Kconfig 27 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882
  1. # SPDX-License-Identifier: GPL-2.0-only
  2. menuconfig CRYPTO_HW
  3. bool "Hardware crypto devices"
  4. default y
  5. help
  6. Say Y here to get to see options for hardware crypto devices and
  7. processors. This option alone does not add any kernel code.
  8. If you say N, all options in this submenu will be skipped and disabled.
  9. if CRYPTO_HW
  10. source "drivers/crypto/allwinner/Kconfig"
  11. config CRYPTO_DEV_PADLOCK
  12. tristate "Support for VIA PadLock ACE"
  13. depends on X86 && !UML
  14. help
  15. Some VIA processors come with an integrated crypto engine
  16. (so called VIA PadLock ACE, Advanced Cryptography Engine)
  17. that provides instructions for very fast cryptographic
  18. operations with supported algorithms.
  19. The instructions are used only when the CPU supports them.
  20. Otherwise software encryption is used.
  21. config CRYPTO_DEV_PADLOCK_AES
  22. tristate "PadLock driver for AES algorithm"
  23. depends on CRYPTO_DEV_PADLOCK
  24. select CRYPTO_SKCIPHER
  25. select CRYPTO_LIB_AES
  26. help
  27. Use VIA PadLock for AES algorithm.
  28. Available in VIA C3 and newer CPUs.
  29. If unsure say M. The compiled module will be
  30. called padlock-aes.
  31. config CRYPTO_DEV_PADLOCK_SHA
  32. tristate "PadLock driver for SHA1 and SHA256 algorithms"
  33. depends on CRYPTO_DEV_PADLOCK
  34. select CRYPTO_HASH
  35. select CRYPTO_SHA1
  36. select CRYPTO_SHA256
  37. help
  38. Use VIA PadLock for SHA1/SHA256 algorithms.
  39. Available in VIA C7 and newer processors.
  40. If unsure say M. The compiled module will be
  41. called padlock-sha.
  42. config CRYPTO_DEV_GEODE
  43. tristate "Support for the Geode LX AES engine"
  44. depends on X86_32 && PCI
  45. select CRYPTO_ALGAPI
  46. select CRYPTO_SKCIPHER
  47. help
  48. Say 'Y' here to use the AMD Geode LX processor on-board AES
  49. engine for the CryptoAPI AES algorithm.
  50. To compile this driver as a module, choose M here: the module
  51. will be called geode-aes.
  52. config ZCRYPT
  53. tristate "Support for s390 cryptographic adapters"
  54. depends on S390
  55. depends on AP
  56. select HW_RANDOM
  57. help
  58. Select this option if you want to enable support for
  59. s390 cryptographic adapters like Crypto Express 4 up
  60. to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP)
  61. or Accelerator (CEXxA) mode.
  62. config PKEY
  63. tristate "Kernel API for protected key handling"
  64. depends on S390
  65. help
  66. With this option enabled the pkey kernel modules provide an API
  67. for creation and handling of protected keys. Other parts of the
  68. kernel or userspace applications may use these functions.
  69. The protected key support is distributed into:
  70. - A pkey base and API kernel module (pkey.ko) which offers the
  71. infrastructure for the pkey handler kernel modules, the ioctl
  72. and the sysfs API and the in-kernel API to the crypto cipher
  73. implementations using protected key.
  74. - A pkey pckmo kernel module (pkey-pckmo.ko) which is automatically
  75. loaded when pckmo support (that is generation of protected keys
  76. from clear key values) is available.
  77. - A pkey CCA kernel module (pkey-cca.ko) which is automatically
  78. loaded when a CEX crypto card is available.
  79. - A pkey EP11 kernel module (pkey-ep11.ko) which is automatically
  80. loaded when a CEX crypto card is available.
  81. - A pkey UV kernel module (pkey-uv.ko) which is automatically
  82. loaded when the Ultravisor feature is available within a
  83. protected execution environment.
  84. Select this option if you want to enable the kernel and userspace
  85. API for protected key handling.
  86. config PKEY_CCA
  87. tristate "PKEY CCA support handler"
  88. depends on PKEY
  89. depends on ZCRYPT
  90. help
  91. This is the CCA support handler for deriving protected keys
  92. from CCA (secure) keys. Also this handler provides an alternate
  93. way to make protected keys from clear key values.
