xref: /linux/drivers/crypto/Kconfig (revision cdd30ebb1b9f36159d66f088b61aee264e649d7a)
1# SPDX-License-Identifier: GPL-2.0-only
2
3menuconfig CRYPTO_HW
4	bool "Hardware crypto devices"
5	default y
6	help
7	  Say Y here to get to see options for hardware crypto devices and
8	  processors. This option alone does not add any kernel code.
9
10	  If you say N, all options in this submenu will be skipped and disabled.
11
12if CRYPTO_HW
13
14source "drivers/crypto/allwinner/Kconfig"
15
16config CRYPTO_DEV_PADLOCK
17	tristate "Support for VIA PadLock ACE"
18	depends on X86 && !UML
19	help
20	  Some VIA processors come with an integrated crypto engine
21	  (so called VIA PadLock ACE, Advanced Cryptography Engine)
22	  that provides instructions for very fast cryptographic
23	  operations with supported algorithms.
24
25	  The instructions are used only when the CPU supports them.
26	  Otherwise software encryption is used.
27
28config CRYPTO_DEV_PADLOCK_AES
29	tristate "PadLock driver for AES algorithm"
30	depends on CRYPTO_DEV_PADLOCK
31	select CRYPTO_SKCIPHER
32	select CRYPTO_LIB_AES
33	help
34	  Use VIA PadLock for AES algorithm.
35
36	  Available in VIA C3 and newer CPUs.
37
38	  If unsure say M. The compiled module will be
39	  called padlock-aes.
40
41config CRYPTO_DEV_PADLOCK_SHA
42	tristate "PadLock driver for SHA1 and SHA256 algorithms"
43	depends on CRYPTO_DEV_PADLOCK
44	select CRYPTO_HASH
45	select CRYPTO_SHA1
46	select CRYPTO_SHA256
47	help
48	  Use VIA PadLock for SHA1/SHA256 algorithms.
49
50	  Available in VIA C7 and newer processors.
51
52	  If unsure say M. The compiled module will be
53	  called padlock-sha.
54
55config CRYPTO_DEV_GEODE
56	tristate "Support for the Geode LX AES engine"
57	depends on X86_32 && PCI
58	select CRYPTO_ALGAPI
59	select CRYPTO_SKCIPHER
60	help
61	  Say 'Y' here to use the AMD Geode LX processor on-board AES
62	  engine for the CryptoAPI AES algorithm.
63
64	  To compile this driver as a module, choose M here: the module
65	  will be called geode-aes.
66
67config ZCRYPT
68	tristate "Support for s390 cryptographic adapters"
69	depends on S390
70	depends on AP
71	select HW_RANDOM
72	help
73	  Select this option if you want to enable support for
74	  s390 cryptographic adapters like Crypto Express 4 up
75	  to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP)
76	  or Accelerator (CEXxA) mode.
77
78config PKEY
79	tristate "Kernel API for protected key handling"
80	depends on S390
81	help
82	  With this option enabled the pkey kernel modules provide an API
83	  for creation and handling of protected keys. Other parts of the
84	  kernel or userspace applications may use these functions.
85
86	  The protected key support is distributed into:
87	  - A pkey base and API kernel module (pkey.ko) which offers the
88	    infrastructure for the pkey handler kernel modules, the ioctl
89	    and the sysfs API and the in-kernel API to the crypto cipher
90	    implementations using protected key.
91	  - A pkey pckmo kernel module (pkey-pckmo.ko) which is automatically
92	    loaded when pckmo support (that is generation of protected keys
93	    from clear key values) is available.
94	  - A pkey CCA kernel module (pkey-cca.ko) which is automatically
95	    loaded when a CEX crypto card is available.
96	  - A pkey EP11 kernel module (pkey-ep11.ko) which is automatically
97	    loaded when a CEX crypto card is available.
98	  - A pkey UV kernel module (pkey-uv.ko) which is automatically
99	    loaded when the Ultravisor feature is available within a
100	    protected execution environment.
101
102	  Select this option if you want to enable the kernel and userspace
103	  API for protected key handling.
104
105config PKEY_CCA
106	tristate "PKEY CCA support handler"
107	depends on PKEY
108	depends on ZCRYPT
109	help
110	  This is the CCA support handler for deriving protected keys
111	  from CCA (secure) keys. Also this handler provides an alternate
112	  way to make protected keys from clear key values.
113
114	  The PKEY CCA support handler needs a Crypto Express card (CEX)
115	  in CCA mode.
116
117	  If you have selected the PKEY option then you should also enable
118	  this option unless you are sure you never need to derive protected
119	  keys from CCA key material.
120
121config PKEY_EP11
122	tristate "PKEY EP11 support handler"
123	depends on PKEY
124	depends on ZCRYPT
125	help
126	  This is the EP11 support handler for deriving protected keys
127	  from EP11 (secure) keys. Also this handler provides an alternate
128	  way to make protected keys from clear key values.
129
130	  The PKEY EP11 support handler needs a Crypto Express card (CEX)
131	  in EP11 mode.
132
133	  If you have selected the PKEY option then you should also enable
134	  this option unless you are sure you never need to derive protected
135	  keys from EP11 key material.
136
137config PKEY_PCKMO
138	tristate "PKEY PCKMO support handler"
139	depends on PKEY
140	help
141	  This is the PCKMO support handler for deriving protected keys
142	  from clear key values via invoking the PCKMO instruction.
