1# SPDX-License-Identifier: GPL-2.0-only 2 3menuconfig CRYPTO_HW 4 bool "Hardware crypto devices" 5 default y 6 help 7 Say Y here to get to see options for hardware crypto devices and 8 processors. This option alone does not add any kernel code. 9 10 If you say N, all options in this submenu will be skipped and disabled. 11 12if CRYPTO_HW 13 14source "drivers/crypto/allwinner/Kconfig" 15 16config CRYPTO_DEV_PADLOCK 17 tristate "Support for VIA PadLock ACE" 18 depends on X86 && !UML 19 help 20 Some VIA processors come with an integrated crypto engine 21 (so called VIA PadLock ACE, Advanced Cryptography Engine) 22 that provides instructions for very fast cryptographic 23 operations with supported algorithms. 24 25 The instructions are used only when the CPU supports them. 26 Otherwise software encryption is used. 27 28config CRYPTO_DEV_PADLOCK_AES 29 tristate "PadLock driver for AES algorithm" 30 depends on CRYPTO_DEV_PADLOCK 31 select CRYPTO_SKCIPHER 32 select CRYPTO_LIB_AES 33 help 34 Use VIA PadLock for AES algorithm. 35 36 Available in VIA C3 and newer CPUs. 37 38 If unsure say M. The compiled module will be 39 called padlock-aes. 40 41config CRYPTO_DEV_PADLOCK_SHA 42 tristate "PadLock driver for SHA1 and SHA256 algorithms" 43 depends on CRYPTO_DEV_PADLOCK 44 select CRYPTO_HASH 45 select CRYPTO_SHA1 46 select CRYPTO_SHA256 47 help 48 Use VIA PadLock for SHA1/SHA256 algorithms. 49 50 Available in VIA C7 and newer processors. 51 52 If unsure say M. The compiled module will be 53 called padlock-sha. 54 55config CRYPTO_DEV_GEODE 56 tristate "Support for the Geode LX AES engine" 57 depends on X86_32 && PCI 58 select CRYPTO_ALGAPI 59 select CRYPTO_SKCIPHER 60 help 61 Say 'Y' here to use the AMD Geode LX processor on-board AES 62 engine for the CryptoAPI AES algorithm. 63 64 To compile this driver as a module, choose M here: the module 65 will be called geode-aes. 66 67config ZCRYPT 68 tristate "Support for s390 cryptographic adapters" 69 depends on S390 70 depends on AP 71 select HW_RANDOM 72 help 73 Select this option if you want to enable support for 74 s390 cryptographic adapters like Crypto Express 4 up 75 to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP) 76 or Accelerator (CEXxA) mode. 77 78config PKEY 79 tristate "Kernel API for protected key handling" 80 depends on S390 81 help 82 With this option enabled the pkey kernel modules provide an API 83 for creation and handling of protected keys. Other parts of the 84 kernel or userspace applications may use these functions. 85 86 The protected key support is distributed into: 87 - A pkey base and API kernel module (pkey.ko) which offers the 88 infrastructure for the pkey handler kernel modules, the ioctl 89 and the sysfs API and the in-kernel API to the crypto cipher 90 implementations using protected key. 91 - A pkey pckmo kernel module (pkey-pckmo.ko) which is automatically 92 loaded when pckmo support (that is generation of protected keys 93 from clear key values) is available. 94 - A pkey CCA kernel module (pkey-cca.ko) which is automatically 95 loaded when a CEX crypto card is available. 96 - A pkey EP11 kernel module (pkey-ep11.ko) which is automatically 97 loaded when a CEX crypto card is available. 98 - A pkey UV kernel module (pkey-uv.ko) which is automatically 99 loaded when the Ultravisor feature is available within a 100 protected execution environment. 101 102 Select this option if you want to enable the kernel and userspace 103 API for protected key handling. 