2019-05-19 13:07:45 +01:00
# SPDX-License-Identifier: GPL-2.0-only
2007-07-15 23:39:36 -07:00
menuconfig CRYPTO_HW
bool "Hardware crypto devices"
default y
2020-06-14 01:50:22 +09:00
help
2007-08-18 12:56:21 +02:00
Say Y here to get to see options for hardware crypto devices and
processors. This option alone does not add any kernel code.
If you say N, all options in this submenu will be skipped and disabled.
2007-07-15 23:39:36 -07:00
if CRYPTO_HW
2005-04-16 15:20:36 -07:00
2019-10-23 22:05:03 +02:00
source "drivers/crypto/allwinner/Kconfig"
2005-04-16 15:20:36 -07:00
config CRYPTO_DEV_PADLOCK
2007-05-18 13:17:22 +10:00
tristate "Support for VIA PadLock ACE"
2009-04-22 13:00:15 +08:00
depends on X86 && !UML
2005-04-16 15:20:36 -07:00
help
Some VIA processors come with an integrated crypto engine
(so called VIA PadLock ACE, Advanced Cryptography Engine)
2006-08-06 22:46:20 +10:00
that provides instructions for very fast cryptographic
operations with supported algorithms.
2005-04-16 15:20:36 -07:00
The instructions are used only when the CPU supports them.
2006-08-06 22:50:30 +10:00
Otherwise software encryption is used.
2005-04-16 15:20:36 -07:00
config CRYPTO_DEV_PADLOCK_AES
2006-08-06 22:46:20 +10:00
tristate "PadLock driver for AES algorithm"
2005-04-16 15:20:36 -07:00
depends on CRYPTO_DEV_PADLOCK
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2019-07-02 21:41:25 +02:00
select CRYPTO_LIB_AES
2005-04-16 15:20:36 -07:00
help
Use VIA PadLock for AES algorithm.
2006-08-06 22:46:20 +10:00
Available in VIA C3 and newer CPUs.
If unsure say M. The compiled module will be
2009-06-05 00:44:53 +02:00
called padlock-aes.
2006-08-06 22:46:20 +10:00
2006-07-12 12:29:38 +10:00
config CRYPTO_DEV_PADLOCK_SHA
tristate "PadLock driver for SHA1 and SHA256 algorithms"
depends on CRYPTO_DEV_PADLOCK
2009-07-11 18:16:16 +08:00
select CRYPTO_HASH
2006-07-12 12:29:38 +10:00
select CRYPTO_SHA1
select CRYPTO_SHA256
help
Use VIA PadLock for SHA1/SHA256 algorithms.
Available in VIA C7 and newer processors.
If unsure say M. The compiled module will be
2009-06-05 00:44:53 +02:00
called padlock-sha.
2006-07-12 12:29:38 +10:00
2006-10-04 18:48:57 +10:00
config CRYPTO_DEV_GEODE
tristate "Support for the Geode LX AES engine"
2007-05-02 22:08:26 +10:00
depends on X86_32 && PCI
2006-10-04 18:48:57 +10:00
select CRYPTO_ALGAPI
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2006-10-04 18:48:57 +10:00
help
Say 'Y' here to use the AMD Geode LX processor on-board AES
2007-05-09 07:12:20 +02:00
engine for the CryptoAPI AES algorithm.
2006-10-04 18:48:57 +10:00
To compile this driver as a module, choose M here: the module
will be called geode-aes.
2007-05-10 15:46:00 +02:00
config ZCRYPT
2017-02-20 16:09:51 +01:00
tristate "Support for s390 cryptographic adapters"
2007-05-10 15:46:00 +02:00
depends on S390
2008-04-17 07:46:15 +02:00
select HW_RANDOM
2007-05-10 15:46:00 +02:00
help
2017-02-20 16:09:51 +01:00
Select this option if you want to enable support for
s390 cryptographic adapters like:
2020-09-23 09:18:38 +02:00
+ Crypto Express 2 up to 7 Coprocessor (CEXxC)
+ Crypto Express 2 up to 7 Accelerator (CEXxA)
+ Crypto Express 4 up to 7 EP11 Coprocessor (CEXxP)
config ZCRYPT_DEBUG
bool "Enable debug features for s390 cryptographic adapters"
default n
depends on DEBUG_KERNEL
depends on ZCRYPT
help
Say 'Y' here to enable some additional debug features on the
s390 cryptographic adapters driver.
There will be some more sysfs attributes displayed for ap cards
and queues and some flags on crypto requests are interpreted as
debugging messages to force error injection.
Do not enable on production level kernel build.
If unsure, say N.
2007-05-10 15:46:00 +02:00
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 16:18:41 +02:00
config ZCRYPT_MULTIDEVNODES
bool "Support for multiple zcrypt device nodes"
default y
depends on S390
depends on ZCRYPT
help
With this option enabled the zcrypt device driver can
provide multiple devices nodes in /dev. Each device
node can get customized to limit access and narrow
down the use of the available crypto hardware.
