2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-19 18:53:52 +08:00
linux-next/fs/crypto/Kconfig
Ard Biesheuvel a0fc20333e fscrypt: relax Kconfig dependencies for crypto API algorithms
Even if FS encryption has strict functional dependencies on various
crypto algorithms and chaining modes. those dependencies could potentially
be satisified by other implementations than the generic ones, and no link
time dependency exists on the 'depends on' claused defined by
CONFIG_FS_ENCRYPTION_ALGS.

So let's relax these clauses to 'imply', so that the default behavior
is still to pull in those generic algorithms, but in a way that permits
them to be disabled again in Kconfig.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-04-22 17:31:32 +10:00

47 lines
1.9 KiB
Plaintext

# SPDX-License-Identifier: GPL-2.0-only
config FS_ENCRYPTION
bool "FS Encryption (Per-file encryption)"
select CRYPTO
select CRYPTO_HASH
select CRYPTO_SKCIPHER
select CRYPTO_LIB_SHA256
select KEYS
help
Enable encryption of files and directories. This
feature is similar to ecryptfs, but it is more memory
efficient since it avoids caching the encrypted and
decrypted pages in the page cache. Currently Ext4,
F2FS and UBIFS make use of this feature.
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
# allows the algorithms to be built as modules when all the filesystems are,
# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
#
# Note: this option only pulls in the algorithms that filesystem encryption
# needs "by default". If userspace will use "non-default" encryption modes such
# as Adiantum encryption, then those other modes need to be explicitly enabled
# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
#
# Also note that this option only pulls in the generic implementations of the
# algorithms, not any per-architecture optimized implementations. It is
# strongly recommended to enable optimized implementations too. It is safe to
# disable these generic implementations if corresponding optimized
# implementations will always be available too; for this reason, these are soft
# dependencies ('imply' rather than 'select'). Only disable these generic
# implementations if you're sure they will never be needed, though.
config FS_ENCRYPTION_ALGS
tristate
imply CRYPTO_AES
imply CRYPTO_CBC
imply CRYPTO_CTS
imply CRYPTO_ECB
imply CRYPTO_HMAC
imply CRYPTO_SHA512
imply CRYPTO_XTS
config FS_ENCRYPTION_INLINE_CRYPT
bool "Enable fscrypt to use inline crypto"
depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
help
Enable fscrypt to use inline encryption hardware if available.