1# SPDX-License-Identifier: GPL-2.0-only 2 3menuconfig CRYPTO_HW 4 bool "Hardware crypto devices" 5 default y 6 help 7 Say Y here to get to see options for hardware crypto devices and 8 processors. This option alone does not add any kernel code. 9 10 If you say N, all options in this submenu will be skipped and disabled. 11 12if CRYPTO_HW 13 14source "drivers/crypto/allwinner/Kconfig" 15 16config CRYPTO_DEV_PADLOCK 17 tristate "Support for VIA PadLock ACE" 18 depends on X86 && !UML 19 help 20 Some VIA processors come with an integrated crypto engine 21 (so called VIA PadLock ACE, Advanced Cryptography Engine) 22 that provides instructions for very fast cryptographic 23 operations with supported algorithms. 24 25 The instructions are used only when the CPU supports them. 26 Otherwise software encryption is used. 27 28config CRYPTO_DEV_PADLOCK_AES 29 tristate "PadLock driver for AES algorithm" 30 depends on CRYPTO_DEV_PADLOCK 31 select CRYPTO_SKCIPHER 32 select CRYPTO_LIB_AES 33 help 34 Use VIA PadLock for AES algorithm. 35 36 Available in VIA C3 and newer CPUs. 37 38 If unsure say M. The compiled module will be 39 called padlock-aes. 40 41config CRYPTO_DEV_PADLOCK_SHA 42 tristate "PadLock driver for SHA1 and SHA256 algorithms" 43 depends on CRYPTO_DEV_PADLOCK 44 select CRYPTO_HASH 45 select CRYPTO_SHA1 46 select CRYPTO_SHA256 47 help 48 Use VIA PadLock for SHA1/SHA256 algorithms. 49 50 Available in VIA C7 and newer processors. 51 52 If unsure say M. The compiled module will be 53 called padlock-sha. 54 55config CRYPTO_DEV_GEODE 56 tristate "Support for the Geode LX AES engine" 57 depends on X86_32 && PCI 58 select CRYPTO_ALGAPI 59 select CRYPTO_SKCIPHER 60 help 61 Say 'Y' here to use the AMD Geode LX processor on-board AES 62 engine for the CryptoAPI AES algorithm. 63 64 To compile this driver as a module, choose M here: the module 65 will be called geode-aes. 66 67config ZCRYPT 68 tristate "Support for s390 cryptographic adapters" 69 depends on S390 70 depends on AP 71 select HW_RANDOM 72 help 73 Select this option if you want to enable support for 74 s390 cryptographic adapters like Crypto Express 4 up 75 to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP) 76 or Accelerator (CEXxA) mode. 77 78config PKEY 79 tristate "Kernel API for protected key handling" 80 depends on S390 81 help 82 With this option enabled the pkey kernel modules provide an API 83 for creation and handling of protected keys. Other parts of the 84 kernel or userspace applications may use these functions. 85 86 The protected key support is distributed into: 87 - A pkey base and API kernel module (pkey.ko) which offers the 88 infrastructure for the pkey handler kernel modules, the ioctl 89 and the sysfs API and the in-kernel API to the crypto cipher 90 implementations using protected key. 91 - A pkey pckmo kernel module (pkey-pckmo.ko) which is automatically 92 loaded when pckmo support (that is generation of protected keys 93 from clear key values) is available. 94 - A pkey CCA kernel module (pkey-cca.ko) which is automatically 95 loaded when a CEX crypto card is available. 96 - A pkey EP11 kernel module (pkey-ep11.ko) which is automatically 97 loaded when a CEX crypto card is available. 98 - A pkey UV kernel module (pkey-uv.ko) which is automatically 99 loaded when the Ultravisor feature is available within a 100 protected execution environment. 101 102 Select this option if you want to enable the kernel and userspace 103 API for protected key handling. 104 105config PKEY_CCA 106 tristate "PKEY CCA support handler" 107 depends on PKEY 108 depends on ZCRYPT 109 help 110 This is the CCA support handler for deriving protected keys 111 from CCA (secure) keys. Also this handler provides an alternate 112 way to make protected keys from clear key values. 