1 # SPDX-License-Identifier: GPL-2.0-only 1 # SPDX-License-Identifier: GPL-2.0-only
2 config FS_ENCRYPTION 2 config FS_ENCRYPTION
3 bool "FS Encryption (Per-file encrypti 3 bool "FS Encryption (Per-file encryption)"
4 select CRYPTO 4 select CRYPTO
5 select CRYPTO_HASH 5 select CRYPTO_HASH
6 select CRYPTO_SKCIPHER 6 select CRYPTO_SKCIPHER
7 select CRYPTO_LIB_SHA256 7 select CRYPTO_LIB_SHA256
8 select KEYS 8 select KEYS
9 help 9 help
10 Enable encryption of files and direc 10 Enable encryption of files and directories. This
11 feature is similar to ecryptfs, but 11 feature is similar to ecryptfs, but it is more memory
12 efficient since it avoids caching th 12 efficient since it avoids caching the encrypted and
13 decrypted pages in the page cache. 13 decrypted pages in the page cache. Currently Ext4,
14 F2FS, UBIFS, and CephFS make use of 14 F2FS, UBIFS, and CephFS make use of this feature.
15 15
16 # Filesystems supporting encryption must selec 16 # Filesystems supporting encryption must select this if FS_ENCRYPTION. This
17 # allows the algorithms to be built as modules 17 # allows the algorithms to be built as modules when all the filesystems are,
18 # whereas selecting them from FS_ENCRYPTION wo 18 # whereas selecting them from FS_ENCRYPTION would force them to be built-in.
19 # 19 #
20 # Note: this option only pulls in the algorith 20 # Note: this option only pulls in the algorithms that filesystem encryption
21 # needs "by default". If userspace will use " 21 # needs "by default". If userspace will use "non-default" encryption modes such
22 # as Adiantum encryption, then those other mod 22 # as Adiantum encryption, then those other modes need to be explicitly enabled
23 # in the crypto API; see Documentation/filesys 23 # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
24 # 24 #
25 # Also note that this option only pulls in the 25 # Also note that this option only pulls in the generic implementations of the
26 # algorithms, not any per-architecture optimiz 26 # algorithms, not any per-architecture optimized implementations. It is
27 # strongly recommended to enable optimized imp 27 # strongly recommended to enable optimized implementations too. It is safe to
28 # disable these generic implementations if cor 28 # disable these generic implementations if corresponding optimized
29 # implementations will always be available too 29 # implementations will always be available too; for this reason, these are soft
30 # dependencies ('imply' rather than 'select'). 30 # dependencies ('imply' rather than 'select'). Only disable these generic
31 # implementations if you're sure they will nev 31 # implementations if you're sure they will never be needed, though.
32 config FS_ENCRYPTION_ALGS 32 config FS_ENCRYPTION_ALGS
33 tristate 33 tristate
34 imply CRYPTO_AES 34 imply CRYPTO_AES
35 imply CRYPTO_CBC 35 imply CRYPTO_CBC
36 imply CRYPTO_CTS 36 imply CRYPTO_CTS
37 imply CRYPTO_ECB 37 imply CRYPTO_ECB
38 imply CRYPTO_HMAC 38 imply CRYPTO_HMAC
39 imply CRYPTO_SHA512 39 imply CRYPTO_SHA512
40 imply CRYPTO_XTS 40 imply CRYPTO_XTS
41 41
42 config FS_ENCRYPTION_INLINE_CRYPT 42 config FS_ENCRYPTION_INLINE_CRYPT
43 bool "Enable fscrypt to use inline cry 43 bool "Enable fscrypt to use inline crypto"
44 depends on FS_ENCRYPTION && BLK_INLINE 44 depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
45 help 45 help
46 Enable fscrypt to use inline encrypt 46 Enable fscrypt to use inline encryption hardware if available.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.