2019-05-19 15:07:45 +03:00
# SPDX-License-Identifier: GPL-2.0-only
2015-05-16 02:26:10 +03:00
config FS_ENCRYPTION
2018-12-12 12:50:12 +03:00
bool "FS Encryption (Per-file encryption)"
2015-05-16 02:26:10 +03:00
select CRYPTO
2019-12-27 05:47:00 +03:00
select CRYPTO_HASH
select CRYPTO_SKCIPHER
2020-07-22 01:59:16 +03:00
select CRYPTO_LIB_SHA256
2015-05-16 02:26:10 +03:00
select KEYS
help
Enable encryption of files and directories. This
feature is similar to ecryptfs, but it is more memory
efficient since it avoids caching the encrypted and
2018-12-12 12:50:12 +03:00
decrypted pages in the page cache. Currently Ext4,
2023-12-27 07:51:58 +03:00
F2FS, UBIFS, and CephFS make use of this feature.
2019-12-27 05:47:00 +03:00
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
2021-04-21 10:55:10 +03:00
# allows the algorithms to be built as modules when all the filesystems are,
# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
#
# Note: this option only pulls in the algorithms that filesystem encryption
# needs "by default". If userspace will use "non-default" encryption modes such
# as Adiantum encryption, then those other modes need to be explicitly enabled
# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
#
# Also note that this option only pulls in the generic implementations of the
# algorithms, not any per-architecture optimized implementations. It is
# strongly recommended to enable optimized implementations too. It is safe to
# disable these generic implementations if corresponding optimized
# implementations will always be available too; for this reason, these are soft
# dependencies ('imply' rather than 'select'). Only disable these generic
# implementations if you're sure they will never be needed, though.
2019-12-27 05:47:00 +03:00
config FS_ENCRYPTION_ALGS
tristate
2021-04-21 10:55:10 +03:00
imply CRYPTO_AES
imply CRYPTO_CBC
imply CRYPTO_CTS
imply CRYPTO_ECB
imply CRYPTO_HMAC
imply CRYPTO_SHA512
imply CRYPTO_XTS
2020-07-02 04:56:05 +03:00
config FS_ENCRYPTION_INLINE_CRYPT
bool "Enable fscrypt to use inline crypto"
depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
help
Enable fscrypt to use inline encryption hardware if available.