Allow root to add signed blacklist keys
configname: CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE
Linux Kernel Configuration
└─>Cryptographic API
└─>Certificates for signature checking
└─>Allow root to add signed blacklist keys
In linux kernel since version 5.2 (release Date: 2019-07-07)
If set, provide the ability to load new blacklist keys at run time if
they are signed and vouched by a certificate from the builtin trusted
keyring. The PKCS#7 signature of the description is set in the key
payload. Blacklist keys cannot be removed.
they are signed and vouched by a certificate from the builtin trusted
keyring. The PKCS#7 signature of the description is set in the key
payload. Blacklist keys cannot be removed.