mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-27 14:14:24 +08:00
290502bee2
When the userspace messaging (for the less common case of userspace key wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with it removed. This saves on kernel code size and reduces potential attack surface by removing the /dev/ecryptfs node. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
23 lines
834 B
Plaintext
23 lines
834 B
Plaintext
config ECRYPT_FS
|
|
tristate "eCrypt filesystem layer support (EXPERIMENTAL)"
|
|
depends on EXPERIMENTAL && KEYS && CRYPTO && (ENCRYPTED_KEYS || ENCRYPTED_KEYS=n)
|
|
select CRYPTO_ECB
|
|
select CRYPTO_CBC
|
|
select CRYPTO_MD5
|
|
help
|
|
Encrypted filesystem that operates on the VFS layer. See
|
|
<file:Documentation/filesystems/ecryptfs.txt> to learn more about
|
|
eCryptfs. Userspace components are required and can be
|
|
obtained from <http://ecryptfs.sf.net>.
|
|
|
|
To compile this file system support as a module, choose M here: the
|
|
module will be called ecryptfs.
|
|
|
|
config ECRYPT_FS_MESSAGING
|
|
bool "Enable notifications for userspace key wrap/unwrap"
|
|
depends on ECRYPT_FS
|
|
help
|
|
Enables the /dev/ecryptfs entry for use by ecryptfsd. This allows
|
|
for userspace to wrap/unwrap file encryption keys by other
|
|
backends, like OpenSSL.
|