From c5576c85c92c464ff3aa53f680ce18d8b51f60ab Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Fri, 19 Apr 2019 17:27:39 +0300
Subject: Add plugin signature verification policies

---
 lib/pluginloader/Kconfig | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 lib/pluginloader/Kconfig

(limited to 'lib/pluginloader/Kconfig')

diff --git a/lib/pluginloader/Kconfig b/lib/pluginloader/Kconfig
new file mode 100644
index 0000000..28a3b73
--- /dev/null
+++ b/lib/pluginloader/Kconfig
@@ -0,0 +1,26 @@
+config USEPLUGINS
+    bool "Enable plugins"
+    default y
+
+menu "Plugin Settings"
+    depends on USEPLUGINS
+
+    choice PLUGIN_SIGNATURE_CHECK
+        bool "Plugin Signature enforcement"
+        default PLUGIN_SIGNATURE_CHECKED
+
+        config PLUGIN_SIGNATURE_IGNORED
+            bool "Don't check plugin signatures"
+
+        config PLUGIN_SIGNATURE_CHECKED
+            bool "Don't load plugins with invalid signatures"
+
+        config PLUGIN_SIGNATURE_ENFORCED
+            bool "Only load plugins with valid signatures"
+
+    endchoice
+
+    config PLUGIN_SIGNATURE_HASH
+        string "Hashing algorithm used by the signature"
+        default "SHA256"
+endmenu
-- 
cgit v1.2.1