linux_dsm_epyc7002/net/wireless/Kconfig
Johannes Berg 90a53e4432 cfg80211: implement regdb signature checking
Currently CRDA implements the signature checking, and the previous
commits added the ability to load the whole regulatory database
into the kernel.

However, we really can't lose the signature checking, so implement
it in the kernel by loading a detached signature (regulatory.db.p7s)
and check it against built-in keys.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-10-11 14:24:24 +02:00

227 lines
7.2 KiB
Plaintext

config WIRELESS_EXT
bool
config WEXT_CORE
def_bool y
depends on CFG80211_WEXT || WIRELESS_EXT
config WEXT_PROC
def_bool y
depends on PROC_FS
depends on WEXT_CORE
config WEXT_SPY
bool
config WEXT_PRIV
bool
config CFG80211
tristate "cfg80211 - wireless configuration API"
depends on RFKILL || !RFKILL
select FW_LOADER
---help---
cfg80211 is the Linux wireless LAN (802.11) configuration API.
Enable this if you have a wireless device.
For more information refer to documentation on the wireless wiki:
http://wireless.kernel.org/en/developers/Documentation/cfg80211
When built as a module it will be called cfg80211.
config NL80211_TESTMODE
bool "nl80211 testmode command"
depends on CFG80211
help
The nl80211 testmode command helps implementing things like
factory calibration or validation tools for wireless chips.
Select this option ONLY for kernels that are specifically
built for such purposes.
Debugging tools that are supposed to end up in the hands of
users should better be implemented with debugfs.
Say N.
config CFG80211_DEVELOPER_WARNINGS
bool "enable developer warnings"
depends on CFG80211
default n
help
This option enables some additional warnings that help
cfg80211 developers and driver developers, but beware that
they can also trigger due to races with userspace.
For example, when a driver reports that it was disconnected
from the AP, but the user disconnects manually at the same
time, the warning might trigger spuriously due to races.
Say Y only if you are developing cfg80211 or a driver based
on it (or mac80211).
config CFG80211_CERTIFICATION_ONUS
bool "cfg80211 certification onus"
depends on CFG80211 && EXPERT
default n
---help---
You should disable this option unless you are both capable
and willing to ensure your system will remain regulatory
compliant with the features available under this option.
Some options may still be under heavy development and
for whatever reason regulatory compliance has not or
cannot yet be verified. Regulatory verification may at
times only be possible until you have the final system
in place.
This option should only be enabled by system integrators
or distributions that have done work necessary to ensure
regulatory certification on the system with the enabled
features. Alternatively you can enable this option if
you are a wireless researcher and are working in a controlled
and approved environment by your local regulatory agency.
config CFG80211_REQUIRE_SIGNED_REGDB
bool "require regdb signature" if CFG80211_CERTIFICATION_ONUS
default y
select SYSTEM_DATA_VERIFICATION
help
Require that in addition to the "regulatory.db" file a
"regulatory.db.p7s" can be loaded with a valid PKCS#7
signature for the regulatory.db file made by one of the
keys in the certs/ directory.
config CFG80211_USE_KERNEL_REGDB_KEYS
bool "allow regdb keys shipped with the kernel" if CFG80211_CERTIFICATION_ONUS
default y
depends on CFG80211_REQUIRE_SIGNED_REGDB
help
Allow the regulatory database to be signed by one of the keys for
which certificates are part of the kernel sources
(in net/wireless/certs/).
This is currently only Seth Forshee's key, who is the regulatory
database maintainer.
config CFG80211_EXTRA_REGDB_KEYDIR
string "additional regdb key directory" if CFG80211_CERTIFICATION_ONUS
depends on CFG80211_REQUIRE_SIGNED_REGDB
help
If selected, point to a directory with DER-encoded X.509
certificates like in the kernel sources (net/wireless/certs/)
that shall be accepted for a signed regulatory database.
config CFG80211_REG_CELLULAR_HINTS
bool "cfg80211 regulatory support for cellular base station hints"
depends on CFG80211_CERTIFICATION_ONUS
---help---
This option enables support for parsing regulatory hints
from cellular base stations. If enabled and at least one driver
claims support for parsing cellular base station hints the
regulatory core will allow and parse these regulatory hints.
The regulatory core will only apply these regulatory hints on
drivers that support this feature. You should only enable this
feature if you have tested and validated this feature on your
systems.
config CFG80211_REG_RELAX_NO_IR
bool "cfg80211 support for NO_IR relaxation"
depends on CFG80211_CERTIFICATION_ONUS
---help---
This option enables support for relaxation of the NO_IR flag for
situations that certain regulatory bodies have provided clarifications
on how relaxation can occur. This feature has an inherent dependency on
userspace features which must have been properly tested and as such is
not enabled by default.
A relaxation feature example is allowing the operation of a P2P group
owner (GO) on channels marked with NO_IR if there is an additional BSS
interface which associated to an AP which userspace assumes or confirms
to be an authorized master, i.e., with radar detection support and DFS
capabilities. However, note that in order to not create daisy chain
scenarios, this relaxation is not allowed in cases where the BSS client
is associated to P2P GO and in addition the P2P GO instantiated on
a channel due to this relaxation should not allow connection from
non P2P clients.
The regulatory core will apply these relaxations only for drivers that
support this feature by declaring the appropriate channel flags and
capabilities in their registration flow.
config CFG80211_DEFAULT_PS
bool "enable powersave by default"
depends on CFG80211
default y
help
This option enables powersave mode by default.
If this causes your applications to misbehave you should fix your
applications instead -- they need to register their network
latency requirement, see Documentation/power/pm_qos_interface.txt.
config CFG80211_DEBUGFS
bool "cfg80211 DebugFS entries"
depends on CFG80211
depends on DEBUG_FS
---help---
You can enable this if you want debugfs entries for cfg80211.
If unsure, say N.
config CFG80211_CRDA_SUPPORT
bool "support CRDA" if EXPERT
default y
depends on CFG80211
help
You should enable this option unless you know for sure you have no
need for it, for example when using internal regdb (above) or the
database loaded as a firmware file.
If unsure, say Y.
config CFG80211_WEXT
bool "cfg80211 wireless extensions compatibility" if !CFG80211_WEXT_EXPORT
depends on CFG80211
select WEXT_CORE
default y if CFG80211_WEXT_EXPORT
help
Enable this option if you need old userspace for wireless
extensions with cfg80211-based drivers.
config CFG80211_WEXT_EXPORT
bool
depends on CFG80211
help
Drivers should select this option if they require cfg80211's
wext compatibility symbols to be exported.
config LIB80211
tristate
default n
help
This options enables a library of common routines used
by IEEE802.11 wireless LAN drivers.
Drivers should select this themselves if needed.
config LIB80211_CRYPT_WEP
tristate
config LIB80211_CRYPT_CCMP
tristate
config LIB80211_CRYPT_TKIP
tristate
config LIB80211_DEBUG
bool "lib80211 debugging messages"
depends on LIB80211
default n
---help---
You can enable this if you want verbose debugging messages
from lib80211.
If unsure, say N.