104 105config PKEY_CCA 106 tristate "PKEY CCA support handler" 107 depends on PKEY 108 depends on ZCRYPT 109 help 110 This is the CCA support handler for deriving protected keys 111 from CCA (secure) keys. Also this handler provides an alternate 112 way to make protected keys from clear key values. 113 114 The PKEY CCA support handler needs a Crypto Express card (CEX) 115 in CCA mode. 116 117 If you have selected the PKEY option then you should also enable 118 this option unless you are sure you never need to derive protected 119 keys from CCA key material. 120 121config PKEY_EP11 122 tristate "PKEY EP11 support handler" 123 depends on PKEY 124 depends on ZCRYPT 125 help 126 This is the EP11 support handler for deriving protected keys 127 from EP11 (secure) keys. Also this handler provides an alternate 128 way to make protected keys from clear key values. 129 130 The PKEY EP11 support handler needs a Crypto Express card (CEX) 131 in EP11 mode. 132 133 If you have selected the PKEY option then you should also enable 134 this option unless you are sure you never need to derive protected 135 keys from EP11 key material. 136 137config PKEY_PCKMO 138 tristate "PKEY PCKMO support handler" 139 depends on PKEY 140 help 141 This is the PCKMO support handler for deriving protected keys 142 from clear key values via invoking the PCKMO instruction. 143 144 The PCKMO instruction can be enabled and disabled in the crypto 145 settings at the LPAR profile. This handler checks for availability 146 during initialization and if build as a kernel module unloads 147 itself if PCKMO is disabled. 148 149 The PCKMO way of deriving protected keys from clear key material 150 is especially used during self test of protected key ciphers like 151 PAES but the CCA and EP11 handler provide alternate ways to 152 generate protected keys from clear key values. 153 154 If you have selected the PKEY option then you should also enable 155 this option unless you are sure you never need to derive protected 156 keys from clear key values directly via PCKMO. 157 158config PKEY_UV 159 tristate "PKEY UV support handler" 160 depends on PKEY 161 depends on S390_UV_UAPI 162 help 163 This is the PKEY Ultravisor support handler for deriving protected 164 keys from secrets stored within the Ultravisor (UV). 165 166 This module works together with the UV device and supports the 167 retrieval of protected keys from secrets stored within the 168 UV firmware layer. This service is only available within 169 a protected execution guest and thus this module will fail upon 170 modprobe if no protected execution environment is detected. 171 172 Enable this option if you intend to run this kernel with an KVM 173 guest with protected execution and you want to use UV retrievable 174 secrets via PKEY API. 175 176config CRYPTO_PAES_S390 177 tristate "PAES cipher algorithms" 178 depends on S390 179 depends on ZCRYPT 180 depends on PKEY 181 select CRYPTO_ALGAPI 182 select CRYPTO_SKCIPHER 183 select CRYPTO_ENGINE 184 help 185 This is the s390 hardware accelerated implementation of the 186 AES cipher algorithms for use with protected key. 187 188 Select this option if you want to use the paes cipher 189 for example to use protected key encrypted devices. 190 191config CRYPTO_PHMAC_S390 192 tristate "PHMAC cipher algorithms" 193 depends on S390 194 depends on PKEY 195 select CRYPTO_HASH 196 select CRYPTO_ENGINE 197 help 198 This is the s390 hardware accelerated implementation of the 199 protected key HMAC support for SHA224, SHA256, SHA384 and SHA512. 