113 114 The PKEY CCA support handler needs a Crypto Express card (CEX) 115 in CCA mode. 116 117 If you have selected the PKEY option then you should also enable 118 this option unless you are sure you never need to derive protected 119 keys from CCA key material. 120 121config PKEY_EP11 122 tristate "PKEY EP11 support handler" 123 depends on PKEY 124 depends on ZCRYPT 125 help 126 This is the EP11 support handler for deriving protected keys 127 from EP11 (secure) keys. Also this handler provides an alternate 128 way to make protected keys from clear key values. 129 130 The PKEY EP11 support handler needs a Crypto Express card (CEX) 131 in EP11 mode. 132 133 If you have selected the PKEY option then you should also enable 134 this option unless you are sure you never need to derive protected 135 keys from EP11 key material. 136 137config PKEY_PCKMO 138 tristate "PKEY PCKMO support handler" 139 depends on PKEY 140 help 141 This is the PCKMO support handler for deriving protected keys 142 from clear key values via invoking the PCKMO instruction. 143 144 The PCKMO instruction can be enabled and disabled in the crypto 145 settings at the LPAR profile. This handler checks for availability 146 during initialization and if build as a kernel module unloads 147 itself if PCKMO is disabled. 148 149 The PCKMO way of deriving protected keys from clear key material 150 is especially used during self test of protected key ciphers like 151 PAES but the CCA and EP11 handler provide alternate ways to 152 generate protected keys from clear key values. 153 154 If you have selected the PKEY option then you should also enable 155 this option unless you are sure you never need to derive protected 156 keys from clear key values directly via PCKMO. 157 158config PKEY_UV 159 tristate "PKEY UV support handler" 160 depends on PKEY 161 depends on S390_UV_UAPI 162 help 163 This is the PKEY Ultravisor support handler for deriving protected 164 keys from secrets stored within the Ultravisor (UV). 165 166 This module works together with the UV device and supports the 167 retrieval of protected keys from secrets stored within the 168 UV firmware layer. This service is only available within 169 a protected execution guest and thus this module will fail upon 170 modprobe if no protected execution environment is detected. 171 172 Enable this option if you intend to run this kernel with an KVM 173 guest with protected execution and you want to use UV retrievable 174 secrets via PKEY API. 175 176config CRYPTO_PAES_S390 177 tristate "PAES cipher algorithms" 178 depends on S390 179 depends on ZCRYPT 180 depends on PKEY 181 select CRYPTO_ALGAPI 182 select CRYPTO_SKCIPHER 183 select CRYPTO_ENGINE 184 help 185 This is the s390 hardware accelerated implementation of the 186 AES cipher algorithms for use with protected key. 187 188 Select this option if you want to use the paes cipher 189 for example to use protected key encrypted devices. 190 191config CRYPTO_PHMAC_S390 192 tristate "PHMAC cipher algorithms" 193 depends on S390 194 depends on PKEY 195 select CRYPTO_HASH 196 select CRYPTO_ENGINE 197 help 198 This is the s390 hardware accelerated implementation of the 199 protected key HMAC support for SHA224, SHA256, SHA384 and SHA512. 200 201 Select this option if you want to use the phmac digests 202 for example to use dm-integrity with secure/protected keys. 203 204config S390_PRNG 205 tristate "Pseudo random number generator device driver" 206 depends on S390 207 default "m" 208 help 209 Select this option if you want to use the s390 pseudo random number 210 generator. The PRNG is part of the cryptographic processor functions 211 and uses triple-DES to generate secure random numbers like the 212 ANSI X9.17 standard. User-space programs access the 213 pseudo-random-number device through the char device /dev/prandom. 