYPTO + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select PUBLIC_KEY_ALGO_RSA + select ASN1 + select OID_REGISTRY + select X509_CERTIFICATE_PARSER + help + Check modules for valid signatures upon load: the signature + is simply appended to the module. For more information see + Documentation/module-signing.txt. + + !!!WARNING!!! If you enable this option, you MUST make sure that the + module DOES NOT get stripped after being signed. This includes the + debuginfo strip done by some packagers (such as rpmbuild) and + inclusion into an initramfs that wants the module size reduced. + +config MODULE_SIG_FORCE + bool "Require modules to be validly signed" + depends on MODULE_SIG + help + Reject unsigned modules or signed modules for which we don't have a + key. Without this, such modules will simply taint the kernel. + +choice + prompt "Which hash algorithm should modules be signed with?" + depends on MODULE_SIG + help + This determines which sort of hashing algorithm will be used during + signature generation. This algorithm _must_ be built into the kernel + directly so that signature verification can take place. It is not + possible to load a signed module containing the algorithm to check + the signature on that module. + +config MODULE_SIG_SHA1 + bool "Sign modules with SHA-1" + select CRYPTO_SHA1 + +config MODULE_SIG_SHA224 + bool "Sign modules with SHA-224" + select CRYPTO_SHA256 + +config MODULE_SIG_SHA256 + bool "Sign modules with SHA-256" + select CRYPTO_SHA256 + +config MODULE_SIG_SHA384 + bool "Sign modules with SHA-384" + select CRYPTO_SHA512 + +config MODULE_SIG_SHA512 + bool "Sign modules with SHA-512" + select CRYPTO_SHA512 + +endchoice + endif # MODULES config INIT_ALL_POSSIBLE @@ -1581,4 +1661,18 @@ config PADATA depends on SMP bool +# Can be selected by architectures with broken toolchains +# that get confused by correct const<->read_only section +# mappings +config BROKEN_RODATA + bool + +config ASN1 + tristate + help + Build a simple ASN.1 grammar compiler that produces a bytecode output + that can be interpreted by the ASN.1 stream decoder and used to + inform it as to what tags are to be expected in a stream and what + functions to call on what tags. + source "kernel/Kconfig.locks" |