mirror of
https://github.com/torvalds/linux.git
synced 2024-11-14 08:02:07 +00:00
a0fc20333e
Even if FS encryption has strict functional dependencies on various crypto algorithms and chaining modes. those dependencies could potentially be satisified by other implementations than the generic ones, and no link time dependency exists on the 'depends on' claused defined by CONFIG_FS_ENCRYPTION_ALGS. So let's relax these clauses to 'imply', so that the default behavior is still to pull in those generic algorithms, but in a way that permits them to be disabled again in Kconfig. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
47 lines
1.9 KiB
Plaintext
47 lines
1.9 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config FS_ENCRYPTION
|
|
bool "FS Encryption (Per-file encryption)"
|
|
select CRYPTO
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_SHA256
|
|
select KEYS
|
|
help
|
|
Enable encryption of files and directories. This
|
|
feature is similar to ecryptfs, but it is more memory
|
|
efficient since it avoids caching the encrypted and
|
|
decrypted pages in the page cache. Currently Ext4,
|
|
F2FS and UBIFS make use of this feature.
|
|
|
|
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
|
|
# allows the algorithms to be built as modules when all the filesystems are,
|
|
# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
|
|
#
|
|
# Note: this option only pulls in the algorithms that filesystem encryption
|
|
# needs "by default". If userspace will use "non-default" encryption modes such
|
|
# as Adiantum encryption, then those other modes need to be explicitly enabled
|
|
# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
|
|
#
|
|
# Also note that this option only pulls in the generic implementations of the
|
|
# algorithms, not any per-architecture optimized implementations. It is
|
|
# strongly recommended to enable optimized implementations too. It is safe to
|
|
# disable these generic implementations if corresponding optimized
|
|
# implementations will always be available too; for this reason, these are soft
|
|
# dependencies ('imply' rather than 'select'). Only disable these generic
|
|
# implementations if you're sure they will never be needed, though.
|
|
config FS_ENCRYPTION_ALGS
|
|
tristate
|
|
imply CRYPTO_AES
|
|
imply CRYPTO_CBC
|
|
imply CRYPTO_CTS
|
|
imply CRYPTO_ECB
|
|
imply CRYPTO_HMAC
|
|
imply CRYPTO_SHA512
|
|
imply CRYPTO_XTS
|
|
|
|
config FS_ENCRYPTION_INLINE_CRYPT
|
|
bool "Enable fscrypt to use inline crypto"
|
|
depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
|
|
help
|
|
Enable fscrypt to use inline encryption hardware if available.
|