2016-11-02 14:37:20 +01:00
config PKEY
tristate "Kernel API for protected key handling"
depends on S390
depends on ZCRYPT
help
With this option enabled the pkey kernel module provides an API
for creation and handling of protected keys. Other parts of the
kernel or userspace applications may use these functions.
Select this option if you want to enable the kernel and userspace
API for proteced key handling.
Please note that creation of protected keys from secure keys
requires to have at least one CEX card in coprocessor mode
available at runtime.
2007-05-10 15:46:00 +02:00
2017-05-11 17:15:54 +02:00
config CRYPTO_PAES_S390
tristate "PAES cipher algorithms"
depends on S390
depends on ZCRYPT
depends on PKEY
select CRYPTO_ALGAPI
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2017-05-11 17:15:54 +02:00
help
This is the s390 hardware accelerated implementation of the
AES cipher algorithms for use with protected key.
Select this option if you want to use the paes cipher
for example to use protected key encrypted devices.
2008-01-26 14:11:07 +01:00
config S390_PRNG
tristate "Pseudo random number generator device driver"
depends on S390
default "m"
help
Select this option if you want to use the s390 pseudo random number
generator. The PRNG is part of the cryptographic processor functions
and uses triple-DES to generate secure random numbers like the
2011-04-19 21:29:19 +02:00
ANSI X9.17 standard. User-space programs access the
pseudo-random-number device through the char device /dev/prandom.
It is available as of z9.
2008-01-26 14:11:07 +01:00
2010-05-19 14:14:04 +10:00
config CRYPTO_DEV_NIAGARA2
2019-11-21 04:20:48 +01:00
tristate "Niagara2 Stream Processing Unit driver"
select CRYPTO_LIB_DES
select CRYPTO_SKCIPHER
select CRYPTO_HASH
select CRYPTO_MD5
select CRYPTO_SHA1
select CRYPTO_SHA256
depends on SPARC64
help
2010-05-19 14:14:04 +10:00
Each core of a Niagara2 processor contains a Stream
Processing Unit, which itself contains several cryptographic
sub-units. One set provides the Modular Arithmetic Unit,
used for SSL offload. The other set provides the Cipher
Group, which can perform encryption, decryption, hashing,
checksumming, and raw copies.
2021-06-01 15:11:29 +00:00
config CRYPTO_DEV_SL3516
2021-06-25 15:27:23 +02:00
tristate "Storlink SL3516 crypto offloader"
2021-06-25 15:27:24 +02:00
depends on ARCH_GEMINI || COMPILE_TEST
depends on HAS_IOMEM && PM
2021-06-01 15:11:29 +00:00
select CRYPTO_SKCIPHER
select CRYPTO_ENGINE
select CRYPTO_ECB
select CRYPTO_AES
select HW_RANDOM
help
This option allows you to have support for SL3516 crypto offloader.
config CRYPTO_DEV_SL3516_DEBUG
bool "Enable SL3516 stats"
depends on CRYPTO_DEV_SL3516
depends on DEBUG_FS
help
Say y to enable SL3516 debug stats.
This will create /sys/kernel/debug/sl3516/stats for displaying
the number of requests per algorithm and other internal stats.
2007-10-26 21:31:14 +08:00
config CRYPTO_DEV_HIFN_795X
tristate "Driver HIFN 795x crypto accelerator chips"
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2008-01-26 09:48:44 +11:00
select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
2007-11-12 21:56:38 +08:00
depends on PCI
2011-10-10 12:55:41 +02:00
depends on !ARCH_DMA_ADDR_T_64BIT
2007-10-26 21:31:14 +08:00
help
This option allows you to have support for HIFN 795x crypto adapters.
2008-01-26 09:48:44 +11:00
config CRYPTO_DEV_HIFN_795X_RNG
bool "HIFN 795x random number generator"
depends on CRYPTO_DEV_HIFN_795X
help
Select this option if you want to enable the random number generator
on the HIFN 795x crypto adapters.
2007-10-26 21:31:14 +08:00
2018-12-11 20:01:04 +09:00
source "drivers/crypto/caam/Kconfig"
2011-03-13 16:54:26 +08:00
2008-06-23 19:50:15 +08:00
config CRYPTO_DEV_TALITOS
tristate "Talitos Freescale Security Engine (SEC)"
2015-06-17 14:58:24 +08:00
select CRYPTO_AEAD
2008-06-23 19:50:15 +08:00
select CRYPTO_AUTHENC
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2015-06-17 14:58:24 +08:00
select CRYPTO_HASH
2019-11-26 19:28:36 +08:00
select CRYPTO_LIB_DES
2008-06-23 19:50:15 +08:00
select HW_RANDOM
depends on FSL_SOC
help
Say 'Y' here to use the Freescale Security Engine (SEC)
to offload cryptographic algorithm computation.
