but you may wish to use a different default here to make a minimal
system more usable with less configuration.
+config VERSION_SIGNATURE
+ string "Arbitrary version signature"
+ help
+ This string will be created in a file, /proc/version_signature. It
+ is useful in determining arbitrary data about your kernel. For instance,
+ if you have several kernels of the same version, but need to keep track
+ of a revision of the same kernel, but not affect it's ability to load
+ compatible modules, this is the easiest way to do that.
+
config SWAP
bool "Support for paging of anonymous memory (swap)"
depends on MMU && BLOCK
comment "Do not forget to sign required modules with scripts/sign-file"
depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+config MODULE_SIG_UEFI
+ bool "Allow modules signed with certs stored in UEFI"
+ depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
+ select EFI_SIGNATURE_LIST_PARSER
+ help
+ This will import certificates stored in UEFI and allow modules
+ signed with those to be loaded. It will also disallow loading
+ of modules stored in the UEFI dbx variable.
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG