Provide a keyring to which extra trustable keys may be added

configname: CONFIG_SECONDARY_TRUSTED_KEYRING

Linux Kernel Configuration
└─>Cryptographic API
└─>Certificates for signature checking
└─>Provide a keyring to which extra trustable keys may be added
In linux kernel since version 3.10 (release Date: 2013-06-30)  
If set, provide a keyring to which extra keys may be added, provided
those keys are not blacklisted and are vouched for by a key built
into the kernel, machine keyring (if configured), or already in the
secondary trusted keyring.