The Freescale SEC is present on PowerQUICC 'E' processors, such
as the MPC8349E and MPC8548E.
To compile this driver as a module, choose M here: the module
will be called talitos.
2015-04-17 16:32:03 +02:00
config CRYPTO_DEV_TALITOS1
bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
depends on CRYPTO_DEV_TALITOS
depends on PPC_8xx || PPC_82xx
default y
help
Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
found on MPC82xx or the Freescale Security Engine (SEC Lite)
version 1.2 found on MPC8xx
config CRYPTO_DEV_TALITOS2
bool "SEC2+ (SEC version 2.0 or upper)"
depends on CRYPTO_DEV_TALITOS
default y if !PPC_8xx
help
Say 'Y' here to use the Freescale Security Engine (SEC)
version 2 and following as found on MPC83xx, MPC85xx, etc ...
2008-06-25 14:38:47 +08:00
config CRYPTO_DEV_IXP4XX
tristate "Driver for IXP4xx crypto hardware acceleration"
2010-03-25 23:56:05 +01:00
depends on ARCH_IXP4XX && IXP4XX_QMGR && IXP4XX_NPE
2021-05-05 20:26:10 +00:00
select CRYPTO_AES
select CRYPTO_DES
select CRYPTO_ECB
select CRYPTO_CBC
select CRYPTO_CTR
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2015-06-17 14:58:24 +08:00
select CRYPTO_AEAD
2008-07-13 20:12:11 +08:00
select CRYPTO_AUTHENC
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2008-06-25 14:38:47 +08:00
help
Driver for the IXP4xx NPE crypto engine.
2009-02-05 16:18:13 +11:00
config CRYPTO_DEV_PPC4XX
tristate "Driver AMCC PPC4xx crypto accelerator"
depends on PPC && 4xx
select CRYPTO_HASH
2017-10-04 01:00:15 +02:00
select CRYPTO_AEAD
2019-10-27 16:47:47 +01:00
select CRYPTO_AES
2019-07-02 21:41:42 +02:00
select CRYPTO_LIB_AES
2017-10-04 01:00:15 +02:00
select CRYPTO_CCM
2018-04-19 18:41:54 +02:00
select CRYPTO_CTR
2017-10-04 01:00:15 +02:00
select CRYPTO_GCM
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2009-02-05 16:18:13 +11:00
help
This option allows you to have support for AMCC crypto acceleration.
2016-04-18 12:57:41 +02:00
config HW_RANDOM_PPC4XX
bool "PowerPC 4xx generic true random number generator support"
2021-01-30 14:55:38 -08:00
depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y
2016-04-18 12:57:41 +02:00
default y
2020-06-14 01:50:22 +09:00
help
2016-04-18 12:57:41 +02:00
This option provides the kernel-side support for the TRNG hardware
found in the security function of some PowerPC 4xx SoCs.
2017-05-24 10:35:26 +03:00
config CRYPTO_DEV_OMAP
tristate "Support for OMAP crypto HW accelerators"
depends on ARCH_OMAP2PLUS
help
OMAP processors have various crypto HW accelerators. Select this if
2019-11-21 04:20:48 +01:00
you want to use the OMAP modules for any of the crypto algorithms.
2017-05-24 10:35:26 +03:00
if CRYPTO_DEV_OMAP
2010-05-03 11:10:59 +08:00
config CRYPTO_DEV_OMAP_SHAM
2013-07-26 12:29:14 +05:30
tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
depends on ARCH_OMAP2PLUS
2021-01-03 15:03:04 +01:00
select CRYPTO_ENGINE
2010-05-03 11:10:59 +08:00
select CRYPTO_SHA1
select CRYPTO_MD5
2013-07-26 12:29:14 +05:30
select CRYPTO_SHA256
select CRYPTO_SHA512
select CRYPTO_HMAC
2010-05-03 11:10:59 +08:00
help
2013-07-26 12:29:14 +05:30
OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
2010-05-03 11:10:59 +08:00
2010-09-03 19:16:02 +08:00
config CRYPTO_DEV_OMAP_AES
tristate "Support for OMAP AES hw engine"
2013-08-17 21:42:35 -05:00
depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
2010-09-03 19:16:02 +08:00
select CRYPTO_AES
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2016-01-26 20:25:40 +08:00
select CRYPTO_ENGINE
2016-08-04 13:28:44 +03:00
select CRYPTO_CBC
select CRYPTO_ECB
select CRYPTO_CTR
2017-05-24 10:35:31 +03:00
select CRYPTO_AEAD
2010-09-03 19:16:02 +08:00
help
OMAP processors have AES module accelerator. Select this if you
want to use the OMAP module for AES algorithms.