  94. The PKEY CCA support handler needs a Crypto Express card (CEX)
  95. in CCA mode.
  96. If you have selected the PKEY option then you should also enable
  97. this option unless you are sure you never need to derive protected
  98. keys from CCA key material.
  99. config PKEY_EP11
  100. tristate "PKEY EP11 support handler"
  101. depends on PKEY
  102. depends on ZCRYPT
  103. help
  104. This is the EP11 support handler for deriving protected keys
  105. from EP11 (secure) keys. Also this handler provides an alternate
  106. way to make protected keys from clear key values.
  107. The PKEY EP11 support handler needs a Crypto Express card (CEX)
  108. in EP11 mode.
  109. If you have selected the PKEY option then you should also enable
  110. this option unless you are sure you never need to derive protected
  111. keys from EP11 key material.
  112. config PKEY_PCKMO
  113. tristate "PKEY PCKMO support handler"
  114. depends on PKEY
  115. help
  116. This is the PCKMO support handler for deriving protected keys
  117. from clear key values via invoking the PCKMO instruction.
  118. The PCKMO instruction can be enabled and disabled in the crypto
  119. settings at the LPAR profile. This handler checks for availability
  120. during initialization and if build as a kernel module unloads
  121. itself if PCKMO is disabled.
  122. The PCKMO way of deriving protected keys from clear key material
  123. is especially used during self test of protected key ciphers like
  124. PAES but the CCA and EP11 handler provide alternate ways to
  125. generate protected keys from clear key values.
  126. If you have selected the PKEY option then you should also enable
  127. this option unless you are sure you never need to derive protected
  128. keys from clear key values directly via PCKMO.
  129. config PKEY_UV
  130. tristate "PKEY UV support handler"
  131. depends on PKEY
  132. depends on S390_UV_UAPI
  133. help
  134. This is the PKEY Ultravisor support handler for deriving protected
  135. keys from secrets stored within the Ultravisor (UV).
  136. This module works together with the UV device and supports the
  137. retrieval of protected keys from secrets stored within the
  138. UV firmware layer. This service is only available within
  139. a protected execution guest and thus this module will fail upon
  140. modprobe if no protected execution environment is detected.
  141. Enable this option if you intend to run this kernel with an KVM
  142. guest with protected execution and you want to use UV retrievable
  143. secrets via PKEY API.
  144. config CRYPTO_PAES_S390
  145. tristate "PAES cipher algorithms"
  146. depends on S390
  147. depends on ZCRYPT
  148. depends on PKEY
  149. select CRYPTO_ALGAPI
  150. select CRYPTO_SKCIPHER
  151. select CRYPTO_ENGINE
  152. help
  153. This is the s390 hardware accelerated implementation of the
  154. AES cipher algorithms for use with protected key.
  155. Select this option if you want to use the paes cipher
  156. for example to use protected key encrypted devices.
  157. config CRYPTO_PHMAC_S390
  158. tristate "PHMAC cipher algorithms"
  159. depends on S390
  160. depends on PKEY
  161. select CRYPTO_HASH
  162. select CRYPTO_ENGINE
  163. help
  164. This is the s390 hardware accelerated implementation of the
  165. protected key HMAC support for SHA224, SHA256, SHA384 and SHA512.
  166. Select this option if you want to use the phmac digests
  167. for example to use dm-integrity with secure/protected keys.
  168. config S390_PRNG
  169. tristate "Pseudo random number generator device driver"
  170. depends on S390
  171. default "m"
  172. help
  173. Select this option if you want to use the s390 pseudo random number
  174. generator. The PRNG is part of the cryptographic processor functions
  175. and uses triple-DES to generate secure random numbers like the
  176. ANSI X9.17 standard. User-space programs access the
  177. pseudo-random-number device through the char device /dev/prandom.
  178. It is available as of z9.
  179. config CRYPTO_DEV_SL3516
  180. tristate "Storlink SL3516 crypto offloader"
  181. depends on ARCH_GEMINI || COMPILE_TEST
  182. depends on HAS_IOMEM && PM
  183. select CRYPTO_SKCIPHER
  184. select CRYPTO_ENGINE
  185. select CRYPTO_ECB
  186. select CRYPTO_AES
  187. select HW_RANDOM
  188. help
  189. This option allows you to have support for SL3516 crypto offloader.
  190. config CRYPTO_DEV_SL3516_DEBUG
  191. bool "Enable SL3516 stats"
  192. depends on CRYPTO_DEV_SL3516
  193. depends on DEBUG_FS
  194. help
  195. Say y to enable SL3516 debug stats.
  196. This will create /sys/kernel/debug/sl3516/stats for displaying
  197. the number of requests per algorithm and other internal stats.
