mirror of
https://github.com/torvalds/linux.git
synced 2024-11-11 14:42:24 +00:00
a788723636
New options introduced by the patch this fixes are still
enabled even if CFG80211 is disabled.
.config:
# CONFIG_CFG80211 is not set
CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y
CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y
# CONFIG_LIB80211 is not set
When CFG80211_REQUIRE_SIGNED_REGDB is enabled, it selects
SYSTEM_DATA_VERIFICATION which selects SYSTEM_TRUSTED_KEYRING
that need extract-cert tool. extract-cert needs some openssl
headers to be installed on the build machine.
Instead of adding missing "depends on CFG80211", it's
easier to use a 'if' block around all options related
to CFG80211, so do that.
Fixes: 90a53e4432
("cfg80211: implement regdb signature checking")
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[touch up commit message a bit]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
231 lines
7.4 KiB
Plaintext
231 lines
7.4 KiB
Plaintext
config WIRELESS_EXT
|
|
bool
|
|
|
|
config WEXT_CORE
|
|
def_bool y
|
|
depends on CFG80211_WEXT || WIRELESS_EXT
|
|
|
|
config WEXT_PROC
|
|
def_bool y
|
|
depends on PROC_FS
|
|
depends on WEXT_CORE
|
|
|
|
config WEXT_SPY
|
|
bool
|
|
|
|
config WEXT_PRIV
|
|
bool
|
|
|
|
config CFG80211
|
|
tristate "cfg80211 - wireless configuration API"
|
|
depends on RFKILL || !RFKILL
|
|
select FW_LOADER
|
|
# may need to update this when certificates are changed and are
|
|
# using a different algorithm, though right now they shouldn't
|
|
# (this is here rather than below to allow it to be a module)
|
|
select CRYPTO_SHA256 if CFG80211_USE_KERNEL_REGDB_KEYS
|
|
---help---
|
|
cfg80211 is the Linux wireless LAN (802.11) configuration API.
|
|
Enable this if you have a wireless device.
|
|
|
|
For more information refer to documentation on the wireless wiki:
|
|
|
|
http://wireless.kernel.org/en/developers/Documentation/cfg80211
|
|
|
|
When built as a module it will be called cfg80211.
|
|
|
|
if CFG80211
|
|
|
|
config NL80211_TESTMODE
|
|
bool "nl80211 testmode command"
|
|
help
|
|
The nl80211 testmode command helps implementing things like
|
|
factory calibration or validation tools for wireless chips.
|
|
|
|
Select this option ONLY for kernels that are specifically
|
|
built for such purposes.
|
|
|
|
Debugging tools that are supposed to end up in the hands of
|
|
users should better be implemented with debugfs.
|
|
|
|
Say N.
|
|
|
|
config CFG80211_DEVELOPER_WARNINGS
|
|
bool "enable developer warnings"
|
|
default n
|
|
help
|
|
This option enables some additional warnings that help
|
|
cfg80211 developers and driver developers, but beware that
|
|
they can also trigger due to races with userspace.
|
|
|
|
For example, when a driver reports that it was disconnected
|
|
from the AP, but the user disconnects manually at the same
|
|
time, the warning might trigger spuriously due to races.
|
|
|
|
Say Y only if you are developing cfg80211 or a driver based
|
|
on it (or mac80211).
|
|
|
|
|
|
config CFG80211_CERTIFICATION_ONUS
|
|
bool "cfg80211 certification onus"
|
|
depends on EXPERT
|
|
default n
|
|
---help---
|
|
You should disable this option unless you are both capable
|
|
and willing to ensure your system will remain regulatory
|
|
compliant with the features available under this option.
|
|
Some options may still be under heavy development and
|
|
for whatever reason regulatory compliance has not or
|
|
cannot yet be verified. Regulatory verification may at
|
|
times only be possible until you have the final system
|
|
in place.
|
|
|
|
This option should only be enabled by system integrators
|
|
or distributions that have done work necessary to ensure
|
|
regulatory certification on the system with the enabled
|
|
features. Alternatively you can enable this option if
|
|
you are a wireless researcher and are working in a controlled
|
|
and approved environment by your local regulatory agency.
|
|
|
|
config CFG80211_REQUIRE_SIGNED_REGDB
|
|
bool "require regdb signature" if CFG80211_CERTIFICATION_ONUS
|
|
default y
|
|
select SYSTEM_DATA_VERIFICATION
|
|
help
|
|
Require that in addition to the "regulatory.db" file a
|
|
"regulatory.db.p7s" can be loaded with a valid PKCS#7
|
|
signature for the regulatory.db file made by one of the
|
|
keys in the certs/ directory.
|
|
|
|
config CFG80211_USE_KERNEL_REGDB_KEYS
|
|
bool "allow regdb keys shipped with the kernel" if CFG80211_CERTIFICATION_ONUS
|
|
default y
|
|
depends on CFG80211_REQUIRE_SIGNED_REGDB
|
|
help
|
|
Allow the regulatory database to be signed by one of the keys for
|
|
which certificates are part of the kernel sources
|
|
(in net/wireless/certs/).