2014-02-14 10:49:47 -06:00
config CRYPTO_DEV_OMAP_DES
2016-03-13 16:15:37 +01:00
tristate "Support for OMAP DES/3DES hw engine"
2014-02-14 10:49:47 -06:00
depends on ARCH_OMAP2PLUS
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2016-04-28 14:11:51 +08:00
select CRYPTO_ENGINE
2014-02-14 10:49:47 -06:00
help
OMAP processors have DES/3DES module accelerator. Select this if you
want to use the OMAP module for DES and 3DES algorithms. Currently
2016-03-13 16:15:37 +01:00
the ECB and CBC modes of operation are supported by the driver. Also
accesses made on unaligned boundaries are supported.
2014-02-14 10:49:47 -06:00
2017-05-24 10:35:26 +03:00
endif # CRYPTO_DEV_OMAP
2013-03-01 12:37:53 +01:00
config CRYPTO_DEV_SAHARA
tristate "Support for SAHARA crypto accelerator"
2013-05-12 13:57:19 +02:00
depends on ARCH_MXC && OF
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2013-03-01 12:37:53 +01:00
select CRYPTO_AES
select CRYPTO_ECB
help
This option enables support for the SAHARA HW crypto accelerator
found in some Freescale i.MX chips.
2017-04-11 20:08:35 +02:00
config CRYPTO_DEV_EXYNOS_RNG
2020-01-04 16:20:59 +01:00
tristate "Exynos HW pseudo random number generator support"
2017-04-11 20:08:35 +02:00
depends on ARCH_EXYNOS || COMPILE_TEST
depends on HAS_IOMEM
select CRYPTO_RNG
2020-06-14 01:50:22 +09:00
help
2017-04-11 20:08:35 +02:00
This driver provides kernel-side support through the
cryptographic API for the pseudo random number generator hardware
found on Exynos SoCs.
To compile this driver as a module, choose M here: the
module will be called exynos-rng.
If unsure, say Y.
2011-04-08 20:40:51 +08:00
config CRYPTO_DEV_S5P
2014-05-08 21:58:14 +08:00
tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
2016-03-14 13:20:18 +09:00
depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
2018-04-17 19:49:03 +02:00
depends on HAS_IOMEM
2011-04-08 20:40:51 +08:00
select CRYPTO_AES
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2011-04-08 20:40:51 +08:00
help
This option allows you to have support for S5P crypto acceleration.
2014-05-08 21:58:14 +08:00
Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
2011-04-08 20:40:51 +08:00
algorithms execution.
2017-10-25 17:27:35 +02:00
config CRYPTO_DEV_EXYNOS_HASH
bool "Support for Samsung Exynos HASH accelerator"
depends on CRYPTO_DEV_S5P
depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
select CRYPTO_SHA1
select CRYPTO_MD5
select CRYPTO_SHA256
help
Select this to offload Exynos from HASH MD5/SHA1/SHA256.
This will select software SHA1, MD5 and SHA256 as they are
needed for small and zero-size messages.
HASH algorithms will be disabled if EXYNOS_RNG
is enabled due to hw conflict.
2012-04-12 05:39:26 +00:00
config CRYPTO_DEV_NX
2015-05-07 13:49:17 -04:00
bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
depends on PPC64
2012-04-12 05:39:26 +00:00
help
2015-05-07 13:49:17 -04:00
This enables support for the NX hardware cryptographic accelerator
coprocessor that is in IBM PowerPC P7+ or later processors. This
does not actually enable any drivers, it only allows you to select
which acceleration type (encryption and/or compression) to enable.
2012-07-19 09:42:38 -05:00
if CRYPTO_DEV_NX
source "drivers/crypto/nx/Kconfig"
endif
2012-04-12 05:39:26 +00:00
2012-04-30 10:11:17 +02:00
config CRYPTO_DEV_UX500
tristate "Driver for ST-Ericsson UX500 crypto hardware acceleration"
depends on ARCH_U8500
help
Driver for ST-Ericsson UX500 crypto engine.
if CRYPTO_DEV_UX500
source "drivers/crypto/ux500/Kconfig"
endif # if CRYPTO_DEV_UX500
2017-01-26 17:07:56 +01:00
config CRYPTO_DEV_ATMEL_AUTHENC
2019-11-13 17:55:50 +08:00
bool "Support for Atmel IPSEC/SSL hw accelerator"
2017-02-06 13:32:15 +01:00
depends on ARCH_AT91 || COMPILE_TEST
2019-11-13 17:55:50 +08:00
depends on CRYPTO_DEV_ATMEL_AES
2017-01-26 17:07:56 +01:00
help
Some Atmel processors can combine the AES and SHA hw accelerators
to enhance support of IPSEC/SSL.
Select this if you want to use the Atmel modules for
authenc(hmac(shaX),Y(cbc)) algorithms.
