author: Ard Biesheuvel <ardb@kernel.org> 2021-04-21 09:55:11 +0200
committer: Herbert Xu <herbert@gondor.apana.org.au> 2021-04-22 17:31:32 +1000
commit: e3a606f2c544b231f6079c8c5fea451e772e1139
parent: a0fc20333ee4bac1147c4cf75dea098c26671a2f
Commit Summary:
Diffstat:
1 file changed, 6 insertions, 2 deletions
diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
index 88fb25119899..24d1b54de807 100644
--- a/fs/verity/Kconfig
+++ b/fs/verity/Kconfig
@@ -3,9 +3,13 @@
config FS_VERITY
bool "FS Verity (read-only file-based authenticity protection)"
select CRYPTO
- # SHA-256 is selected as it's intended to be the default hash algorithm.
+ # SHA-256 is implied as it's intended to be the default hash algorithm.
# To avoid bloat, other wanted algorithms must be selected explicitly.
- select CRYPTO_SHA256
+ # Note that CRYPTO_SHA256 denotes the generic C implementation, but
+ # some architectures provided optimized implementations of the same
+ # algorithm that may be used instead. In this case, CRYPTO_SHA256 may
+ # be omitted even if SHA-256 is being used.
+ imply CRYPTO_SHA256
help
This option enables fs-verity. fs-verity is the dm-verity
mechanism implemented at the file level. On supported