214 215 It is available as of z9. 216 217config CRYPTO_DEV_SL3516 218 tristate "Storlink SL3516 crypto offloader" 219 depends on ARCH_GEMINI || COMPILE_TEST 220 depends on HAS_IOMEM && PM 221 select CRYPTO_SKCIPHER 222 select CRYPTO_ENGINE 223 select CRYPTO_ECB 224 select CRYPTO_AES 225 select HW_RANDOM 226 help 227 This option allows you to have support for SL3516 crypto offloader. 228 229config CRYPTO_DEV_SL3516_DEBUG 230 bool "Enable SL3516 stats" 231 depends on CRYPTO_DEV_SL3516 232 depends on DEBUG_FS 233 help 234 Say y to enable SL3516 debug stats. 235 This will create /sys/kernel/debug/sl3516/stats for displaying 236 the number of requests per algorithm and other internal stats. 237 238config CRYPTO_DEV_HIFN_795X 239 tristate "Driver HIFN 795x crypto accelerator chips" 240 select CRYPTO_LIB_DES 241 select CRYPTO_SKCIPHER 242 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG 243 depends on PCI 244 depends on !ARCH_DMA_ADDR_T_64BIT 245 help 246 This option allows you to have support for HIFN 795x crypto adapters. 247 248config CRYPTO_DEV_HIFN_795X_RNG 249 bool "HIFN 795x random number generator" 250 depends on CRYPTO_DEV_HIFN_795X 251 help 252 Select this option if you want to enable the random number generator 253 on the HIFN 795x crypto adapters. 254 255source "drivers/crypto/caam/Kconfig" 256 257config CRYPTO_DEV_TALITOS 258 tristate "Talitos Freescale Security Engine (SEC)" 259 select CRYPTO_AEAD 260 select CRYPTO_AUTHENC 261 select CRYPTO_SKCIPHER 262 select CRYPTO_HASH 263 select CRYPTO_LIB_DES 264 select HW_RANDOM 265 depends on FSL_SOC 266 help 267 Say 'Y' here to use the Freescale Security Engine (SEC) 268 to offload cryptographic algorithm computation. 269 270 The Freescale SEC is present on PowerQUICC 'E' processors, such 271 as the MPC8349E and MPC8548E. 272 273 To compile this driver as a module, choose M here: the module 274 will be called talitos. 275 276config CRYPTO_DEV_TALITOS1 277 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)" 278 depends on CRYPTO_DEV_TALITOS 279 depends on PPC_8xx || PPC_82xx 280 default y 281 help 282 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0 283 found on MPC82xx or the Freescale Security Engine (SEC Lite) 284 version 1.2 found on MPC8xx 285 286config CRYPTO_DEV_TALITOS2 287 bool "SEC2+ (SEC version 2.0 or upper)" 288 depends on CRYPTO_DEV_TALITOS 289 default y if !PPC_8xx 290 help 291 Say 'Y' here to use the Freescale Security Engine (SEC) 292 version 2 and following as found on MPC83xx, MPC85xx, etc ... 293 294config CRYPTO_DEV_PPC4XX 295 tristate "Driver AMCC PPC4xx crypto accelerator" 296 depends on PPC && 4xx 297 select CRYPTO_HASH 298 select CRYPTO_AEAD 299 select CRYPTO_AES 300 select CRYPTO_LIB_AES 301 select CRYPTO_CCM 302 select CRYPTO_CTR 303 select CRYPTO_GCM 304 select CRYPTO_RNG 305 select CRYPTO_SKCIPHER 306 help 307 This option allows you to have support for AMCC crypto acceleration. 308 309config HW_RANDOM_PPC4XX 310 bool "PowerPC 4xx generic true random number generator support" 311 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y 312 default y 313 help 314 This option provides the kernel-side support for the TRNG hardware 315 found in the security function of some PowerPC 4xx SoCs. 316 317config CRYPTO_DEV_OMAP 318 tristate "Support for OMAP crypto HW accelerators" 319 depends on ARCH_OMAP2PLUS 320 help 321 OMAP processors have various crypto HW accelerators. Select this if 322 you want to use the OMAP modules for any of the crypto algorithms. 