2012-07-01 19:19:44 +02:00
config CRYPTO_DEV_ATMEL_AES
tristate "Support for Atmel AES hw accelerator"
2017-02-06 13:32:15 +01:00
depends on ARCH_AT91 || COMPILE_TEST
2012-07-01 19:19:44 +02:00
select CRYPTO_AES
2015-12-17 18:13:07 +01:00
select CRYPTO_AEAD
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2019-11-13 17:55:50 +08:00
select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
2012-07-01 19:19:44 +02:00
help
Some Atmel processors have AES hw accelerator.
Select this if you want to use the Atmel module for
AES algorithms.
To compile this driver as a module, choose M here: the module
will be called atmel-aes.
2012-07-01 19:19:45 +02:00
config CRYPTO_DEV_ATMEL_TDES
tristate "Support for Atmel DES/TDES hw accelerator"
2017-02-06 13:32:15 +01:00
depends on ARCH_AT91 || COMPILE_TEST
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2012-07-01 19:19:45 +02:00
help
Some Atmel processors have DES/TDES hw accelerator.
Select this if you want to use the Atmel module for
DES/TDES algorithms.
To compile this driver as a module, choose M here: the module
will be called atmel-tdes.
2012-07-01 19:19:46 +02:00
config CRYPTO_DEV_ATMEL_SHA
2013-02-20 17:10:26 +01:00
tristate "Support for Atmel SHA hw accelerator"
2017-02-06 13:32:15 +01:00
depends on ARCH_AT91 || COMPILE_TEST
2015-06-17 14:58:24 +08:00
select CRYPTO_HASH
2012-07-01 19:19:46 +02:00
help
2013-02-20 17:10:26 +01:00
Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
hw accelerator.
2012-07-01 19:19:46 +02:00
Select this if you want to use the Atmel module for
2013-02-20 17:10:26 +01:00
SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
2012-07-01 19:19:46 +02:00
To compile this driver as a module, choose M here: the module
will be called atmel-sha.
2019-05-24 18:26:48 +02:00
config CRYPTO_DEV_ATMEL_I2C
tristate
2020-12-04 00:20:04 +01:00
select BITREVERSE
2019-05-24 18:26:48 +02:00
2017-07-05 13:07:59 +03:00
config CRYPTO_DEV_ATMEL_ECC
tristate "Support for Microchip / Atmel ECC hw accelerator"
depends on I2C
2019-05-24 18:26:48 +02:00
select CRYPTO_DEV_ATMEL_I2C
2017-07-05 13:07:59 +03:00
select CRYPTO_ECDH
select CRC16
help
Microhip / Atmel ECC hw accelerator.
Select this if you want to use the Microchip / Atmel module for
ECDH algorithm.
To compile this driver as a module, choose M here: the module
will be called atmel-ecc.
2019-05-24 18:26:49 +02:00
config CRYPTO_DEV_ATMEL_SHA204A
tristate "Support for Microchip / Atmel SHA accelerator and RNG"
depends on I2C
select CRYPTO_DEV_ATMEL_I2C
select HW_RANDOM
2019-05-31 20:17:49 +08:00
select CRC16
2019-05-24 18:26:49 +02:00
help
Microhip / Atmel SHA accelerator and RNG.
Select this if you want to use the Microchip / Atmel SHA204A
module as a random number generator. (Other functions of the
chip are currently not exposed by this driver)
To compile this driver as a module, choose M here: the module
will be called atmel-sha204a.
2013-11-12 11:46:51 -06:00
config CRYPTO_DEV_CCP
2017-07-06 09:59:14 -05:00
bool "Support for AMD Secure Processor"
2015-02-03 13:07:29 -06:00
depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
2013-11-12 11:46:51 -06:00
help
2017-07-06 09:59:14 -05:00
The AMD Secure Processor provides support for the Cryptographic Coprocessor
(CCP) and the Platform Security Processor (PSP) devices.
2013-11-12 11:46:51 -06:00
if CRYPTO_DEV_CCP
source "drivers/crypto/ccp/Kconfig"
endif
2013-12-10 20:26:21 +01:00
config CRYPTO_DEV_MXS_DCP
tristate "Support for Freescale MXS DCP"
2015-09-02 12:05:18 -03:00
depends on (ARCH_MXS || ARCH_MXC)
2015-10-12 15:52:34 +02:00
select STMP_DEVICE
2013-12-10 20:26:21 +01:00
select CRYPTO_CBC
select CRYPTO_ECB
select CRYPTO_AES
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2015-06-17 14:58:24 +08:00
select CRYPTO_HASH
2013-12-10 20:26:21 +01:00
help
The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
co-processor on the die.
To compile this driver as a module, choose M here: the module
will be called mxs-dcp.