  198. config CRYPTO_DEV_HIFN_795X
  199. tristate "Driver HIFN 795x crypto accelerator chips"
  200. select CRYPTO_LIB_DES
  201. select CRYPTO_SKCIPHER
  202. select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
  203. depends on PCI
  204. depends on !ARCH_DMA_ADDR_T_64BIT
  205. help
  206. This option allows you to have support for HIFN 795x crypto adapters.
  207. config CRYPTO_DEV_HIFN_795X_RNG
  208. bool "HIFN 795x random number generator"
  209. depends on CRYPTO_DEV_HIFN_795X
  210. help
  211. Select this option if you want to enable the random number generator
  212. on the HIFN 795x crypto adapters.
  213. source "drivers/crypto/caam/Kconfig"
  214. config CRYPTO_DEV_TALITOS
  215. tristate "Talitos Freescale Security Engine (SEC)"
  216. select CRYPTO_AEAD
  217. select CRYPTO_AUTHENC
  218. select CRYPTO_SKCIPHER
  219. select CRYPTO_HASH
  220. select CRYPTO_LIB_DES
  221. select HW_RANDOM
  222. depends on FSL_SOC
  223. help
  224. Say 'Y' here to use the Freescale Security Engine (SEC)
  225. to offload cryptographic algorithm computation.
  226. The Freescale SEC is present on PowerQUICC 'E' processors, such
  227. as the MPC8349E and MPC8548E.
  228. To compile this driver as a module, choose M here: the module
  229. will be called talitos.
  230. config CRYPTO_DEV_TALITOS1
  231. bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
  232. depends on CRYPTO_DEV_TALITOS
  233. depends on PPC_8xx || PPC_82xx
  234. default y
  235. help
  236. Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
  237. found on MPC82xx or the Freescale Security Engine (SEC Lite)
  238. version 1.2 found on MPC8xx
  239. config CRYPTO_DEV_TALITOS2
  240. bool "SEC2+ (SEC version 2.0 or upper)"
  241. depends on CRYPTO_DEV_TALITOS
  242. default y if !PPC_8xx
  243. help
  244. Say 'Y' here to use the Freescale Security Engine (SEC)
  245. version 2 and following as found on MPC83xx, MPC85xx, etc ...
  246. config CRYPTO_DEV_PPC4XX
  247. tristate "Driver AMCC PPC4xx crypto accelerator"
  248. depends on PPC && 4xx
  249. select CRYPTO_HASH
  250. select CRYPTO_AEAD
  251. select CRYPTO_AES
  252. select CRYPTO_LIB_AES
  253. select CRYPTO_CCM
  254. select CRYPTO_CTR
  255. select CRYPTO_GCM
  256. select CRYPTO_SKCIPHER
  257. help
  258. This option allows you to have support for AMCC crypto acceleration.
  259. config HW_RANDOM_PPC4XX
  260. bool "PowerPC 4xx generic true random number generator support"
  261. depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y
  262. default y
  263. help
  264. This option provides the kernel-side support for the TRNG hardware
  265. found in the security function of some PowerPC 4xx SoCs.
  266. config CRYPTO_DEV_OMAP
  267. tristate "Support for OMAP crypto HW accelerators"
  268. depends on ARCH_OMAP2PLUS
  269. help
  270. OMAP processors have various crypto HW accelerators. Select this if
  271. you want to use the OMAP modules for any of the crypto algorithms.
  272. if CRYPTO_DEV_OMAP
  273. config CRYPTO_DEV_OMAP_SHAM
  274. tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
  275. depends on ARCH_OMAP2PLUS
  276. select CRYPTO_ENGINE
  277. select CRYPTO_SHA1
  278. select CRYPTO_MD5
  279. select CRYPTO_SHA256
  280. select CRYPTO_SHA512
  281. select CRYPTO_HMAC
  282. help
  283. OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
  284. want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
  285. config CRYPTO_DEV_OMAP_AES
  286. tristate "Support for OMAP AES hw engine"
  287. depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
  288. select CRYPTO_AES
  289. select CRYPTO_SKCIPHER
  290. select CRYPTO_ENGINE
  291. select CRYPTO_CBC
  292. select CRYPTO_ECB
  293. select CRYPTO_CTR
  294. select CRYPTO_AEAD
  295. help
  296. OMAP processors have AES module accelerator. Select this if you
  297. want to use the OMAP module for AES algorithms.