323 324if CRYPTO_DEV_OMAP 325 326config CRYPTO_DEV_OMAP_SHAM 327 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator" 328 depends on ARCH_OMAP2PLUS 329 select CRYPTO_ENGINE 330 select CRYPTO_SHA1 331 select CRYPTO_MD5 332 select CRYPTO_SHA256 333 select CRYPTO_SHA512 334 select CRYPTO_HMAC 335 help 336 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you 337 want to use the OMAP module for MD5/SHA1/SHA2 algorithms. 338 339config CRYPTO_DEV_OMAP_AES 340 tristate "Support for OMAP AES hw engine" 341 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS 342 select CRYPTO_AES 343 select CRYPTO_SKCIPHER 344 select CRYPTO_ENGINE 345 select CRYPTO_CBC 346 select CRYPTO_ECB 347 select CRYPTO_CTR 348 select CRYPTO_AEAD 349 help 350 OMAP processors have AES module accelerator. Select this if you 351 want to use the OMAP module for AES algorithms. 352 353config CRYPTO_DEV_OMAP_DES 354 tristate "Support for OMAP DES/3DES hw engine" 355 depends on ARCH_OMAP2PLUS 356 select CRYPTO_LIB_DES 357 select CRYPTO_SKCIPHER 358 select CRYPTO_ENGINE 359 help 360 OMAP processors have DES/3DES module accelerator. Select this if you 361 want to use the OMAP module for DES and 3DES algorithms. Currently 362 the ECB and CBC modes of operation are supported by the driver. Also 363 accesses made on unaligned boundaries are supported. 364 365endif # CRYPTO_DEV_OMAP 366 367config CRYPTO_DEV_SAHARA 368 tristate "Support for SAHARA crypto accelerator" 369 depends on ARCH_MXC && OF 370 select CRYPTO_SKCIPHER 371 select CRYPTO_AES 372 select CRYPTO_ECB 373 select CRYPTO_ENGINE 374 help 375 This option enables support for the SAHARA HW crypto accelerator 376 found in some Freescale i.MX chips. 377 378config CRYPTO_DEV_EXYNOS_RNG 379 tristate "Exynos HW pseudo random number generator support" 380 depends on ARCH_EXYNOS || COMPILE_TEST 381 depends on HAS_IOMEM 382 select CRYPTO_RNG 383 help 384 This driver provides kernel-side support through the 385 cryptographic API for the pseudo random number generator hardware 386 found on Exynos SoCs. 387 388 To compile this driver as a module, choose M here: the 389 module will be called exynos-rng. 390 391 If unsure, say Y. 392 393config CRYPTO_DEV_S5P 394 tristate "Support for Samsung S5PV210/Exynos crypto accelerator" 395 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST 396 depends on HAS_IOMEM 397 select CRYPTO_AES 398 select CRYPTO_SKCIPHER 399 help 400 This option allows you to have support for S5P crypto acceleration. 401 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES 402 algorithms execution. 403 404config CRYPTO_DEV_EXYNOS_HASH 405 bool "Support for Samsung Exynos HASH accelerator" 406 depends on CRYPTO_DEV_S5P 407 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m 408 select CRYPTO_SHA1 409 select CRYPTO_MD5 410 select CRYPTO_SHA256 411 help 412 Select this to offload Exynos from HASH MD5/SHA1/SHA256. 413 This will select software SHA1, MD5 and SHA256 as they are 414 needed for small and zero-size messages. 415 HASH algorithms will be disabled if EXYNOS_RNG 416 is enabled due to hw conflict. 417 418config CRYPTO_DEV_NX 419 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration" 420 depends on PPC64 421 help 422 This enables support for the NX hardware cryptographic accelerator 423 coprocessor that is in IBM PowerPC P7+ or later processors. This 424 does not actually enable any drivers, it only allows you to select 425 which acceleration type (encryption and/or compression) to enable. 