2019-05-19 05:07:45 -07:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2015-05-15 16:26:10 -07:00
|
|
|
config FS_ENCRYPTION
|
2018-12-12 02:50:12 -07:00
|
|
|
bool "FS Encryption (Per-file encryption)"
|
2015-05-15 16:26:10 -07:00
|
|
|
select CRYPTO
|
2019-12-26 19:47:00 -07:00
|
|
|
select CRYPTO_HASH
|
|
|
|
select CRYPTO_SKCIPHER
|
2020-07-21 15:59:16 -07:00
|
|
|
select CRYPTO_LIB_SHA256
|
2015-05-15 16:26:10 -07:00
|
|
|
select KEYS
|
|
|
|
help
|
|
|
|
Enable encryption of files and directories. This
|
|
|
|
feature is similar to ecryptfs, but it is more memory
|
|
|
|
efficient since it avoids caching the encrypted and
|
2018-12-12 02:50:12 -07:00
|
|
|
decrypted pages in the page cache. Currently Ext4,
|
2023-12-26 21:51:58 -07:00
|
|
|
F2FS, UBIFS, and CephFS make use of this feature.
|
2019-12-26 19:47:00 -07:00
|
|
|
|
|
|
|
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
|
2021-04-21 00:55:10 -07:00
|
|
|
# allows the algorithms to be built as modules when all the filesystems are,
|
|
|
|
# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
|
|
|
|
#
|
|
|
|
# Note: this option only pulls in the algorithms that filesystem encryption
|
|
|
|
# needs "by default". If userspace will use "non-default" encryption modes such
|
|
|
|
# as Adiantum encryption, then those other modes need to be explicitly enabled
|
|
|
|
# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
|
|
|
|
#
|
|
|
|
# Also note that this option only pulls in the generic implementations of the
|
|
|
|
# algorithms, not any per-architecture optimized implementations. It is
|
|
|
|
# strongly recommended to enable optimized implementations too. It is safe to
|
|
|
|
# disable these generic implementations if corresponding optimized
|
|
|
|
# implementations will always be available too; for this reason, these are soft
|
|
|
|
# dependencies ('imply' rather than 'select'). Only disable these generic
|
|
|
|
# implementations if you're sure they will never be needed, though.
|
2019-12-26 19:47:00 -07:00
|
|
|
config FS_ENCRYPTION_ALGS
|
|
|
|
tristate
|
2021-04-21 00:55:10 -07:00
|
|
|
imply CRYPTO_AES
|
|
|
|
imply CRYPTO_CBC
|
|
|
|
imply CRYPTO_CTS
|
|
|
|
imply CRYPTO_ECB
|
|
|
|
imply CRYPTO_HMAC
|
|
|
|
imply CRYPTO_SHA512
|
|
|
|
imply CRYPTO_XTS
|
2020-07-01 18:56:05 -07:00
|
|
|
|
|
|
|
config FS_ENCRYPTION_INLINE_CRYPT
|
|
|
|
bool "Enable fscrypt to use inline crypto"
|
|
|
|
depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
|
|
|
|
help
|
|
|
|
Enable fscrypt to use inline encryption hardware if available.
|