200 201 Select this option if you want to use the phmac digests 202 for example to use dm-integrity with secure/protected keys. 203 204config S390_PRNG 205 tristate "Pseudo random number generator device driver" 206 depends on S390 207 default "m" 208 help 209 Select this option if you want to use the s390 pseudo random number 210 generator. The PRNG is part of the cryptographic processor functions 211 and uses triple-DES to generate secure random numbers like the 212 ANSI X9.17 standard. User-space programs access the 213 pseudo-random-number device through the char device /dev/prandom. 214 215 It is available as of z9. 216 217config CRYPTO_DEV_SL3516 218 tristate "Storlink SL3516 crypto offloader" 219 depends on ARCH_GEMINI || COMPILE_TEST 220 depends on HAS_IOMEM && PM 221 select CRYPTO_SKCIPHER 222 select CRYPTO_ENGINE 223 select CRYPTO_ECB 224 select CRYPTO_AES 225 select HW_RANDOM 226 help 227 This option allows you to have support for SL3516 crypto offloader. 228 229config CRYPTO_DEV_SL3516_DEBUG 230 bool "Enable SL3516 stats" 231 depends on CRYPTO_DEV_SL3516 232 depends on DEBUG_FS 233 help 234 Say y to enable SL3516 debug stats. 235 This will create /sys/kernel/debug/sl3516/stats for displaying 236 the number of requests per algorithm and other internal stats. 237 238config CRYPTO_DEV_HIFN_795X 239 tristate "Driver HIFN 795x crypto accelerator chips" 240 select CRYPTO_LIB_DES 241 select CRYPTO_SKCIPHER 242 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG 243 depends on PCI 244 depends on !ARCH_DMA_ADDR_T_64BIT 245 help 246 This option allows you to have support for HIFN 795x crypto adapters. 247 248config CRYPTO_DEV_HIFN_795X_RNG 249 bool "HIFN 795x random number generator" 250 depends on CRYPTO_DEV_HIFN_795X 251 help 252 Select this option if you want to enable the random number generator 253 on the HIFN 795x crypto adapters. 254 255source "drivers/crypto/caam/Kconfig" 256 257config CRYPTO_DEV_TALITOS 258 tristate "Talitos Freescale Security Engine (SEC)" 259 select CRYPTO_AEAD 260 select CRYPTO_AUTHENC 261 select CRYPTO_SKCIPHER 262 select CRYPTO_HASH 263 select CRYPTO_LIB_DES 264 select HW_RANDOM 265 depends on FSL_SOC 266 help 267 Say 'Y' here to use the Freescale Security Engine (SEC) 268 to offload cryptographic algorithm computation. 269 270 The Freescale SEC is present on PowerQUICC 'E' processors, such 271 as the MPC8349E and MPC8548E. 272 273 To compile this driver as a module, choose M here: the module 274 will be called talitos. 275 276config CRYPTO_DEV_TALITOS1 277 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)" 278 depends on CRYPTO_DEV_TALITOS 279 depends on PPC_8xx || PPC_82xx 280 default y 281 help 282 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0 283 found on MPC82xx or the Freescale Security Engine (SEC Lite) 284 version 1.2 found on MPC8xx 285 286config CRYPTO_DEV_TALITOS2 287 bool "SEC2+ (SEC version 2.0 or upper)" 288 depends on CRYPTO_DEV_TALITOS 289 default y if !PPC_8xx 290 help 291 Say 'Y' here to use the Freescale Security Engine (SEC) 292 version 2 and following as found on MPC83xx, MPC85xx, etc ... 293 294config CRYPTO_DEV_PPC4XX 295 tristate "Driver AMCC PPC4xx crypto accelerator" 296 depends on PPC && 4xx 297 select CRYPTO_HASH 298 select CRYPTO_AEAD 299 select CRYPTO_AES 300 select CRYPTO_LIB_AES 301 select CRYPTO_CCM 302 select CRYPTO_CTR 303 select CRYPTO_GCM 304 select CRYPTO_SKCIPHER 305 help 306 This option allows you to have support for AMCC crypto acceleration. 