projects / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
| 0b81d077 | 2 | config FS_ENCRYPTION |
| 643fa961 | 3 | bool "FS Encryption (Per-file encryption)" |
| 0b81d077 | 4 | select CRYPTO |
| ede7a09f HX |
5 | select CRYPTO_HASH |
| 6 | select CRYPTO_SKCIPHER | |
| bd0d97b7 | 7 | select CRYPTO_LIB_SHA256 |
| 0b81d077 | 8 | select KEYS |
| 0b81d077 JK |
9 | help |
| 10 | Enable encryption of files and directories. This | |
| 11 | feature is similar to ecryptfs, but it is more memory | |
| 12 | efficient since it avoids caching the encrypted and | |
| 643fa961 | 13 | decrypted pages in the page cache. Currently Ext4, |
| c1f1f5bf | 14 | F2FS, UBIFS, and CephFS make use of this feature. |
| ede7a09f HX |
15 | |
| 16 | # Filesystems supporting encryption must select this if FS_ENCRYPTION. This | |
| a0fc2033 AB |
17 | # allows the algorithms to be built as modules when all the filesystems are, |
| 18 | # whereas selecting them from FS_ENCRYPTION would force them to be built-in. | |
| 19 | # | |
| 20 | # Note: this option only pulls in the algorithms that filesystem encryption | |
| 21 | # needs "by default". If userspace will use "non-default" encryption modes such | |
| 22 | # as Adiantum encryption, then those other modes need to be explicitly enabled | |
| 23 | # in the crypto API; see Documentation/filesystems/fscrypt.rst for details. | |
| 24 | # | |
| 25 | # Also note that this option only pulls in the generic implementations of the | |
| 26 | # algorithms, not any per-architecture optimized implementations. It is | |
| 27 | # strongly recommended to enable optimized implementations too. It is safe to | |
| 28 | # disable these generic implementations if corresponding optimized | |
| 29 | # implementations will always be available too; for this reason, these are soft | |
| 30 | # dependencies ('imply' rather than 'select'). Only disable these generic | |
| 31 | # implementations if you're sure they will never be needed, though. | |
| ede7a09f HX |
32 | config FS_ENCRYPTION_ALGS |
| 33 | tristate | |
| a0fc2033 AB |
34 | imply CRYPTO_AES |
| 35 | imply CRYPTO_CBC | |
| 36 | imply CRYPTO_CTS | |
| 37 | imply CRYPTO_ECB | |
| 38 | imply CRYPTO_HMAC | |
| 39 | imply CRYPTO_SHA512 | |
| 40 | imply CRYPTO_XTS | |
| 5fee3609 ST |
41 | |
| 42 | config FS_ENCRYPTION_INLINE_CRYPT | |
| 43 | bool "Enable fscrypt to use inline crypto" | |
| 44 | depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION | |
| 45 | help | |
| 46 | Enable fscrypt to use inline encryption hardware if available. |