  298. config CRYPTO_DEV_OMAP_DES
  299. tristate "Support for OMAP DES/3DES hw engine"
  300. depends on ARCH_OMAP2PLUS
  301. select CRYPTO_LIB_DES
  302. select CRYPTO_SKCIPHER
  303. select CRYPTO_ENGINE
  304. help
  305. OMAP processors have DES/3DES module accelerator. Select this if you
  306. want to use the OMAP module for DES and 3DES algorithms. Currently
  307. the ECB and CBC modes of operation are supported by the driver. Also
  308. accesses made on unaligned boundaries are supported.
  309. endif # CRYPTO_DEV_OMAP
  310. config CRYPTO_DEV_SAHARA
  311. tristate "Support for SAHARA crypto accelerator"
  312. depends on ARCH_MXC && OF
  313. select CRYPTO_SKCIPHER
  314. select CRYPTO_AES
  315. select CRYPTO_ECB
  316. select CRYPTO_ENGINE
  317. help
  318. This option enables support for the SAHARA HW crypto accelerator
  319. found in some Freescale i.MX chips.
  320. config CRYPTO_DEV_EXYNOS_RNG
  321. tristate "Exynos HW pseudo random number generator support"
  322. depends on ARCH_EXYNOS || COMPILE_TEST
  323. depends on HAS_IOMEM
  324. select CRYPTO_RNG
  325. help
  326. This driver provides kernel-side support through the
  327. cryptographic API for the pseudo random number generator hardware
  328. found on Exynos SoCs.
  329. To compile this driver as a module, choose M here: the
  330. module will be called exynos-rng.
  331. If unsure, say Y.
  332. config CRYPTO_DEV_S5P
  333. tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
  334. depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
  335. depends on HAS_IOMEM
  336. select CRYPTO_AES
  337. select CRYPTO_SKCIPHER
  338. help
  339. This option allows you to have support for S5P crypto acceleration.
  340. Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
  341. algorithms execution.
  342. config CRYPTO_DEV_EXYNOS_HASH
  343. bool "Support for Samsung Exynos HASH accelerator"
  344. depends on CRYPTO_DEV_S5P
  345. depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
  346. select CRYPTO_SHA1
  347. select CRYPTO_MD5
  348. select CRYPTO_SHA256
  349. help
  350. Select this to offload Exynos from HASH MD5/SHA1/SHA256.
  351. This will select software SHA1, MD5 and SHA256 as they are
  352. needed for small and zero-size messages.
  353. HASH algorithms will be disabled if EXYNOS_RNG
  354. is enabled due to hw conflict.
  355. config CRYPTO_DEV_NX
  356. bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
  357. depends on PPC64
  358. help
  359. This enables support for the NX hardware cryptographic accelerator
  360. coprocessor that is in IBM PowerPC P7+ or later processors. This
  361. does not actually enable any drivers, it only allows you to select
  362. which acceleration type (encryption and/or compression) to enable.
  363. if CRYPTO_DEV_NX
  364. source "drivers/crypto/nx/Kconfig"
  365. endif
  366. config CRYPTO_DEV_ATMEL_AUTHENC
  367. bool "Support for Atmel IPSEC/SSL hw accelerator"
  368. depends on ARCH_AT91 || COMPILE_TEST
  369. depends on CRYPTO_DEV_ATMEL_AES
  370. help
  371. Some Atmel processors can combine the AES and SHA hw accelerators
  372. to enhance support of IPSEC/SSL.
  373. Select this if you want to use the Atmel modules for
  374. authenc(hmac(shaX),Y(cbc)) algorithms.
  375. config CRYPTO_DEV_ATMEL_AES
  376. tristate "Support for Atmel AES hw accelerator"
  377. depends on ARCH_MICROCHIP || COMPILE_TEST
  378. select CRYPTO_AES
  379. select CRYPTO_AEAD
  380. select CRYPTO_SKCIPHER
  381. select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
  382. select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
  383. help
  384. Some Atmel processors have AES hw accelerator.
  385. Select this if you want to use the Atmel module for
  386. AES algorithms.
  387. To compile this driver as a module, choose M here: the module
  388. will be called atmel-aes.