426 427if CRYPTO_DEV_NX 428 source "drivers/crypto/nx/Kconfig" 429endif 430 431config CRYPTO_DEV_ATMEL_AUTHENC 432 bool "Support for Atmel IPSEC/SSL hw accelerator" 433 depends on ARCH_AT91 || COMPILE_TEST 434 depends on CRYPTO_DEV_ATMEL_AES 435 help 436 Some Atmel processors can combine the AES and SHA hw accelerators 437 to enhance support of IPSEC/SSL. 438 Select this if you want to use the Atmel modules for 439 authenc(hmac(shaX),Y(cbc)) algorithms. 440 441config CRYPTO_DEV_ATMEL_AES 442 tristate "Support for Atmel AES hw accelerator" 443 depends on ARCH_MICROCHIP || COMPILE_TEST 444 select CRYPTO_AES 445 select CRYPTO_AEAD 446 select CRYPTO_SKCIPHER 447 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC 448 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC 449 help 450 Some Atmel processors have AES hw accelerator. 451 Select this if you want to use the Atmel module for 452 AES algorithms. 453 454 To compile this driver as a module, choose M here: the module 455 will be called atmel-aes. 456 457config CRYPTO_DEV_ATMEL_TDES 458 tristate "Support for Atmel DES/TDES hw accelerator" 459 depends on ARCH_AT91 || COMPILE_TEST 460 select CRYPTO_LIB_DES 461 select CRYPTO_SKCIPHER 462 help 463 Some Atmel processors have DES/TDES hw accelerator. 464 Select this if you want to use the Atmel module for 465 DES/TDES algorithms. 466 467 To compile this driver as a module, choose M here: the module 468 will be called atmel-tdes. 469 470config CRYPTO_DEV_ATMEL_SHA 471 tristate "Support for Atmel SHA hw accelerator" 472 depends on ARCH_AT91 || COMPILE_TEST 473 select CRYPTO_HASH 474 help 475 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512 476 hw accelerator. 477 Select this if you want to use the Atmel module for 478 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms. 479 480 To compile this driver as a module, choose M here: the module 481 will be called atmel-sha. 482 483config CRYPTO_DEV_ATMEL_I2C 484 tristate 485 select BITREVERSE 486 487config CRYPTO_DEV_ATMEL_ECC 488 tristate "Support for Microchip / Atmel ECC hw accelerator" 489 depends on I2C 490 select CRYPTO_DEV_ATMEL_I2C 491 select CRYPTO_ECDH 492 select CRC16 493 help 494 Microchip / Atmel ECC hw accelerator. 495 Select this if you want to use the Microchip / Atmel module for 496 ECDH algorithm. 497 498 To compile this driver as a module, choose M here: the module 499 will be called atmel-ecc. 500 501config CRYPTO_DEV_ATMEL_SHA204A 502 tristate "Support for Microchip / Atmel SHA accelerator and RNG" 503 depends on I2C 504 select CRYPTO_DEV_ATMEL_I2C 505 select HW_RANDOM 506 select CRC16 507 help 508 Microchip / Atmel SHA accelerator and RNG. 509 Select this if you want to use the Microchip / Atmel SHA204A 510 module as a random number generator. (Other functions of the 511 chip are currently not exposed by this driver) 512 513 To compile this driver as a module, choose M here: the module 514 will be called atmel-sha204a. 515 516config CRYPTO_DEV_CCP 517 bool "Support for AMD Secure Processor" 518 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM 519 help 520 The AMD Secure Processor provides support for the Cryptographic Coprocessor 521 (CCP) and the Platform Security Processor (PSP) devices. 522 523if CRYPTO_DEV_CCP 524 source "drivers/crypto/ccp/Kconfig" 525endif 526 527config CRYPTO_DEV_MXS_DCP 528 tristate "Support for Freescale MXS DCP" 529 depends on (ARCH_MXS || ARCH_MXC) 530 select STMP_DEVICE 531 select CRYPTO_CBC 532 select CRYPTO_ECB 533 select CRYPTO_AES 534 select CRYPTO_SKCIPHER 535 select CRYPTO_HASH 536 help 537 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB 538 co-processor on the die. 539 540 To compile this driver as a module, choose M here: the module 541 will be called mxs-dcp. 542 543source "drivers/crypto/cavium/cpt/Kconfig" 544source "drivers/crypto/cavium/nitrox/Kconfig" 545source "drivers/crypto/marvell/Kconfig" 546source "drivers/crypto/intel/Kconfig" 547 548config CRYPTO_DEV_QCE 549 tristate "Qualcomm crypto engine accelerator" 550 depends on ARCH_QCOM || COMPILE_TEST 551 depends on HAS_IOMEM 552 help 553 This driver supports Qualcomm crypto engine accelerator 554 hardware. To compile this driver as a module, choose M here. The 555 module will be called qcrypto. 