307 308config HW_RANDOM_PPC4XX 309 bool "PowerPC 4xx generic true random number generator support" 310 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y 311 default y 312 help 313 This option provides the kernel-side support for the TRNG hardware 314 found in the security function of some PowerPC 4xx SoCs. 315 316config CRYPTO_DEV_OMAP 317 tristate "Support for OMAP crypto HW accelerators" 318 depends on ARCH_OMAP2PLUS 319 help 320 OMAP processors have various crypto HW accelerators. Select this if 321 you want to use the OMAP modules for any of the crypto algorithms. 322 323if CRYPTO_DEV_OMAP 324 325config CRYPTO_DEV_OMAP_SHAM 326 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator" 327 depends on ARCH_OMAP2PLUS 328 select CRYPTO_ENGINE 329 select CRYPTO_SHA1 330 select CRYPTO_MD5 331 select CRYPTO_SHA256 332 select CRYPTO_SHA512 333 select CRYPTO_HMAC 334 help 335 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you 336 want to use the OMAP module for MD5/SHA1/SHA2 algorithms. 337 338config CRYPTO_DEV_OMAP_AES 339 tristate "Support for OMAP AES hw engine" 340 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS 341 select CRYPTO_AES 342 select CRYPTO_SKCIPHER 343 select CRYPTO_ENGINE 344 select CRYPTO_CBC 345 select CRYPTO_ECB 346 select CRYPTO_CTR 347 select CRYPTO_AEAD 348 help 349 OMAP processors have AES module accelerator. Select this if you 350 want to use the OMAP module for AES algorithms. 351 352config CRYPTO_DEV_OMAP_DES 353 tristate "Support for OMAP DES/3DES hw engine" 354 depends on ARCH_OMAP2PLUS 355 select CRYPTO_LIB_DES 356 select CRYPTO_SKCIPHER 357 select CRYPTO_ENGINE 358 help 359 OMAP processors have DES/3DES module accelerator. Select this if you 360 want to use the OMAP module for DES and 3DES algorithms. Currently 361 the ECB and CBC modes of operation are supported by the driver. Also 362 accesses made on unaligned boundaries are supported. 363 364endif # CRYPTO_DEV_OMAP 365 366config CRYPTO_DEV_SAHARA 367 tristate "Support for SAHARA crypto accelerator" 368 depends on ARCH_MXC && OF 369 select CRYPTO_SKCIPHER 370 select CRYPTO_AES 371 select CRYPTO_ECB 372 select CRYPTO_ENGINE 373 help 374 This option enables support for the SAHARA HW crypto accelerator 375 found in some Freescale i.MX chips. 376 377config CRYPTO_DEV_EXYNOS_RNG 378 tristate "Exynos HW pseudo random number generator support" 379 depends on ARCH_EXYNOS || COMPILE_TEST 380 depends on HAS_IOMEM 381 select CRYPTO_RNG 382 help 383 This driver provides kernel-side support through the 384 cryptographic API for the pseudo random number generator hardware 385 found on Exynos SoCs. 386 387 To compile this driver as a module, choose M here: the 388 module will be called exynos-rng. 389 390 If unsure, say Y. 391 392config CRYPTO_DEV_S5P 393 tristate "Support for Samsung S5PV210/Exynos crypto accelerator" 394 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST 395 depends on HAS_IOMEM 396 select CRYPTO_AES 397 select CRYPTO_SKCIPHER 398 help 399 This option allows you to have support for S5P crypto acceleration. 400 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES 401 algorithms execution. 402 403config CRYPTO_DEV_EXYNOS_HASH 404 bool "Support for Samsung Exynos HASH accelerator" 405 depends on CRYPTO_DEV_S5P 406 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m 407 select CRYPTO_SHA1 408 select CRYPTO_MD5 409 select CRYPTO_SHA256 410 help 411 Select this to offload Exynos from HASH MD5/SHA1/SHA256. 412 This will select software SHA1, MD5 and SHA256 as they are 413 needed for small and zero-size messages. 414 HASH algorithms will be disabled if EXYNOS_RNG 415 is enabled due to hw conflict. 416 417config CRYPTO_DEV_NX 418 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration" 419 depends on PPC64 420 help 421 This enables support for the NX hardware cryptographic accelerator 422 coprocessor that is in IBM PowerPC P7+ or later processors. This 423 does not actually enable any drivers, it only allows you to select 424 which acceleration type (encryption and/or compression) to enable. 