| Thomas Gleixner | ec8f24b | 2019-05-19 13:07:45 +0100 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0-only |
| Jaegeuk Kim | 0b81d07 | 2015-05-15 16:26:10 -0700 | [diff] [blame] | 2 | config FS_ENCRYPTION |
| Chandan Rajendra | 643fa96 | 2018-12-12 15:20:12 +0530 | [diff] [blame] | 3 | bool "FS Encryption (Per-file encryption)" |
| Jaegeuk Kim | 0b81d07 | 2015-05-15 16:26:10 -0700 | [diff] [blame] | 4 | select CRYPTO |
| Herbert Xu | ede7a09 | 2019-12-27 10:47:00 +0800 | [diff] [blame] | 5 | select CRYPTO_HASH |
| 6 | select CRYPTO_SKCIPHER |
| Eric Biggers | bd0d97b | 2020-07-21 15:59:16 -0700 | [diff] [blame] | 7 | select CRYPTO_LIB_SHA256 |
| Jaegeuk Kim | 0b81d07 | 2015-05-15 16:26:10 -0700 | [diff] [blame] | 8 | select KEYS |
| Jaegeuk Kim | 0b81d07 | 2015-05-15 16:26:10 -0700 | [diff] [blame] | 9 | help |
| 10 | Enable encryption of files and directories. This |
| 11 | feature is similar to ecryptfs, but it is more memory |
| 12 | efficient since it avoids caching the encrypted and |
| Chandan Rajendra | 643fa96 | 2018-12-12 15:20:12 +0530 | [diff] [blame] | 13 | decrypted pages in the page cache. Currently Ext4, |
| 14 | F2FS and UBIFS make use of this feature. |
| Herbert Xu | ede7a09 | 2019-12-27 10:47:00 +0800 | [diff] [blame] | 15 | |
| 16 | # Filesystems supporting encryption must select this if FS_ENCRYPTION. This |
| Ard Biesheuvel | a0fc203 | 2021-04-21 09:55:10 +0200 | [diff] [blame] | 17 | # allows the algorithms to be built as modules when all the filesystems are, |
| 18 | # whereas selecting them from FS_ENCRYPTION would force them to be built-in. |
| 19 | # |
| 20 | # Note: this option only pulls in the algorithms that filesystem encryption |
| 21 | # needs "by default". If userspace will use "non-default" encryption modes such |
| 22 | # as Adiantum encryption, then those other modes need to be explicitly enabled |
| 23 | # in the crypto API; see Documentation/filesystems/fscrypt.rst for details. |
| 24 | # |
| 25 | # Also note that this option only pulls in the generic implementations of the |
| 26 | # algorithms, not any per-architecture optimized implementations. It is |
| 27 | # strongly recommended to enable optimized implementations too. It is safe to |
| 28 | # disable these generic implementations if corresponding optimized |
| 29 | # implementations will always be available too; for this reason, these are soft |
| 30 | # dependencies ('imply' rather than 'select'). Only disable these generic |
| 31 | # implementations if you're sure they will never be needed, though. |
| Herbert Xu | ede7a09 | 2019-12-27 10:47:00 +0800 | [diff] [blame] | 32 | config FS_ENCRYPTION_ALGS |
| 33 | tristate |
| Ard Biesheuvel | a0fc203 | 2021-04-21 09:55:10 +0200 | [diff] [blame] | 34 | imply CRYPTO_AES |
| 35 | imply CRYPTO_CBC |
| 36 | imply CRYPTO_CTS |
| 37 | imply CRYPTO_ECB |
| 38 | imply CRYPTO_HMAC |
| 39 | imply CRYPTO_SHA512 |
| 40 | imply CRYPTO_XTS |
| Satya Tangirala | 5fee360 | 2020-07-02 01:56:05 +0000 | [diff] [blame] | 41 | |
| 42 | config FS_ENCRYPTION_INLINE_CRYPT |
| 43 | bool "Enable fscrypt to use inline crypto" |
| 44 | depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION |
| 45 | help |
| 46 | Enable fscrypt to use inline encryption hardware if available. |