| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- # SPDX-License-Identifier: GPL-2.0-only
- config FS_ENCRYPTION
- bool "FS Encryption (Per-file encryption)"
- select CRYPTO
- select CRYPTO_SKCIPHER
- select CRYPTO_LIB_SHA256
- select CRYPTO_LIB_SHA512
- select KEYS
- help
- Enable encryption of files and directories. This
- feature is similar to ecryptfs, but it is more memory
- efficient since it avoids caching the encrypted and
- decrypted pages in the page cache. Currently Ext4,
- F2FS, UBIFS, and CephFS make use of this feature.
- # Filesystems supporting encryption must select this if FS_ENCRYPTION. This
- # allows the algorithms to be built as modules when all the filesystems are,
- # whereas selecting them from FS_ENCRYPTION would force them to be built-in.
- #
- # Note: this option only pulls in the algorithms that filesystem encryption
- # needs "by default". If userspace will use "non-default" encryption modes such
- # as Adiantum encryption, then those other modes need to be explicitly enabled
- # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
- #
- # Also note that this option only pulls in the generic implementations of the
- # algorithms, not any per-architecture optimized implementations. It is
- # strongly recommended to enable optimized implementations too.
- config FS_ENCRYPTION_ALGS
- tristate
- select CRYPTO_AES
- select CRYPTO_CBC
- select CRYPTO_CTS
- select CRYPTO_ECB
- select CRYPTO_XTS
- config FS_ENCRYPTION_INLINE_CRYPT
- bool "Enable fscrypt to use inline crypto"
- depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
- help
- Enable fscrypt to use inline encryption hardware if available.
|