  389. config CRYPTO_DEV_ATMEL_TDES
  390. tristate "Support for Atmel DES/TDES hw accelerator"
  391. depends on ARCH_AT91 || COMPILE_TEST
  392. select CRYPTO_LIB_DES
  393. select CRYPTO_SKCIPHER
  394. help
  395. Some Atmel processors have DES/TDES hw accelerator.
  396. Select this if you want to use the Atmel module for
  397. DES/TDES algorithms.
  398. To compile this driver as a module, choose M here: the module
  399. will be called atmel-tdes.
  400. config CRYPTO_DEV_ATMEL_SHA
  401. tristate "Support for Atmel SHA hw accelerator"
  402. depends on ARCH_AT91 || COMPILE_TEST
  403. select CRYPTO_HASH
  404. help
  405. Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
  406. hw accelerator.
  407. Select this if you want to use the Atmel module for
  408. SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
  409. To compile this driver as a module, choose M here: the module
  410. will be called atmel-sha.
  411. config CRYPTO_DEV_ATMEL_I2C
  412. tristate
  413. select BITREVERSE
  414. config CRYPTO_DEV_ATMEL_ECC
  415. tristate "Support for Microchip / Atmel ECC hw accelerator"
  416. depends on I2C
  417. select CRYPTO_DEV_ATMEL_I2C
  418. select CRYPTO_ECDH
  419. select CRC16
  420. help
  421. Microhip / Atmel ECC hw accelerator.
  422. Select this if you want to use the Microchip / Atmel module for
  423. ECDH algorithm.
  424. To compile this driver as a module, choose M here: the module
  425. will be called atmel-ecc.
  426. config CRYPTO_DEV_ATMEL_SHA204A
  427. tristate "Support for Microchip / Atmel SHA accelerator and RNG"
  428. depends on I2C
  429. select CRYPTO_DEV_ATMEL_I2C
  430. select HW_RANDOM
  431. select CRC16
  432. help
  433. Microhip / Atmel SHA accelerator and RNG.
  434. Select this if you want to use the Microchip / Atmel SHA204A
  435. module as a random number generator. (Other functions of the
  436. chip are currently not exposed by this driver)
  437. To compile this driver as a module, choose M here: the module
  438. will be called atmel-sha204a.
  439. config CRYPTO_DEV_CCP
  440. bool "Support for AMD Secure Processor"
  441. depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
  442. help
  443. The AMD Secure Processor provides support for the Cryptographic Coprocessor
  444. (CCP) and the Platform Security Processor (PSP) devices.
  445. if CRYPTO_DEV_CCP
  446. source "drivers/crypto/ccp/Kconfig"
  447. endif
  448. config CRYPTO_DEV_MXS_DCP
  449. tristate "Support for Freescale MXS DCP"
  450. depends on (ARCH_MXS || ARCH_MXC)
  451. select STMP_DEVICE
  452. select CRYPTO_CBC
  453. select CRYPTO_ECB
  454. select CRYPTO_AES
  455. select CRYPTO_SKCIPHER
  456. select CRYPTO_HASH
  457. help
  458. The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
  459. co-processor on the die.
  460. To compile this driver as a module, choose M here: the module
  461. will be called mxs-dcp.
  462. source "drivers/crypto/cavium/cpt/Kconfig"
  463. source "drivers/crypto/cavium/nitrox/Kconfig"
  464. source "drivers/crypto/marvell/Kconfig"
  465. source "drivers/crypto/intel/Kconfig"
  466. config CRYPTO_DEV_QCE
  467. tristate "Qualcomm crypto engine accelerator"
  468. depends on ARCH_QCOM || COMPILE_TEST
  469. depends on HAS_IOMEM
  470. help
  471. This driver supports Qualcomm crypto engine accelerator
  472. hardware. To compile this driver as a module, choose M here. The
  473. module will be called qcrypto.
