47 lines
1.9 KiB
Plaintext
47 lines
1.9 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config FS_ENCRYPTION
|
|
bool "FS Encryption (Per-file encryption)"
|
|
select CRYPTO
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_SHA256
|
|
select KEYS
|
|
help
|
|
Enable encryption of files and directories. This
|
|
feature is similar to ecryptfs, but it is more memory
|
|
efficient since it avoids caching the encrypted and
|
|
decrypted pages in the page cache. Currently Ext4,
|
|
F2FS and UBIFS make use of this feature.
|
|
|
|
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
|
|
# allows the algorithms to be built as modules when all the filesystems are,
|
|
# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
|
|
#
|
|
# Note: this option only pulls in the algorithms that filesystem encryption
|
|
# needs "by default". If userspace will use "non-default" encryption modes such
|
|
# as Adiantum encryption, then those other modes need to be explicitly enabled
|
|
# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
|
|
#
|
|
# Also note that this option only pulls in the generic implementations of the
|
|
# algorithms, not any per-architecture optimized implementations. It is
|
|
# strongly recommended to enable optimized implementations too. It is safe to
|
|
# disable these generic implementations if corresponding optimized
|
|
# implementations will always be available too; for this reason, these are soft
|
|
# dependencies ('imply' rather than 'select'). Only disable these generic
|
|
# implementations if you're sure they will never be needed, though.
|
|
config FS_ENCRYPTION_ALGS
|
|
tristate
|
|
imply CRYPTO_AES
|
|
imply CRYPTO_CBC
|
|
imply CRYPTO_CTS
|
|
imply CRYPTO_ECB
|
|
imply CRYPTO_HMAC
|
|
imply CRYPTO_SHA512
|
|
imply CRYPTO_XTS
|
|
|
|
config FS_ENCRYPTION_INLINE_CRYPT
|
|
bool "Enable fscrypt to use inline crypto"
|
|
depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
|
|
help
|
|
Enable fscrypt to use inline encryption hardware if available.
|