425 426if CRYPTO_DEV_NX 427 source "drivers/crypto/nx/Kconfig" 428endif 429 430config CRYPTO_DEV_ATMEL_AUTHENC 431 bool "Support for Atmel IPSEC/SSL hw accelerator" 432 depends on ARCH_AT91 || COMPILE_TEST 433 depends on CRYPTO_DEV_ATMEL_AES 434 help 435 Some Atmel processors can combine the AES and SHA hw accelerators 436 to enhance support of IPSEC/SSL. 437 Select this if you want to use the Atmel modules for 438 authenc(hmac(shaX),Y(cbc)) algorithms. 439 440config CRYPTO_DEV_ATMEL_AES 441 tristate "Support for Atmel AES hw accelerator" 442 depends on ARCH_AT91 || COMPILE_TEST 443 select CRYPTO_AES 444 select CRYPTO_AEAD 445 select CRYPTO_SKCIPHER 446 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC 447 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC 448 help 449 Some Atmel processors have AES hw accelerator. 450 Select this if you want to use the Atmel module for 451 AES algorithms. 452 453 To compile this driver as a module, choose M here: the module 454 will be called atmel-aes. 455 456config CRYPTO_DEV_ATMEL_TDES 457 tristate "Support for Atmel DES/TDES hw accelerator" 458 depends on ARCH_AT91 || COMPILE_TEST 459 select CRYPTO_LIB_DES 460 select CRYPTO_SKCIPHER 461 help 462 Some Atmel processors have DES/TDES hw accelerator. 463 Select this if you want to use the Atmel module for 464 DES/TDES algorithms. 465 466 To compile this driver as a module, choose M here: the module 467 will be called atmel-tdes. 468 469config CRYPTO_DEV_ATMEL_SHA 470 tristate "Support for Atmel SHA hw accelerator" 471 depends on ARCH_AT91 || COMPILE_TEST 472 select CRYPTO_HASH 473 help 474 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512 475 hw accelerator. 476 Select this if you want to use the Atmel module for 477 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms. 478 479 To compile this driver as a module, choose M here: the module 480 will be called atmel-sha. 481 482config CRYPTO_DEV_ATMEL_I2C 483 tristate 484 select BITREVERSE 485 486config CRYPTO_DEV_ATMEL_ECC 487 tristate "Support for Microchip / Atmel ECC hw accelerator" 488 depends on I2C 489 select CRYPTO_DEV_ATMEL_I2C 490 select CRYPTO_ECDH 491 select CRC16 492 help 493 Microhip / Atmel ECC hw accelerator. 494 Select this if you want to use the Microchip / Atmel module for 495 ECDH algorithm. 496 497 To compile this driver as a module, choose M here: the module 498 will be called atmel-ecc. 499 500config CRYPTO_DEV_ATMEL_SHA204A 501 tristate "Support for Microchip / Atmel SHA accelerator and RNG" 502 depends on I2C 503 select CRYPTO_DEV_ATMEL_I2C 504 select HW_RANDOM 505 select CRC16 506 help 507 Microhip / Atmel SHA accelerator and RNG. 508 Select this if you want to use the Microchip / Atmel SHA204A 509 module as a random number generator. (Other functions of the 510 chip are currently not exposed by this driver) 511 512 To compile this driver as a module, choose M here: the module 513 will be called atmel-sha204a. 514 515config CRYPTO_DEV_CCP 516 bool "Support for AMD Secure Processor" 517 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM 518 help 519 The AMD Secure Processor provides support for the Cryptographic Coprocessor 520 (CCP) and the Platform Security Processor (PSP) devices. 