556 557config CRYPTO_DEV_QCE_SKCIPHER 558 bool 559 depends on CRYPTO_DEV_QCE 560 select CRYPTO_AES 561 select CRYPTO_LIB_DES 562 select CRYPTO_ECB 563 select CRYPTO_CBC 564 select CRYPTO_XTS 565 select CRYPTO_CTR 566 select CRYPTO_SKCIPHER 567 568config CRYPTO_DEV_QCE_SHA 569 bool 570 depends on CRYPTO_DEV_QCE 571 select CRYPTO_SHA1 572 select CRYPTO_SHA256 573 574config CRYPTO_DEV_QCE_AEAD 575 bool 576 depends on CRYPTO_DEV_QCE 577 select CRYPTO_AUTHENC 578 select CRYPTO_LIB_DES 579 580choice 581 prompt "Algorithms enabled for QCE acceleration" 582 default CRYPTO_DEV_QCE_ENABLE_ALL 583 depends on CRYPTO_DEV_QCE 584 help 585 This option allows to choose whether to build support for all algorithms 586 (default), hashes-only, or skciphers-only. 587 588 The QCE engine does not appear to scale as well as the CPU to handle 589 multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the 590 QCE handles only 2 requests in parallel. 591 592 Ipsec throughput seems to improve when disabling either family of 593 algorithms, sharing the load with the CPU. Enabling skciphers-only 594 appears to work best. 595 596 config CRYPTO_DEV_QCE_ENABLE_ALL 597 bool "All supported algorithms" 598 select CRYPTO_DEV_QCE_SKCIPHER 599 select CRYPTO_DEV_QCE_SHA 600 select CRYPTO_DEV_QCE_AEAD 601 help 602 Enable all supported algorithms: 603 - AES (CBC, CTR, ECB, XTS) 604 - 3DES (CBC, ECB) 605 - DES (CBC, ECB) 606 - SHA1, HMAC-SHA1 607 - SHA256, HMAC-SHA256 608 609 config CRYPTO_DEV_QCE_ENABLE_SKCIPHER 610 bool "Symmetric-key ciphers only" 611 select CRYPTO_DEV_QCE_SKCIPHER 612 help 613 Enable symmetric-key ciphers only: 614 - AES (CBC, CTR, ECB, XTS) 615 - 3DES (ECB, CBC) 616 - DES (ECB, CBC) 617 618 config CRYPTO_DEV_QCE_ENABLE_SHA 619 bool "Hash/HMAC only" 620 select CRYPTO_DEV_QCE_SHA 621 help 622 Enable hashes/HMAC algorithms only: 623 - SHA1, HMAC-SHA1 624 - SHA256, HMAC-SHA256 625 626 config CRYPTO_DEV_QCE_ENABLE_AEAD 627 bool "AEAD algorithms only" 628 select CRYPTO_DEV_QCE_AEAD 629 help 630 Enable AEAD algorithms only: 631 - authenc() 632 - ccm(aes) 633 - rfc4309(ccm(aes)) 634endchoice 635 636config CRYPTO_DEV_QCE_SW_MAX_LEN 637 int "Default maximum request size to use software for AES" 638 depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER 639 default 512 640 help 641 This sets the default maximum request size to perform AES requests 642 using software instead of the crypto engine. It can be changed by 643 setting the aes_sw_max_len parameter. 644 645 Small blocks are processed faster in software than hardware. 646 Considering the 256-bit ciphers, software is 2-3 times faster than 647 qce at 256-bytes, 30% faster at 512, and about even at 768-bytes. 648 With 128-bit keys, the break-even point would be around 1024-bytes. 649 650 The default is set a little lower, to 512 bytes, to balance the 651 cost in CPU usage. The minimum recommended setting is 16-bytes 652 (1 AES block), since AES-GCM will fail if you set it lower. 653 Setting this to zero will send all requests to the hardware. 654 655 Note that 192-bit keys are not supported by the hardware and are 656 always processed by the software fallback, and all DES requests 657 are done by the hardware. 