|
|
|
|
This is currently only Seth Forshee's key, who is the regulatory
|
|
database maintainer.
|
|
|
|
config CFG80211_EXTRA_REGDB_KEYDIR
|
|
string "additional regdb key directory" if CFG80211_CERTIFICATION_ONUS
|
|
depends on CFG80211_REQUIRE_SIGNED_REGDB
|
|
help
|
|
If selected, point to a directory with DER-encoded X.509
|
|
certificates like in the kernel sources (net/wireless/certs/)
|
|
that shall be accepted for a signed regulatory database.
|
|
|
|
Note that you need to also select the correct CRYPTO_<hash> modules
|
|
for your certificates, and if cfg80211 is built-in they also must be.
|
|
|
|
config CFG80211_REG_CELLULAR_HINTS
|
|
bool "cfg80211 regulatory support for cellular base station hints"
|
|
depends on CFG80211_CERTIFICATION_ONUS
|
|
---help---
|
|
This option enables support for parsing regulatory hints
|
|
from cellular base stations. If enabled and at least one driver
|
|
claims support for parsing cellular base station hints the
|
|
regulatory core will allow and parse these regulatory hints.
|
|
The regulatory core will only apply these regulatory hints on
|
|
drivers that support this feature. You should only enable this
|
|
feature if you have tested and validated this feature on your
|
|
systems.
|
|
|
|
config CFG80211_REG_RELAX_NO_IR
|
|
bool "cfg80211 support for NO_IR relaxation"
|
|
depends on CFG80211_CERTIFICATION_ONUS
|
|
---help---
|
|
This option enables support for relaxation of the NO_IR flag for
|
|
situations that certain regulatory bodies have provided clarifications
|
|
on how relaxation can occur. This feature has an inherent dependency on
|
|
userspace features which must have been properly tested and as such is
|
|
not enabled by default.
|
|
|
|
A relaxation feature example is allowing the operation of a P2P group
|
|
owner (GO) on channels marked with NO_IR if there is an additional BSS
|
|
interface which associated to an AP which userspace assumes or confirms
|
|
to be an authorized master, i.e., with radar detection support and DFS
|
|
capabilities. However, note that in order to not create daisy chain
|
|
scenarios, this relaxation is not allowed in cases where the BSS client
|
|
is associated to P2P GO and in addition the P2P GO instantiated on
|
|
a channel due to this relaxation should not allow connection from
|
|
non P2P clients.
|
|
|
|
The regulatory core will apply these relaxations only for drivers that
|
|
support this feature by declaring the appropriate channel flags and
|
|
capabilities in their registration flow.
|
|
|
|
config CFG80211_DEFAULT_PS
|
|
bool "enable powersave by default"
|
|
default y
|
|
help
|
|
This option enables powersave mode by default.
|
|
|
|
If this causes your applications to misbehave you should fix your
|
|
applications instead -- they need to register their network
|
|
latency requirement, see Documentation/power/pm_qos_interface.txt.
|
|
|
|
config CFG80211_DEBUGFS
|
|
bool "cfg80211 DebugFS entries"
|
|
depends on DEBUG_FS
|
|
---help---
|
|
You can enable this if you want debugfs entries for cfg80211.
|
|
|
|
If unsure, say N.
|
|
|
|
config CFG80211_CRDA_SUPPORT
|
|
bool "support CRDA" if EXPERT
|
|
default y
|
|
help
|
|
You should enable this option unless you know for sure you have no
|
|
need for it, for example when using internal regdb (above) or the
|
|
database loaded as a firmware file.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CFG80211_WEXT
|
|
bool "cfg80211 wireless extensions compatibility" if !CFG80211_WEXT_EXPORT
|
|
select WEXT_CORE
|
|
default y if CFG80211_WEXT_EXPORT
|
|
help
|
|
Enable this option if you need old userspace for wireless
|
|
extensions with cfg80211-based drivers.
|
|
|
|
config CFG80211_WEXT_EXPORT
|
|
bool
|
|
help
|
|
Drivers should select this option if they require cfg80211's
|
|
wext compatibility symbols to be exported.
|
|
|
|
endif # CFG80211
|
|
|
|
config LIB80211
|
|
tristate
|
|
default n
|
|
help
|
|
This options enables a library of common routines used
|
|
by IEEE802.11 wireless LAN drivers.
|
|
|
|
Drivers should select this themselves if needed.
|
|
|
|
config LIB80211_CRYPT_WEP
|
|
tristate
|
|
|
|
config LIB80211_CRYPT_CCMP
|
|
tristate
|
|
|
|
config LIB80211_CRYPT_TKIP
|
|
tristate
|
|
|
|
config LIB80211_DEBUG
|
|
bool "lib80211 debugging messages"
|
|
depends on LIB80211
|
|
default n
|
|
---help---
|
|
You can enable this if you want verbose debugging messages
|
|
from lib80211.
|
|
|
|
If unsure, say N.
|