2014-06-05 13:44:39 -07:00
source "drivers/crypto/qat/Kconfig"
2017-02-07 14:51:15 +00:00
source "drivers/crypto/cavium/cpt/Kconfig"
2017-05-30 17:28:01 +05:30
source "drivers/crypto/cavium/nitrox/Kconfig"
2020-03-13 17:17:05 +05:30
source "drivers/crypto/marvell/Kconfig"
2014-06-25 19:28:58 +03:00
2017-02-15 10:45:08 +05:30
config CRYPTO_DEV_CAVIUM_ZIP
tristate "Cavium ZIP driver"
depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
2020-06-14 01:50:22 +09:00
help
2017-02-15 10:45:08 +05:30
Select this option if you want to enable compression/decompression
acceleration on Cavium's ARM based SoCs
2014-06-25 19:28:58 +03:00
config CRYPTO_DEV_QCE
tristate "Qualcomm crypto engine accelerator"
2018-04-17 19:49:03 +02:00
depends on ARCH_QCOM || COMPILE_TEST
depends on HAS_IOMEM
2019-12-20 16:02:18 -03:00
help
This driver supports Qualcomm crypto engine accelerator
hardware. To compile this driver as a module, choose M here. The
module will be called qcrypto.
config CRYPTO_DEV_QCE_SKCIPHER
bool
depends on CRYPTO_DEV_QCE
2014-06-25 19:28:58 +03:00
select CRYPTO_AES
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2014-06-25 19:28:58 +03:00
select CRYPTO_ECB
select CRYPTO_CBC
select CRYPTO_XTS
select CRYPTO_CTR
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2019-12-20 16:02:18 -03:00
config CRYPTO_DEV_QCE_SHA
bool
depends on CRYPTO_DEV_QCE
2020-06-22 11:45:04 +05:30
select CRYPTO_SHA1
select CRYPTO_SHA256
2019-12-20 16:02:18 -03:00
2021-04-29 11:07:04 -04:00
config CRYPTO_DEV_QCE_AEAD
bool
depends on CRYPTO_DEV_QCE
select CRYPTO_AUTHENC
select CRYPTO_LIB_DES
2019-12-20 16:02:18 -03:00
choice
prompt "Algorithms enabled for QCE acceleration"
default CRYPTO_DEV_QCE_ENABLE_ALL
depends on CRYPTO_DEV_QCE
help
2020-11-14 12:12:27 +00:00
This option allows to choose whether to build support for all algorithms
2019-12-20 16:02:18 -03:00
(default), hashes-only, or skciphers-only.
The QCE engine does not appear to scale as well as the CPU to handle
multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the
QCE handles only 2 requests in parallel.
Ipsec throughput seems to improve when disabling either family of
algorithms, sharing the load with the CPU. Enabling skciphers-only
appears to work best.
config CRYPTO_DEV_QCE_ENABLE_ALL
bool "All supported algorithms"
select CRYPTO_DEV_QCE_SKCIPHER
select CRYPTO_DEV_QCE_SHA
2021-04-29 11:07:04 -04:00
select CRYPTO_DEV_QCE_AEAD
2019-12-20 16:02:18 -03:00
help
Enable all supported algorithms:
- AES (CBC, CTR, ECB, XTS)
- 3DES (CBC, ECB)
- DES (CBC, ECB)
- SHA1, HMAC-SHA1
- SHA256, HMAC-SHA256
config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
bool "Symmetric-key ciphers only"
select CRYPTO_DEV_QCE_SKCIPHER
help
Enable symmetric-key ciphers only:
- AES (CBC, CTR, ECB, XTS)
- 3DES (ECB, CBC)
- DES (ECB, CBC)
config CRYPTO_DEV_QCE_ENABLE_SHA
bool "Hash/HMAC only"
select CRYPTO_DEV_QCE_SHA
help
Enable hashes/HMAC algorithms only:
- SHA1, HMAC-SHA1
- SHA256, HMAC-SHA256
2021-04-29 11:07:04 -04:00
config CRYPTO_DEV_QCE_ENABLE_AEAD
bool "AEAD algorithms only"
select CRYPTO_DEV_QCE_AEAD
help
Enable AEAD algorithms only:
- authenc()
- ccm(aes)
- rfc4309(ccm(aes))
2019-12-20 16:02:18 -03:00
endchoice
2014-06-25 19:28:58 +03:00
crypto: qce - use AES fallback for small requests
Process small blocks using the fallback cipher, as a workaround for an
observed failure (DMA-related, apparently) when computing the GCM ghash
key. This brings a speed gain as well, since it avoids the latency of
using the hardware engine to process small blocks.
Using software for all 16-byte requests would be enough to make GCM
work, but to increase performance, a larger threshold would be better.
Measuring the performance of supported ciphers with openssl speed,
software matches hardware at around 768-1024 bytes.
Considering the 256-bit ciphers, software is 2-3 times faster than qce
at 256-bytes, 30% faster at 512, and about even at 768-bytes. With
128-bit keys, the break-even point would be around 1024-bytes.
