1*4882a593Smuzhiyun# SPDX-License-Identifier: GPL-2.0-only 2*4882a593Smuzhiyunconfig FS_ENCRYPTION 3*4882a593Smuzhiyun bool "FS Encryption (Per-file encryption)" 4*4882a593Smuzhiyun select CRYPTO 5*4882a593Smuzhiyun select CRYPTO_HASH 6*4882a593Smuzhiyun select CRYPTO_SKCIPHER 7*4882a593Smuzhiyun select CRYPTO_LIB_SHA256 8*4882a593Smuzhiyun select KEYS 9*4882a593Smuzhiyun help 10*4882a593Smuzhiyun Enable encryption of files and directories. This 11*4882a593Smuzhiyun feature is similar to ecryptfs, but it is more memory 12*4882a593Smuzhiyun efficient since it avoids caching the encrypted and 13*4882a593Smuzhiyun decrypted pages in the page cache. Currently Ext4, 14*4882a593Smuzhiyun F2FS and UBIFS make use of this feature. 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun# Filesystems supporting encryption must select this if FS_ENCRYPTION. This 17*4882a593Smuzhiyun# allows the algorithms to be built as modules when all the filesystems are, 18*4882a593Smuzhiyun# whereas selecting them from FS_ENCRYPTION would force them to be built-in. 19*4882a593Smuzhiyun# 20*4882a593Smuzhiyun# Note: this option only pulls in the algorithms that filesystem encryption 21*4882a593Smuzhiyun# needs "by default". If userspace will use "non-default" encryption modes such 22*4882a593Smuzhiyun# as Adiantum encryption, then those other modes need to be explicitly enabled 23*4882a593Smuzhiyun# in the crypto API; see Documentation/filesystems/fscrypt.rst for details. 24*4882a593Smuzhiyun# 25*4882a593Smuzhiyun# Also note that this option only pulls in the generic implementations of the 26*4882a593Smuzhiyun# algorithms, not any per-architecture optimized implementations. It is 27*4882a593Smuzhiyun# strongly recommended to enable optimized implementations too. It is safe to 28*4882a593Smuzhiyun# disable these generic implementations if corresponding optimized 29*4882a593Smuzhiyun# implementations will always be available too; for this reason, these are soft 30*4882a593Smuzhiyun# dependencies ('imply' rather than 'select'). Only disable these generic 31*4882a593Smuzhiyun# implementations if you're sure they will never be needed, though. 32*4882a593Smuzhiyunconfig FS_ENCRYPTION_ALGS 33*4882a593Smuzhiyun tristate 34*4882a593Smuzhiyun imply CRYPTO_AES 35*4882a593Smuzhiyun imply CRYPTO_CBC 36*4882a593Smuzhiyun imply CRYPTO_CTS 37*4882a593Smuzhiyun imply CRYPTO_ECB 38*4882a593Smuzhiyun imply CRYPTO_HMAC 39*4882a593Smuzhiyun imply CRYPTO_SHA512 40*4882a593Smuzhiyun imply CRYPTO_XTS 41*4882a593Smuzhiyun 42*4882a593Smuzhiyunconfig FS_ENCRYPTION_INLINE_CRYPT 43*4882a593Smuzhiyun bool "Enable fscrypt to use inline crypto" 44*4882a593Smuzhiyun depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION 45*4882a593Smuzhiyun help 46*4882a593Smuzhiyun Enable fscrypt to use inline encryption hardware if available. 47