Allow root to add signed blacklist keys

configname: CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE

Linux Kernel Configuration
└─>Cryptographic API
└─>Certificates for signature checking
└─>Allow root to add signed blacklist keys
In linux kernel since version 5.2 (release Date: 2019-07-07)  
If set, provide the ability to load new blacklist keys at run time if
they are signed and vouched by a certificate from the builtin trusted
keyring. The PKCS#7 signature of the description is set in the key
payload. Blacklist keys cannot be removed.

depends
CONFIG_CRYPTO
CONFIG_SYSTEM_BLACKLIST_KEYRING
CONFIG_SYSTEM_DATA_VERIFICATION