162306a36Sopenharmony_ci# SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ciconfig FS_ENCRYPTION 362306a36Sopenharmony_ci bool "FS Encryption (Per-file encryption)" 462306a36Sopenharmony_ci select CRYPTO 562306a36Sopenharmony_ci select CRYPTO_HASH 662306a36Sopenharmony_ci select CRYPTO_SKCIPHER 762306a36Sopenharmony_ci select CRYPTO_LIB_SHA256 862306a36Sopenharmony_ci select KEYS 962306a36Sopenharmony_ci help 1062306a36Sopenharmony_ci Enable encryption of files and directories. This 1162306a36Sopenharmony_ci feature is similar to ecryptfs, but it is more memory 1262306a36Sopenharmony_ci efficient since it avoids caching the encrypted and 1362306a36Sopenharmony_ci decrypted pages in the page cache. Currently Ext4, 1462306a36Sopenharmony_ci F2FS and UBIFS make use of this feature. 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci# Filesystems supporting encryption must select this if FS_ENCRYPTION. This 1762306a36Sopenharmony_ci# allows the algorithms to be built as modules when all the filesystems are, 1862306a36Sopenharmony_ci# whereas selecting them from FS_ENCRYPTION would force them to be built-in. 1962306a36Sopenharmony_ci# 2062306a36Sopenharmony_ci# Note: this option only pulls in the algorithms that filesystem encryption 2162306a36Sopenharmony_ci# needs "by default". If userspace will use "non-default" encryption modes such 2262306a36Sopenharmony_ci# as Adiantum encryption, then those other modes need to be explicitly enabled 2362306a36Sopenharmony_ci# in the crypto API; see Documentation/filesystems/fscrypt.rst for details. 2462306a36Sopenharmony_ci# 2562306a36Sopenharmony_ci# Also note that this option only pulls in the generic implementations of the 2662306a36Sopenharmony_ci# algorithms, not any per-architecture optimized implementations. It is 2762306a36Sopenharmony_ci# strongly recommended to enable optimized implementations too. It is safe to 2862306a36Sopenharmony_ci# disable these generic implementations if corresponding optimized 2962306a36Sopenharmony_ci# implementations will always be available too; for this reason, these are soft 3062306a36Sopenharmony_ci# dependencies ('imply' rather than 'select'). Only disable these generic 3162306a36Sopenharmony_ci# implementations if you're sure they will never be needed, though. 3262306a36Sopenharmony_ciconfig FS_ENCRYPTION_ALGS 3362306a36Sopenharmony_ci tristate 3462306a36Sopenharmony_ci imply CRYPTO_AES 3562306a36Sopenharmony_ci imply CRYPTO_CBC 3662306a36Sopenharmony_ci imply CRYPTO_CTS 3762306a36Sopenharmony_ci imply CRYPTO_ECB 3862306a36Sopenharmony_ci imply CRYPTO_HMAC 3962306a36Sopenharmony_ci imply CRYPTO_SHA512 4062306a36Sopenharmony_ci imply CRYPTO_XTS 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ciconfig FS_ENCRYPTION_INLINE_CRYPT 4362306a36Sopenharmony_ci bool "Enable fscrypt to use inline crypto" 4462306a36Sopenharmony_ci depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION 4562306a36Sopenharmony_ci help 4662306a36Sopenharmony_ci Enable fscrypt to use inline encryption hardware if available. 47