658 659config CRYPTO_DEV_QCOM_RNG 660 tristate "Qualcomm Random Number Generator Driver" 661 depends on ARCH_QCOM || COMPILE_TEST 662 depends on HW_RANDOM 663 select CRYPTO_RNG 664 help 665 This driver provides support for the Random Number 666 Generator hardware found on Qualcomm SoCs. 667 668 To compile this driver as a module, choose M here. The 669 module will be called qcom-rng. If unsure, say N. 670 671#config CRYPTO_DEV_VMX 672# bool "Support for VMX cryptographic acceleration instructions" 673# depends on PPC64 && VSX 674# help 675# Support for VMX cryptographic acceleration instructions. 676# 677#source "drivers/crypto/vmx/Kconfig" 678 679config CRYPTO_DEV_IMGTEC_HASH 680 tristate "Imagination Technologies hardware hash accelerator" 681 depends on MIPS || COMPILE_TEST 682 select CRYPTO_MD5 683 select CRYPTO_SHA1 684 select CRYPTO_SHA256 685 select CRYPTO_HASH 686 help 687 This driver interfaces with the Imagination Technologies 688 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256 689 hashing algorithms. 690 691config CRYPTO_DEV_ROCKCHIP 692 tristate "Rockchip's Cryptographic Engine driver" 693 depends on OF && ARCH_ROCKCHIP 694 depends on PM 695 select CRYPTO_ECB 696 select CRYPTO_CBC 697 select CRYPTO_DES 698 select CRYPTO_AES 699 select CRYPTO_ENGINE 700 select CRYPTO_LIB_DES 701 select CRYPTO_MD5 702 select CRYPTO_SHA1 703 select CRYPTO_SHA256 704 select CRYPTO_HASH 705 select CRYPTO_SKCIPHER 706 707 help 708 This driver interfaces with the hardware crypto accelerator. 709 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode. 710 711config CRYPTO_DEV_ROCKCHIP_DEBUG 712 bool "Enable Rockchip crypto stats" 713 depends on CRYPTO_DEV_ROCKCHIP 714 depends on DEBUG_FS 715 help 716 Say y to enable Rockchip crypto debug stats. 717 This will create /sys/kernel/debug/rk3288_crypto/stats for displaying 718 the number of requests per algorithm and other internal stats. 719 720config CRYPTO_DEV_TEGRA 721 tristate "Enable Tegra Security Engine" 722 depends on TEGRA_HOST1X 723 select CRYPTO_ENGINE 724 725 help 726 Select this to enable Tegra Security Engine which accelerates various 727 AES encryption/decryption and HASH algorithms. 728 729config CRYPTO_DEV_XILINX_TRNG 730 tristate "Support for Xilinx True Random Generator" 731 depends on ZYNQMP_FIRMWARE || COMPILE_TEST 732 select CRYPTO_DF80090A 733 select CRYPTO_RNG 734 select HW_RANDOM 735 help 736 Xilinx Versal SoC driver provides kernel-side support for True Random Number 737 Generator and Pseudo random Number in CTR_DRBG mode as defined in NIST SP800-90A. 738 739 To compile this driver as a module, choose M here: the module 740 will be called xilinx-trng. 741 742config CRYPTO_DEV_ZYNQMP_AES 743 tristate "Support for Xilinx ZynqMP AES hw accelerator" 744 depends on ZYNQMP_FIRMWARE || COMPILE_TEST 745 select CRYPTO_AES 746 select CRYPTO_ENGINE 747 select CRYPTO_AEAD 748 help 749 Xilinx ZynqMP has AES-GCM engine used for symmetric key 750 encryption and decryption. This driver interfaces with AES hw 751 accelerator. Select this if you want to use the ZynqMP module 752 for AES algorithms. 753 754config CRYPTO_DEV_ZYNQMP_SHA3 755 tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator" 756 depends on ZYNQMP_FIRMWARE || COMPILE_TEST 757 select CRYPTO_SHA3 758 help 759 Xilinx ZynqMP has SHA3 engine used for secure hash calculation. 760 This driver interfaces with SHA3 hardware engine. 761 Select this if you want to use the ZynqMP module 762 for SHA3 hash computation. 