  474. config CRYPTO_DEV_QCE_SKCIPHER
  475. bool
  476. depends on CRYPTO_DEV_QCE
  477. select CRYPTO_AES
  478. select CRYPTO_LIB_DES
  479. select CRYPTO_ECB
  480. select CRYPTO_CBC
  481. select CRYPTO_XTS
  482. select CRYPTO_CTR
  483. select CRYPTO_SKCIPHER
  484. config CRYPTO_DEV_QCE_SHA
  485. bool
  486. depends on CRYPTO_DEV_QCE
  487. select CRYPTO_SHA1
  488. select CRYPTO_SHA256
  489. config CRYPTO_DEV_QCE_AEAD
  490. bool
  491. depends on CRYPTO_DEV_QCE
  492. select CRYPTO_AUTHENC
  493. select CRYPTO_LIB_DES
  494. choice
  495. prompt "Algorithms enabled for QCE acceleration"
  496. default CRYPTO_DEV_QCE_ENABLE_ALL
  497. depends on CRYPTO_DEV_QCE
  498. help
  499. This option allows to choose whether to build support for all algorithms
  500. (default), hashes-only, or skciphers-only.
  501. The QCE engine does not appear to scale as well as the CPU to handle
  502. multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the
  503. QCE handles only 2 requests in parallel.
  504. Ipsec throughput seems to improve when disabling either family of
  505. algorithms, sharing the load with the CPU. Enabling skciphers-only
  506. appears to work best.
  507. config CRYPTO_DEV_QCE_ENABLE_ALL
  508. bool "All supported algorithms"
  509. select CRYPTO_DEV_QCE_SKCIPHER
  510. select CRYPTO_DEV_QCE_SHA
  511. select CRYPTO_DEV_QCE_AEAD
  512. help
  513. Enable all supported algorithms:
  514. - AES (CBC, CTR, ECB, XTS)
  515. - 3DES (CBC, ECB)
  516. - DES (CBC, ECB)
  517. - SHA1, HMAC-SHA1
  518. - SHA256, HMAC-SHA256
  519. config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
  520. bool "Symmetric-key ciphers only"
  521. select CRYPTO_DEV_QCE_SKCIPHER
  522. help
  523. Enable symmetric-key ciphers only:
  524. - AES (CBC, CTR, ECB, XTS)
  525. - 3DES (ECB, CBC)
  526. - DES (ECB, CBC)
  527. config CRYPTO_DEV_QCE_ENABLE_SHA
  528. bool "Hash/HMAC only"
  529. select CRYPTO_DEV_QCE_SHA
  530. help
  531. Enable hashes/HMAC algorithms only:
  532. - SHA1, HMAC-SHA1
  533. - SHA256, HMAC-SHA256
  534. config CRYPTO_DEV_QCE_ENABLE_AEAD
  535. bool "AEAD algorithms only"
  536. select CRYPTO_DEV_QCE_AEAD
  537. help
  538. Enable AEAD algorithms only:
  539. - authenc()
  540. - ccm(aes)
  541. - rfc4309(ccm(aes))
  542. endchoice
  543. config CRYPTO_DEV_QCE_SW_MAX_LEN
  544. int "Default maximum request size to use software for AES"
  545. depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
  546. default 512
  547. help
  548. This sets the default maximum request size to perform AES requests
  549. using software instead of the crypto engine. It can be changed by
  550. setting the aes_sw_max_len parameter.
  551. Small blocks are processed faster in software than hardware.
  552. Considering the 256-bit ciphers, software is 2-3 times faster than
  553. qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
  554. With 128-bit keys, the break-even point would be around 1024-bytes.
  555. The default is set a little lower, to 512 bytes, to balance the
  556. cost in CPU usage. The minimum recommended setting is 16-bytes
  557. (1 AES block), since AES-GCM will fail if you set it lower.
  558. Setting this to zero will send all requests to the hardware.
  559. Note that 192-bit keys are not supported by the hardware and are
  560. always processed by the software fallback, and all DES requests
  561. are done by the hardware.
  562. config CRYPTO_DEV_QCOM_RNG
  563. tristate "Qualcomm Random Number Generator Driver"
  564. depends on ARCH_QCOM || COMPILE_TEST
  565. depends on HW_RANDOM
  566. select CRYPTO_RNG
  567. help
  568. This driver provides support for the Random Number
  569. Generator hardware found on Qualcomm SoCs.
  570. To compile this driver as a module, choose M here. The
  571. module will be called qcom-rng. If unsure, say N.