521 522if CRYPTO_DEV_CCP 523 source "drivers/crypto/ccp/Kconfig" 524endif 525 526config CRYPTO_DEV_MXS_DCP 527 tristate "Support for Freescale MXS DCP" 528 depends on (ARCH_MXS || ARCH_MXC) 529 select STMP_DEVICE 530 select CRYPTO_CBC 531 select CRYPTO_ECB 532 select CRYPTO_AES 533 select CRYPTO_SKCIPHER 534 select CRYPTO_HASH 535 help 536 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB 537 co-processor on the die. 538 539 To compile this driver as a module, choose M here: the module 540 will be called mxs-dcp. 541 542source "drivers/crypto/cavium/cpt/Kconfig" 543source "drivers/crypto/cavium/nitrox/Kconfig" 544source "drivers/crypto/marvell/Kconfig" 545source "drivers/crypto/intel/Kconfig" 546 547config CRYPTO_DEV_QCE 548 tristate "Qualcomm crypto engine accelerator" 549 depends on ARCH_QCOM || COMPILE_TEST 550 depends on HAS_IOMEM 551 help 552 This driver supports Qualcomm crypto engine accelerator 553 hardware. To compile this driver as a module, choose M here. The 554 module will be called qcrypto. 555 556config CRYPTO_DEV_QCE_SKCIPHER 557 bool 558 depends on CRYPTO_DEV_QCE 559 select CRYPTO_AES 560 select CRYPTO_LIB_DES 561 select CRYPTO_ECB 562 select CRYPTO_CBC 563 select CRYPTO_XTS 564 select CRYPTO_CTR 565 select CRYPTO_SKCIPHER 566 567config CRYPTO_DEV_QCE_SHA 568 bool 569 depends on CRYPTO_DEV_QCE 570 select CRYPTO_SHA1 571 select CRYPTO_SHA256 572 573config CRYPTO_DEV_QCE_AEAD 574 bool 575 depends on CRYPTO_DEV_QCE 576 select CRYPTO_AUTHENC 577 select CRYPTO_LIB_DES 578 579choice 580 prompt "Algorithms enabled for QCE acceleration" 581 default CRYPTO_DEV_QCE_ENABLE_ALL 582 depends on CRYPTO_DEV_QCE 583 help 584 This option allows to choose whether to build support for all algorithms 585 (default), hashes-only, or skciphers-only. 586 587 The QCE engine does not appear to scale as well as the CPU to handle 588 multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the 589 QCE handles only 2 requests in parallel. 590 591 Ipsec throughput seems to improve when disabling either family of 592 algorithms, sharing the load with the CPU. Enabling skciphers-only 593 appears to work best. 594 595 config CRYPTO_DEV_QCE_ENABLE_ALL 596 bool "All supported algorithms" 597 select CRYPTO_DEV_QCE_SKCIPHER 598 select CRYPTO_DEV_QCE_SHA 599 select CRYPTO_DEV_QCE_AEAD 600 help 601 Enable all supported algorithms: 602 - AES (CBC, CTR, ECB, XTS) 603 - 3DES (CBC, ECB) 604 - DES (CBC, ECB) 605 - SHA1, HMAC-SHA1 606 - SHA256, HMAC-SHA256 607 608 config CRYPTO_DEV_QCE_ENABLE_SKCIPHER 609 bool "Symmetric-key ciphers only" 610 select CRYPTO_DEV_QCE_SKCIPHER 611 help 612 Enable symmetric-key ciphers only: 613 - AES (CBC, CTR, ECB, XTS) 614 - 3DES (ECB, CBC) 615 - DES (ECB, CBC) 616 617 config CRYPTO_DEV_QCE_ENABLE_SHA 618 bool "Hash/HMAC only" 619 select CRYPTO_DEV_QCE_SHA 620 help 621 Enable hashes/HMAC algorithms only: 622 - SHA1, HMAC-SHA1 623 - SHA256, HMAC-SHA256 624 625 config CRYPTO_DEV_QCE_ENABLE_AEAD 626 bool "AEAD algorithms only" 627 select CRYPTO_DEV_QCE_AEAD 628 help 629 Enable AEAD algorithms only: 630 - authenc() 631 - ccm(aes) 632 - rfc4309(ccm(aes)) 633endchoice 634 635config CRYPTO_DEV_QCE_SW_MAX_LEN 636 int "Default maximum request size to use software for AES" 637 depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER 638 default 512 639 help 640 This sets the default maximum request size to perform AES requests 641 using software instead of the crypto engine. It can be changed by 642 setting the aes_sw_max_len parameter. 643 644 Small blocks are processed faster in software than hardware. 645 Considering the 256-bit ciphers, software is 2-3 times faster than 646 qce at 256-bytes, 30% faster at 512, and about even at 768-bytes. 647 With 128-bit keys, the break-even point would be around 1024-bytes. 