ec8f24b7faaf3 (Thomas Gleixner 2019-05-19 13:07:45 +0100 1) # SPDX-License-Identifier: GPL-2.0-only
0b81d07790726 (Jaegeuk Kim 2015-05-15 16:26:10 -0700 2) config FS_ENCRYPTION
643fa9612bf1a (Chandan Rajendra 2018-12-12 15:20:12 +0530 3) bool "FS Encryption (Per-file encryption)"
0b81d07790726 (Jaegeuk Kim 2015-05-15 16:26:10 -0700 4) select CRYPTO
ede7a09fc8815 (Herbert Xu 2019-12-27 10:47:00 +0800 5) select CRYPTO_HASH
ede7a09fc8815 (Herbert Xu 2019-12-27 10:47:00 +0800 6) select CRYPTO_SKCIPHER
bd0d97b7191e8 (Eric Biggers 2020-07-21 15:59:16 -0700 7) select CRYPTO_LIB_SHA256
0b81d07790726 (Jaegeuk Kim 2015-05-15 16:26:10 -0700 8) select KEYS
0b81d07790726 (Jaegeuk Kim 2015-05-15 16:26:10 -0700 9) help
0b81d07790726 (Jaegeuk Kim 2015-05-15 16:26:10 -0700 10) Enable encryption of files and directories. This
0b81d07790726 (Jaegeuk Kim 2015-05-15 16:26:10 -0700 11) feature is similar to ecryptfs, but it is more memory
0b81d07790726 (Jaegeuk Kim 2015-05-15 16:26:10 -0700 12) efficient since it avoids caching the encrypted and
643fa9612bf1a (Chandan Rajendra 2018-12-12 15:20:12 +0530 13) decrypted pages in the page cache. Currently Ext4,
643fa9612bf1a (Chandan Rajendra 2018-12-12 15:20:12 +0530 14) F2FS and UBIFS make use of this feature.
ede7a09fc8815 (Herbert Xu 2019-12-27 10:47:00 +0800 15)
ede7a09fc8815 (Herbert Xu 2019-12-27 10:47:00 +0800 16) # Filesystems supporting encryption must select this if FS_ENCRYPTION. This
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 17) # allows the algorithms to be built as modules when all the filesystems are,
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 18) # whereas selecting them from FS_ENCRYPTION would force them to be built-in.
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 19) #
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 20) # Note: this option only pulls in the algorithms that filesystem encryption
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 21) # needs "by default". If userspace will use "non-default" encryption modes such
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 22) # as Adiantum encryption, then those other modes need to be explicitly enabled
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 23) # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 24) #
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 25) # Also note that this option only pulls in the generic implementations of the
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 26) # algorithms, not any per-architecture optimized implementations. It is
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 27) # strongly recommended to enable optimized implementations too. It is safe to
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 28) # disable these generic implementations if corresponding optimized
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 29) # implementations will always be available too; for this reason, these are soft
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 30) # dependencies ('imply' rather than 'select'). Only disable these generic
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 31) # implementations if you're sure they will never be needed, though.
ede7a09fc8815 (Herbert Xu 2019-12-27 10:47:00 +0800 32) config FS_ENCRYPTION_ALGS
ede7a09fc8815 (Herbert Xu 2019-12-27 10:47:00 +0800 33) tristate
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 34) imply CRYPTO_AES
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 35) imply CRYPTO_CBC
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 36) imply CRYPTO_CTS
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 37) imply CRYPTO_ECB
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 38) imply CRYPTO_HMAC
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 39) imply CRYPTO_SHA512
a0fc20333ee4b (Ard Biesheuvel 2021-04-21 09:55:10 +0200 40) imply CRYPTO_XTS
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 41)
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 42) config FS_ENCRYPTION_INLINE_CRYPT
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 43) bool "Enable fscrypt to use inline crypto"
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 44) depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 45) help
5fee36095cda4 (Satya Tangirala 2020-07-02 01:56:05 +0000 46) Enable fscrypt to use inline encryption hardware if available.