This adds the 'aes_sw_max_len' parameter, to set the largest request
length processed by the software fallback. Its default is being set to
512 bytes, a little lower than the break-even point, to balance the cost
in CPU usage.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-02-07 12:02:26 -03:00
config CRYPTO_DEV_QCE_SW_MAX_LEN
int "Default maximum request size to use software for AES"
depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
default 512
help
This sets the default maximum request size to perform AES requests
using software instead of the crypto engine. It can be changed by
setting the aes_sw_max_len parameter.
Small blocks are processed faster in software than hardware.
Considering the 256-bit ciphers, software is 2-3 times faster than
qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
With 128-bit keys, the break-even point would be around 1024-bytes.
The default is set a little lower, to 512 bytes, to balance the
cost in CPU usage. The minimum recommended setting is 16-bytes
(1 AES block), since AES-GCM will fail if you set it lower.
Setting this to zero will send all requests to the hardware.
Note that 192-bit keys are not supported by the hardware and are
always processed by the software fallback, and all DES requests
are done by the hardware.
2018-07-16 11:20:24 +05:30
config CRYPTO_DEV_QCOM_RNG
tristate "Qualcomm Random Number Generator Driver"
depends on ARCH_QCOM || COMPILE_TEST
select CRYPTO_RNG
help
This driver provides support for the Random Number
Generator hardware found on Qualcomm SoCs.
To compile this driver as a module, choose M here. The
2019-11-21 04:20:48 +01:00
module will be called qcom-rng. If unsure, say N.
2018-07-16 11:20:24 +05:30
2015-02-06 14:59:48 -02:00
config CRYPTO_DEV_VMX
bool "Support for VMX cryptographic acceleration instructions"
2015-09-09 18:22:35 +10:00
depends on PPC64 && VSX
2015-02-06 14:59:48 -02:00
help
Support for VMX cryptographic acceleration instructions.
source "drivers/crypto/vmx/Kconfig"
2015-03-12 23:17:26 +00:00
config CRYPTO_DEV_IMGTEC_HASH
tristate "Imagination Technologies hardware hash accelerator"
2015-04-23 20:03:58 +02:00
depends on MIPS || COMPILE_TEST
2015-03-12 23:17:26 +00:00
select CRYPTO_MD5
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_HASH
help
This driver interfaces with the Imagination Technologies
hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
hashing algorithms.
2015-11-25 13:43:32 +08:00
config CRYPTO_DEV_ROCKCHIP
tristate "Rockchip's Cryptographic Engine driver"
depends on OF && ARCH_ROCKCHIP
select CRYPTO_AES
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2016-02-16 10:15:01 +08:00
select CRYPTO_MD5
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_HASH
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2015-11-25 13:43:32 +08:00
help
This driver interfaces with the hardware crypto accelerator.
Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
2020-02-17 15:56:43 +05:30
config CRYPTO_DEV_ZYNQMP_AES
tristate "Support for Xilinx ZynqMP AES hw accelerator"
depends on ZYNQMP_FIRMWARE || COMPILE_TEST
select CRYPTO_AES
select CRYPTO_ENGINE
select CRYPTO_AEAD
help
Xilinx ZynqMP has AES-GCM engine used for symmetric key
encryption and decryption. This driver interfaces with AES hw
accelerator. Select this if you want to use the ZynqMP module
for AES algorithms.
2022-02-23 16:05:03 +05:30
config CRYPTO_DEV_ZYNQMP_SHA3
2022-03-09 15:20:01 +12:00
tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator"
depends on ZYNQMP_FIRMWARE || COMPILE_TEST
2022-02-23 16:05:03 +05:30
select CRYPTO_SHA3
help
Xilinx ZynqMP has SHA3 engine used for secure hash calculation.
This driver interfaces with SHA3 hardware engine.
Select this if you want to use the ZynqMP module
for SHA3 hash computation.
2016-08-17 12:33:06 +05:30
source "drivers/crypto/chelsio/Kconfig"
2016-12-15 10:03:16 +08:00
source "drivers/crypto/virtio/Kconfig"
2017-02-03 12:55:33 -05:00
config CRYPTO_DEV_BCM_SPU
tristate "Broadcom symmetric crypto/hash acceleration support"
depends on ARCH_BCM_IPROC
2017-07-11 15:50:06 +05:30
depends on MAILBOX
2017-02-03 12:55:33 -05:00
default m
2018-12-16 23:23:23 -08:00
select CRYPTO_AUTHENC
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2017-02-03 12:55:33 -05:00
select CRYPTO_MD5
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
help
This driver provides support for Broadcom crypto acceleration using the
2019-11-09 18:09:35 +01:00
Secure Processing Unit (SPU). The SPU driver registers skcipher,
2017-02-03 12:55:33 -05:00
ahash, and aead algorithms with the kernel cryptographic API.