648 649 The default is set a little lower, to 512 bytes, to balance the 650 cost in CPU usage. The minimum recommended setting is 16-bytes 651 (1 AES block), since AES-GCM will fail if you set it lower. 652 Setting this to zero will send all requests to the hardware. 653 654 Note that 192-bit keys are not supported by the hardware and are 655 always processed by the software fallback, and all DES requests 656 are done by the hardware. 657 658config CRYPTO_DEV_QCOM_RNG 659 tristate "Qualcomm Random Number Generator Driver" 660 depends on ARCH_QCOM || COMPILE_TEST 661 depends on HW_RANDOM 662 select CRYPTO_RNG 663 help 664 This driver provides support for the Random Number 665 Generator hardware found on Qualcomm SoCs. 666 667 To compile this driver as a module, choose M here. The 668 module will be called qcom-rng. If unsure, say N. 669 670#config CRYPTO_DEV_VMX 671# bool "Support for VMX cryptographic acceleration instructions" 672# depends on PPC64 && VSX 673# help 674# Support for VMX cryptographic acceleration instructions. 675# 676#source "drivers/crypto/vmx/Kconfig" 677 678config CRYPTO_DEV_IMGTEC_HASH 679 tristate "Imagination Technologies hardware hash accelerator" 680 depends on MIPS || COMPILE_TEST 681 select CRYPTO_MD5 682 select CRYPTO_SHA1 683 select CRYPTO_SHA256 684 select CRYPTO_HASH 685 help 686 This driver interfaces with the Imagination Technologies 687 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256 688 hashing algorithms. 689 690config CRYPTO_DEV_ROCKCHIP 691 tristate "Rockchip's Cryptographic Engine driver" 692 depends on OF && ARCH_ROCKCHIP 693 depends on PM 694 select CRYPTO_ECB 695 select CRYPTO_CBC 696 select CRYPTO_DES 697 select CRYPTO_AES 698 select CRYPTO_ENGINE 699 select CRYPTO_LIB_DES 700 select CRYPTO_MD5 701 select CRYPTO_SHA1 702 select CRYPTO_SHA256 703 select CRYPTO_HASH 704 select CRYPTO_SKCIPHER 705 706 help 707 This driver interfaces with the hardware crypto accelerator. 708 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode. 709 710config CRYPTO_DEV_ROCKCHIP_DEBUG 711 bool "Enable Rockchip crypto stats" 712 depends on CRYPTO_DEV_ROCKCHIP 713 depends on DEBUG_FS 714 help 715 Say y to enable Rockchip crypto debug stats. 716 This will create /sys/kernel/debug/rk3288_crypto/stats for displaying 717 the number of requests per algorithm and other internal stats. 718 719config CRYPTO_DEV_TEGRA 720 tristate "Enable Tegra Security Engine" 721 depends on TEGRA_HOST1X 722 select CRYPTO_ENGINE 723 724 help 725 Select this to enable Tegra Security Engine which accelerates various 726 AES encryption/decryption and HASH algorithms. 727 728config CRYPTO_DEV_ZYNQMP_AES 729 tristate "Support for Xilinx ZynqMP AES hw accelerator" 730 depends on ZYNQMP_FIRMWARE || COMPILE_TEST 731 select CRYPTO_AES 732 select CRYPTO_ENGINE 733 select CRYPTO_AEAD 734 help 735 Xilinx ZynqMP has AES-GCM engine used for symmetric key 736 encryption and decryption. This driver interfaces with AES hw 737 accelerator. Select this if you want to use the ZynqMP module 738 for AES algorithms. 739 740config CRYPTO_DEV_ZYNQMP_SHA3 741 tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator" 742 depends on ZYNQMP_FIRMWARE || COMPILE_TEST 743 select CRYPTO_SHA3 744 help 745 Xilinx ZynqMP has SHA3 engine used for secure hash calculation. 746 This driver interfaces with SHA3 hardware engine. 747 Select this if you want to use the ZynqMP module 748 for SHA3 hash computation. 