1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 20b81d077SJaegeuk Kimconfig FS_ENCRYPTION 3643fa961SChandan Rajendra bool "FS Encryption (Per-file encryption)" 40b81d077SJaegeuk Kim select CRYPTO 5ede7a09fSHerbert Xu select CRYPTO_HASH 6ede7a09fSHerbert Xu select CRYPTO_SKCIPHER 7bd0d97b7SEric Biggers select CRYPTO_LIB_SHA256 80b81d077SJaegeuk Kim select KEYS 90b81d077SJaegeuk Kim help 100b81d077SJaegeuk Kim Enable encryption of files and directories. This 110b81d077SJaegeuk Kim feature is similar to ecryptfs, but it is more memory 120b81d077SJaegeuk Kim efficient since it avoids caching the encrypted and 13643fa961SChandan Rajendra decrypted pages in the page cache. Currently Ext4, 14643fa961SChandan Rajendra F2FS and UBIFS make use of this feature. 15ede7a09fSHerbert Xu 16ede7a09fSHerbert Xu# Filesystems supporting encryption must select this if FS_ENCRYPTION. This 17*a0fc2033SArd Biesheuvel# allows the algorithms to be built as modules when all the filesystems are, 18*a0fc2033SArd Biesheuvel# whereas selecting them from FS_ENCRYPTION would force them to be built-in. 19*a0fc2033SArd Biesheuvel# 20*a0fc2033SArd Biesheuvel# Note: this option only pulls in the algorithms that filesystem encryption 21*a0fc2033SArd Biesheuvel# needs "by default". If userspace will use "non-default" encryption modes such 22*a0fc2033SArd Biesheuvel# as Adiantum encryption, then those other modes need to be explicitly enabled 23*a0fc2033SArd Biesheuvel# in the crypto API; see Documentation/filesystems/fscrypt.rst for details. 24*a0fc2033SArd Biesheuvel# 25*a0fc2033SArd Biesheuvel# Also note that this option only pulls in the generic implementations of the 26*a0fc2033SArd Biesheuvel# algorithms, not any per-architecture optimized implementations. It is 27*a0fc2033SArd Biesheuvel# strongly recommended to enable optimized implementations too. It is safe to 28*a0fc2033SArd Biesheuvel# disable these generic implementations if corresponding optimized 29*a0fc2033SArd Biesheuvel# implementations will always be available too; for this reason, these are soft 30*a0fc2033SArd Biesheuvel# dependencies ('imply' rather than 'select'). Only disable these generic 31*a0fc2033SArd Biesheuvel# implementations if you're sure they will never be needed, though. 32ede7a09fSHerbert Xuconfig FS_ENCRYPTION_ALGS 33ede7a09fSHerbert Xu tristate 34*a0fc2033SArd Biesheuvel imply CRYPTO_AES 35*a0fc2033SArd Biesheuvel imply CRYPTO_CBC 36*a0fc2033SArd Biesheuvel imply CRYPTO_CTS 37*a0fc2033SArd Biesheuvel imply CRYPTO_ECB 38*a0fc2033SArd Biesheuvel imply CRYPTO_HMAC 39*a0fc2033SArd Biesheuvel imply CRYPTO_SHA512 40*a0fc2033SArd Biesheuvel imply CRYPTO_XTS 415fee3609SSatya Tangirala 425fee3609SSatya Tangiralaconfig FS_ENCRYPTION_INLINE_CRYPT 435fee3609SSatya Tangirala bool "Enable fscrypt to use inline crypto" 445fee3609SSatya Tangirala depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION 455fee3609SSatya Tangirala help 465fee3609SSatya Tangirala Enable fscrypt to use inline encryption hardware if available. 47