linuxdebug/fs/crypto/Kconfig

# SPDX-License-Identifier: GPL-2.0-only
config FS_ENCRYPTION
	bool "FS Encryption (Per-file encryption)"
	select CRYPTO
	select CRYPTO_HASH
	select CRYPTO_SKCIPHER
	select CRYPTO_LIB_SHA256
	select KEYS
	help
	  Enable encryption of files and directories.  This
	  feature is similar to ecryptfs, but it is more memory
	  efficient since it avoids caching the encrypted and
	  decrypted pages in the page cache.  Currently Ext4,
	  F2FS and UBIFS make use of this feature.

# Filesystems supporting encryption must select this if FS_ENCRYPTION.  This
# allows the algorithms to be built as modules when all the filesystems are,
# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
#
# Note: this option only pulls in the algorithms that filesystem encryption
# needs "by default".  If userspace will use "non-default" encryption modes such
# as Adiantum encryption, then those other modes need to be explicitly enabled
# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
#
# Also note that this option only pulls in the generic implementations of the
# algorithms, not any per-architecture optimized implementations.  It is
# strongly recommended to enable optimized implementations too.  It is safe to
# disable these generic implementations if corresponding optimized
# implementations will always be available too; for this reason, these are soft
# dependencies ('imply' rather than 'select').  Only disable these generic
# implementations if you're sure they will never be needed, though.
config FS_ENCRYPTION_ALGS
	tristate
	imply CRYPTO_AES
	imply CRYPTO_CBC
	imply CRYPTO_CTS
	imply CRYPTO_ECB
	imply CRYPTO_HMAC
	imply CRYPTO_SHA512
	imply CRYPTO_XTS

config FS_ENCRYPTION_INLINE_CRYPT
	bool "Enable fscrypt to use inline crypto"
	depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
	help
	  Enable fscrypt to use inline encryption hardware if available.