2017-03-21 16:13:28 +01:00
source "drivers/crypto/stm32/Kconfig"
2017-05-24 16:10:34 +02:00
config CRYPTO_DEV_SAFEXCEL
tristate "Inside Secure's SafeXcel cryptographic engine driver"
2019-12-11 11:27:39 -08:00
depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
2019-07-02 21:41:27 +02:00
select CRYPTO_LIB_AES
2018-05-14 15:11:02 +02:00
select CRYPTO_AUTHENC
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2017-05-24 16:10:34 +02:00
select CRYPTO_HASH
select CRYPTO_HMAC
2018-06-28 17:21:53 +02:00
select CRYPTO_MD5
2017-05-24 16:10:34 +02:00
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
2019-09-18 23:25:58 +02:00
select CRYPTO_CHACHA20POLY1305
2019-09-13 20:56:49 +02:00
select CRYPTO_SHA3
2017-05-24 16:10:34 +02:00
help
2019-08-19 16:40:23 +02:00
This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
engines designed by Inside Secure. It currently accelerates DES, 3DES and
AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
2017-05-24 16:10:34 +02:00
2017-08-10 14:53:53 +02:00
config CRYPTO_DEV_ARTPEC6
tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
depends on OF
select CRYPTO_AEAD
select CRYPTO_AES
select CRYPTO_ALGAPI
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2017-08-10 14:53:53 +02:00
select CRYPTO_CTR
select CRYPTO_HASH
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
help
Enables the driver for the on-chip crypto accelerator
of Axis ARTPEC SoCs.
To compile this driver as a module, choose M here.
2018-01-22 09:27:00 +00:00
config CRYPTO_DEV_CCREE
tristate "Support for ARM TrustZone CryptoCell family of security processors"
depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
default n
select CRYPTO_HASH
2019-10-25 12:41:13 -07:00
select CRYPTO_SKCIPHER
2019-08-15 12:01:09 +03:00
select CRYPTO_LIB_DES
2018-01-22 09:27:00 +00:00
select CRYPTO_AEAD
select CRYPTO_AUTHENC
select CRYPTO_SHA1
select CRYPTO_MD5
select CRYPTO_SHA256
select CRYPTO_SHA512
select CRYPTO_HMAC
select CRYPTO_AES
select CRYPTO_CBC
select CRYPTO_ECB
select CRYPTO_CTR
select CRYPTO_XTS
2018-10-29 09:50:14 +00:00
select CRYPTO_SM4
2018-10-18 13:59:59 +01:00
select CRYPTO_SM3
2018-01-22 09:27:00 +00:00
help
2018-02-19 14:51:23 +00:00
Say 'Y' to enable a driver for the REE interface of the Arm
TrustZone CryptoCell family of processors. Currently the
2018-11-13 09:40:35 +00:00
CryptoCell 713, 703, 712, 710 and 630 are supported.
2018-01-22 09:27:00 +00:00
Choose this if you wish to use hardware acceleration of
cryptographic operations on the system REE.
If unsure say Y.
2018-07-23 16:49:54 +01:00
source "drivers/crypto/hisilicon/Kconfig"
2019-10-17 05:06:25 +00:00
source "drivers/crypto/amlogic/Kconfig"
2020-07-13 11:34:22 +03:00
config CRYPTO_DEV_SA2UL
tristate "Support for TI security accelerator"
depends on ARCH_K3 || COMPILE_TEST
select ARM64_CRYPTO
select CRYPTO_AES
select CRYPTO_AES_ARM64
select CRYPTO_ALGAPI
2020-09-07 16:22:40 +10:00
select CRYPTO_AUTHENC
2020-08-06 08:54:48 -07:00
select CRYPTO_SHA1
select CRYPTO_SHA256
select CRYPTO_SHA512
2020-07-13 11:34:22 +03:00
select HW_RANDOM
select SG_SPLIT
help
K3 devices include a security accelerator engine that may be
used for crypto offload. Select this if you want to use hardware
acceleration for cryptographic algorithms on these devices.
crypto: keembay - Add support for Keem Bay OCS AES/SM4
Add support for the AES/SM4 crypto engine included in the Offload and
Crypto Subsystem (OCS) of the Intel Keem Bay SoC, thus enabling
hardware-acceleration for the following transformations:
- ecb(aes), cbc(aes), ctr(aes), cts(cbc(aes)), gcm(aes) and cbc(aes);
supported for 128-bit and 256-bit keys.
- ecb(sm4), cbc(sm4), ctr(sm4), cts(cbc(sm4)), gcm(sm4) and cbc(sm4);
supported for 128-bit keys.
The driver passes crypto manager self-tests, including the extra tests
(CRYPTO_MANAGER_EXTRA_TESTS=y).
Signed-off-by: Mike Healy <mikex.healy@intel.com>
Co-developed-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Acked-by: Mark Gross <mgross@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-11-26 11:51:48 +00:00
source "drivers/crypto/keembay/Kconfig"
2007-07-15 23:39:36 -07:00
endif # CRYPTO_HW