749 750source "drivers/crypto/chelsio/Kconfig" 751 752source "drivers/crypto/virtio/Kconfig" 753 754config CRYPTO_DEV_BCM_SPU 755 tristate "Broadcom symmetric crypto/hash acceleration support" 756 depends on ARCH_BCM_IPROC 757 depends on MAILBOX 758 default m 759 select CRYPTO_AUTHENC 760 select CRYPTO_LIB_DES 761 select CRYPTO_MD5 762 select CRYPTO_SHA1 763 select CRYPTO_SHA256 764 select CRYPTO_SHA512 765 help 766 This driver provides support for Broadcom crypto acceleration using the 767 Secure Processing Unit (SPU). The SPU driver registers skcipher, 768 ahash, and aead algorithms with the kernel cryptographic API. 769 770source "drivers/crypto/stm32/Kconfig" 771 772config CRYPTO_DEV_SAFEXCEL 773 tristate "Inside Secure's SafeXcel cryptographic engine driver" 774 depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM 775 select CRYPTO_LIB_AES 776 select CRYPTO_AUTHENC 777 select CRYPTO_SKCIPHER 778 select CRYPTO_LIB_DES 779 select CRYPTO_HASH 780 select CRYPTO_HMAC 781 select CRYPTO_MD5 782 select CRYPTO_SHA1 783 select CRYPTO_SHA256 784 select CRYPTO_SHA512 785 select CRYPTO_CHACHA20POLY1305 786 select CRYPTO_SHA3 787 help 788 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic 789 engines designed by Inside Secure. It currently accelerates DES, 3DES and 790 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256, 791 SHA384 and SHA512 hash algorithms for both basic hash and HMAC. 792 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations. 793 794config CRYPTO_DEV_ARTPEC6 795 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration." 796 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST) 797 depends on OF 798 select CRYPTO_AEAD 799 select CRYPTO_AES 800 select CRYPTO_ALGAPI 801 select CRYPTO_SKCIPHER 802 select CRYPTO_CTR 803 select CRYPTO_HASH 804 select CRYPTO_SHA1 805 select CRYPTO_SHA256 806 select CRYPTO_SHA512 807 help 808 Enables the driver for the on-chip crypto accelerator 809 of Axis ARTPEC SoCs. 810 811 To compile this driver as a module, choose M here. 812 813config CRYPTO_DEV_CCREE 814 tristate "Support for ARM TrustZone CryptoCell family of security processors" 815 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA 816 depends on HAS_IOMEM 817 select CRYPTO_HASH 818 select CRYPTO_SKCIPHER 819 select CRYPTO_LIB_DES 820 select CRYPTO_AEAD 821 select CRYPTO_AUTHENC 822 select CRYPTO_SHA1 823 select CRYPTO_MD5 824 select CRYPTO_SHA256 825 select CRYPTO_SHA512 826 select CRYPTO_HMAC 827 select CRYPTO_AES 828 select CRYPTO_CBC 829 select CRYPTO_ECB 830 select CRYPTO_CTR 831 select CRYPTO_XTS 832 select CRYPTO_SM4_GENERIC 833 select CRYPTO_SM3_GENERIC 834 help 835 Say 'Y' to enable a driver for the REE interface of the Arm 836 TrustZone CryptoCell family of processors. Currently the 837 CryptoCell 713, 703, 712, 710 and 630 are supported. 838 Choose this if you wish to use hardware acceleration of 839 cryptographic operations on the system REE. 840 If unsure say Y. 841 842source "drivers/crypto/hisilicon/Kconfig" 843 844source "drivers/crypto/amlogic/Kconfig" 845 846config CRYPTO_DEV_SA2UL 847 tristate "Support for TI security accelerator" 848 depends on ARCH_K3 || COMPILE_TEST 849 select CRYPTO_AES 850 select CRYPTO_ALGAPI 851 select CRYPTO_AUTHENC 852 select CRYPTO_DES 853 select CRYPTO_SHA1 854 select CRYPTO_SHA256 855 select CRYPTO_SHA512 856 select HW_RANDOM 857 select SG_SPLIT 858 help 859 K3 devices include a security accelerator engine that may be 860 used for crypto offload. Select this if you want to use hardware 861 acceleration for cryptographic algorithms on these devices. 862 863source "drivers/crypto/aspeed/Kconfig" 864source "drivers/crypto/starfive/Kconfig" 865source "drivers/crypto/inside-secure/eip93/Kconfig" 866 867endif # CRYPTO_HW 868