  572. #config CRYPTO_DEV_VMX
  573. # bool "Support for VMX cryptographic acceleration instructions"
  574. # depends on PPC64 && VSX
  575. # help
  576. # Support for VMX cryptographic acceleration instructions.
  577. #
  578. #source "drivers/crypto/vmx/Kconfig"
  579. config CRYPTO_DEV_IMGTEC_HASH
  580. tristate "Imagination Technologies hardware hash accelerator"
  581. depends on MIPS || COMPILE_TEST
  582. select CRYPTO_MD5
  583. select CRYPTO_SHA1
  584. select CRYPTO_SHA256
  585. select CRYPTO_HASH
  586. help
  587. This driver interfaces with the Imagination Technologies
  588. hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
  589. hashing algorithms.
  590. config CRYPTO_DEV_ROCKCHIP
  591. tristate "Rockchip's Cryptographic Engine driver"
  592. depends on OF && ARCH_ROCKCHIP
  593. depends on PM
  594. select CRYPTO_ECB
  595. select CRYPTO_CBC
  596. select CRYPTO_DES
  597. select CRYPTO_AES
  598. select CRYPTO_ENGINE
  599. select CRYPTO_LIB_DES
  600. select CRYPTO_MD5
  601. select CRYPTO_SHA1
  602. select CRYPTO_SHA256
  603. select CRYPTO_HASH
  604. select CRYPTO_SKCIPHER
  605. help
  606. This driver interfaces with the hardware crypto accelerator.
  607. Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
  608. config CRYPTO_DEV_ROCKCHIP_DEBUG
  609. bool "Enable Rockchip crypto stats"
  610. depends on CRYPTO_DEV_ROCKCHIP
  611. depends on DEBUG_FS
  612. help
  613. Say y to enable Rockchip crypto debug stats.
  614. This will create /sys/kernel/debug/rk3288_crypto/stats for displaying
  615. the number of requests per algorithm and other internal stats.
  616. config CRYPTO_DEV_TEGRA
  617. tristate "Enable Tegra Security Engine"
  618. depends on TEGRA_HOST1X
  619. select CRYPTO_ENGINE
  620. help
  621. Select this to enable Tegra Security Engine which accelerates various
  622. AES encryption/decryption and HASH algorithms.
  623. config CRYPTO_DEV_XILINX_TRNG
  624. tristate "Support for Xilinx True Random Generator"
  625. depends on ZYNQMP_FIRMWARE || COMPILE_TEST
  626. select CRYPTO_DF80090A
  627. select CRYPTO_RNG
  628. select HW_RANDOM
  629. help
  630. Xilinx Versal SoC driver provides kernel-side support for True Random Number
  631. Generator and Pseudo random Number in CTR_DRBG mode as defined in NIST SP800-90A.
  632. To compile this driver as a module, choose M here: the module
  633. will be called xilinx-trng.
  634. config CRYPTO_DEV_ZYNQMP_AES
  635. tristate "Support for Xilinx ZynqMP AES hw accelerator"
  636. depends on ZYNQMP_FIRMWARE || COMPILE_TEST
  637. select CRYPTO_AES
  638. select CRYPTO_ENGINE
  639. select CRYPTO_AEAD
  640. help
  641. Xilinx ZynqMP has AES-GCM engine used for symmetric key
  642. encryption and decryption. This driver interfaces with AES hw
  643. accelerator. Select this if you want to use the ZynqMP module
  644. for AES algorithms.
  645. config CRYPTO_DEV_ZYNQMP_SHA3
  646. tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator"
  647. depends on ZYNQMP_FIRMWARE || COMPILE_TEST
  648. select CRYPTO_SHA3
  649. help
  650. Xilinx ZynqMP has SHA3 engine used for secure hash calculation.
  651. This driver interfaces with SHA3 hardware engine.
  652. Select this if you want to use the ZynqMP module
  653. for SHA3 hash computation.
  654. source "drivers/crypto/chelsio/Kconfig"
  655. source "drivers/crypto/virtio/Kconfig"
  656. config CRYPTO_DEV_BCM_SPU
  657. tristate "Broadcom symmetric crypto/hash acceleration support"
  658. depends on ARCH_BCM_IPROC
  659. depends on MAILBOX
  660. default m
  661. select CRYPTO_AUTHENC
  662. select CRYPTO_LIB_DES
  663. select CRYPTO_MD5
  664. select CRYPTO_SHA1
  665. select CRYPTO_SHA256
  666. select CRYPTO_SHA512
  667. help
  668. This driver provides support for Broadcom crypto acceleration using the
  669. Secure Processing Unit (SPU). The SPU driver registers skcipher,
  670. ahash, and aead algorithms with the kernel cryptographic API.