763 764source "drivers/crypto/chelsio/Kconfig" 765 766source "drivers/crypto/virtio/Kconfig" 767 768config CRYPTO_DEV_BCM_SPU 769 tristate "Broadcom symmetric crypto/hash acceleration support" 770 depends on ARCH_BCM_IPROC 771 depends on MAILBOX 772 default m 773 select CRYPTO_AUTHENC 774 select CRYPTO_LIB_DES 775 select CRYPTO_MD5 776 select CRYPTO_SHA1 777 select CRYPTO_SHA256 778 select CRYPTO_SHA512 779 help 780 This driver provides support for Broadcom crypto acceleration using the 781 Secure Processing Unit (SPU). The SPU driver registers skcipher, 782 ahash, and aead algorithms with the kernel cryptographic API. 783 784source "drivers/crypto/stm32/Kconfig" 785 786config CRYPTO_DEV_SAFEXCEL 787 tristate "Inside Secure's SafeXcel cryptographic engine driver" 788 depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM 789 select CRYPTO_LIB_AES 790 select CRYPTO_AUTHENC 791 select CRYPTO_SKCIPHER 792 select CRYPTO_LIB_DES 793 select CRYPTO_HASH 794 select CRYPTO_HMAC 795 select CRYPTO_MD5 796 select CRYPTO_SHA1 797 select CRYPTO_SHA256 798 select CRYPTO_SHA512 799 select CRYPTO_CHACHA20POLY1305 800 select CRYPTO_SHA3 801 help 802 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic 803 engines designed by Inside Secure. It currently accelerates DES, 3DES and 804 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256, 805 SHA384 and SHA512 hash algorithms for both basic hash and HMAC. 806 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations. 807 808config CRYPTO_DEV_ARTPEC6 809 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration." 810 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST) 811 depends on OF 812 select CRYPTO_AEAD 813 select CRYPTO_AES 814 select CRYPTO_ALGAPI 815 select CRYPTO_SKCIPHER 816 select CRYPTO_CTR 817 select CRYPTO_HASH 818 select CRYPTO_SHA1 819 select CRYPTO_SHA256 820 select CRYPTO_SHA512 821 help 822 Enables the driver for the on-chip crypto accelerator 823 of Axis ARTPEC SoCs. 824 825 To compile this driver as a module, choose M here. 826 827config CRYPTO_DEV_CCREE 828 tristate "Support for ARM TrustZone CryptoCell family of security processors" 829 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA 830 depends on HAS_IOMEM 831 select CRYPTO_HASH 832 select CRYPTO_SKCIPHER 833 select CRYPTO_LIB_DES 834 select CRYPTO_AEAD 835 select CRYPTO_AUTHENC 836 select CRYPTO_SHA1 837 select CRYPTO_MD5 838 select CRYPTO_SHA256 839 select CRYPTO_SHA512 840 select CRYPTO_HMAC 841 select CRYPTO_AES 842 select CRYPTO_CBC 843 select CRYPTO_ECB 844 select CRYPTO_CTR 845 select CRYPTO_XTS 846 select CRYPTO_SM4_GENERIC 847 select CRYPTO_SM3_GENERIC 848 help 849 Say 'Y' to enable a driver for the REE interface of the Arm 850 TrustZone CryptoCell family of processors. Currently the 851 CryptoCell 713, 703, 712, 710 and 630 are supported. 852 Choose this if you wish to use hardware acceleration of 853 cryptographic operations on the system REE. 854 If unsure say Y. 855 856source "drivers/crypto/hisilicon/Kconfig" 857source "drivers/crypto/loongson/Kconfig" 858 859source "drivers/crypto/amlogic/Kconfig" 860 861config CRYPTO_DEV_SA2UL 862 tristate "Support for TI security accelerator" 863 depends on ARCH_K3 || COMPILE_TEST 864 select CRYPTO_AES 865 select CRYPTO_ALGAPI 866 select CRYPTO_AUTHENC 867 select CRYPTO_DES 868 select CRYPTO_SHA1 869 select CRYPTO_SHA256 870 select CRYPTO_SHA512 871 select HW_RANDOM 872 select SG_SPLIT 873 help 874 K3 devices include a security accelerator engine that may be 875 used for crypto offload. Select this if you want to use hardware 876 acceleration for cryptographic algorithms on these devices. 877 878source "drivers/crypto/aspeed/Kconfig" 879source "drivers/crypto/starfive/Kconfig" 880source "drivers/crypto/inside-secure/eip93/Kconfig" 881source "drivers/crypto/ti/Kconfig" 882 883endif # CRYPTO_HW 884