  671. source "drivers/crypto/stm32/Kconfig"
  672. config CRYPTO_DEV_SAFEXCEL
  673. tristate "Inside Secure's SafeXcel cryptographic engine driver"
  674. depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
  675. select CRYPTO_LIB_AES
  676. select CRYPTO_AUTHENC
  677. select CRYPTO_SKCIPHER
  678. select CRYPTO_LIB_DES
  679. select CRYPTO_HASH
  680. select CRYPTO_HMAC
  681. select CRYPTO_MD5
  682. select CRYPTO_SHA1
  683. select CRYPTO_SHA256
  684. select CRYPTO_SHA512
  685. select CRYPTO_CHACHA20POLY1305
  686. select CRYPTO_SHA3
  687. help
  688. This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
  689. engines designed by Inside Secure. It currently accelerates DES, 3DES and
  690. AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
  691. SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
  692. Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
  693. config CRYPTO_DEV_ARTPEC6
  694. tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
  695. depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
  696. depends on OF
  697. select CRYPTO_AEAD
  698. select CRYPTO_AES
  699. select CRYPTO_ALGAPI
  700. select CRYPTO_SKCIPHER
  701. select CRYPTO_CTR
  702. select CRYPTO_HASH
  703. select CRYPTO_SHA1
  704. select CRYPTO_SHA256
  705. select CRYPTO_SHA512
  706. help
  707. Enables the driver for the on-chip crypto accelerator
  708. of Axis ARTPEC SoCs.
  709. To compile this driver as a module, choose M here.
  710. config CRYPTO_DEV_CCREE
  711. tristate "Support for ARM TrustZone CryptoCell family of security processors"
  712. depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
  713. depends on HAS_IOMEM
  714. select CRYPTO_HASH
  715. select CRYPTO_SKCIPHER
  716. select CRYPTO_LIB_DES
  717. select CRYPTO_AEAD
  718. select CRYPTO_AUTHENC
  719. select CRYPTO_SHA1
  720. select CRYPTO_MD5
  721. select CRYPTO_SHA256
  722. select CRYPTO_SHA512
  723. select CRYPTO_HMAC
  724. select CRYPTO_AES
  725. select CRYPTO_CBC
  726. select CRYPTO_ECB
  727. select CRYPTO_CTR
  728. select CRYPTO_XTS
  729. select CRYPTO_SM4_GENERIC
  730. select CRYPTO_SM3_GENERIC
  731. help
  732. Say 'Y' to enable a driver for the REE interface of the Arm
  733. TrustZone CryptoCell family of processors. Currently the
  734. CryptoCell 713, 703, 712, 710 and 630 are supported.
  735. Choose this if you wish to use hardware acceleration of
  736. cryptographic operations on the system REE.
  737. If unsure say Y.
  738. source "drivers/crypto/hisilicon/Kconfig"
  739. source "drivers/crypto/loongson/Kconfig"
  740. source "drivers/crypto/amlogic/Kconfig"
  741. config CRYPTO_DEV_SA2UL
  742. tristate "Support for TI security accelerator"
  743. depends on ARCH_K3 || COMPILE_TEST
  744. select CRYPTO_AES
  745. select CRYPTO_ALGAPI
  746. select CRYPTO_AUTHENC
  747. select CRYPTO_DES
  748. select CRYPTO_SHA1
  749. select CRYPTO_SHA256
  750. select CRYPTO_SHA512
  751. select HW_RANDOM
  752. select SG_SPLIT
  753. help
  754. K3 devices include a security accelerator engine that may be
  755. used for crypto offload. Select this if you want to use hardware
  756. acceleration for cryptographic algorithms on these devices.
  757. source "drivers/crypto/aspeed/Kconfig"
  758. source "drivers/crypto/starfive/Kconfig"
  759. source "drivers/crypto/inside-secure/eip93/Kconfig"
  760. source "drivers/crypto/ti/Kconfig"
  761. endif # CRYPTO_HW