143
144	  The PCKMO instruction can be enabled and disabled in the crypto
145	  settings at the LPAR profile. This handler checks for availability
146	  during initialization and if build as a kernel module unloads
147	  itself if PCKMO is disabled.
148
149	  The PCKMO way of deriving protected keys from clear key material
150	  is especially used during self test of protected key ciphers like
151	  PAES but the CCA and EP11 handler provide alternate ways to
152	  generate protected keys from clear key values.
153
154	  If you have selected the PKEY option then you should also enable
155	  this option unless you are sure you never need to derive protected
156	  keys from clear key values directly via PCKMO.
157
158config PKEY_UV
159	tristate "PKEY UV support handler"
160	depends on PKEY
161	depends on S390_UV_UAPI
162	help
163	  This is the PKEY Ultravisor support handler for deriving protected
164	  keys from secrets stored within the Ultravisor (UV).
165
166	  This module works together with the UV device and supports the
167	  retrieval of protected keys from secrets stored within the
168	  UV firmware layer. This service is only available within
169	  a protected execution guest and thus this module will fail upon
170	  modprobe if no protected execution environment is detected.
171
172	  Enable this option if you intend to run this kernel with an KVM
173	  guest with protected execution and you want to use UV retrievable
174	  secrets via PKEY API.
175
176config CRYPTO_PAES_S390
177	tristate "PAES cipher algorithms"
178	depends on S390
179	depends on ZCRYPT
180	depends on PKEY
181	select CRYPTO_ALGAPI
182	select CRYPTO_SKCIPHER
183	help
184	  This is the s390 hardware accelerated implementation of the
185	  AES cipher algorithms for use with protected key.
186
187	  Select this option if you want to use the paes cipher
188	  for example to use protected key encrypted devices.
189
190config S390_PRNG
191	tristate "Pseudo random number generator device driver"
192	depends on S390
193	default "m"
194	help
195	  Select this option if you want to use the s390 pseudo random number
196	  generator. The PRNG is part of the cryptographic processor functions
197	  and uses triple-DES to generate secure random numbers like the
198	  ANSI X9.17 standard. User-space programs access the
199	  pseudo-random-number device through the char device /dev/prandom.
200
201	  It is available as of z9.
202
203config CRYPTO_DEV_NIAGARA2
204	tristate "Niagara2 Stream Processing Unit driver"
205	select CRYPTO_LIB_DES
206	select CRYPTO_SKCIPHER
207	select CRYPTO_HASH
208	select CRYPTO_MD5
209	select CRYPTO_SHA1
210	select CRYPTO_SHA256
211	depends on SPARC64
212	help
213	  Each core of a Niagara2 processor contains a Stream
214	  Processing Unit, which itself contains several cryptographic
215	  sub-units.  One set provides the Modular Arithmetic Unit,
216	  used for SSL offload.  The other set provides the Cipher
217	  Group, which can perform encryption, decryption, hashing,
218	  checksumming, and raw copies.
219
220config CRYPTO_DEV_SL3516
221	tristate "Storlink SL3516 crypto offloader"
222	depends on ARCH_GEMINI || COMPILE_TEST
223	depends on HAS_IOMEM && PM
224	select CRYPTO_SKCIPHER
225	select CRYPTO_ENGINE
226	select CRYPTO_ECB
227	select CRYPTO_AES
228	select HW_RANDOM
229	help
230	  This option allows you to have support for SL3516 crypto offloader.
231
232config CRYPTO_DEV_SL3516_DEBUG
233	bool "Enable SL3516 stats"
234	depends on CRYPTO_DEV_SL3516
235	depends on DEBUG_FS
236	help
237	  Say y to enable SL3516 debug stats.
238	  This will create /sys/kernel/debug/sl3516/stats for displaying
239	  the number of requests per algorithm and other internal stats.
240
241config CRYPTO_DEV_HIFN_795X
242	tristate "Driver HIFN 795x crypto accelerator chips"
243	select CRYPTO_LIB_DES
244	select CRYPTO_SKCIPHER
245	select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
246	depends on PCI
247	depends on !ARCH_DMA_ADDR_T_64BIT
248	help
249	  This option allows you to have support for HIFN 795x crypto adapters.
250
251config CRYPTO_DEV_HIFN_795X_RNG
252	bool "HIFN 795x random number generator"
253	depends on CRYPTO_DEV_HIFN_795X
254	help
255	  Select this option if you want to enable the random number generator
256	  on the HIFN 795x crypto adapters.
257
258source "drivers/crypto/caam/Kconfig"
259
260config CRYPTO_DEV_TALITOS
261	tristate "Talitos Freescale Security Engine (SEC)"
262	select CRYPTO_AEAD
263	select CRYPTO_AUTHENC
264	select CRYPTO_SKCIPHER
265	select CRYPTO_HASH
266	select CRYPTO_LIB_DES
267	select HW_RANDOM
268	depends on FSL_SOC
269	help
270	  Say 'Y' here to use the Freescale Security Engine (SEC)
271	  to offload cryptographic algorithm computation.
272
273	  The Freescale SEC is present on PowerQUICC 'E' processors, such
274	  as the MPC8349E and MPC8548E.
275
276	  To compile this driver as a module, choose M here: the module
277	  will be called talitos.
278
279config CRYPTO_DEV_TALITOS1
280	bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
281	depends on CRYPTO_DEV_TALITOS
282	depends on PPC_8xx || PPC_82xx
283	default y
284	help
285	  Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
286	  found on MPC82xx or the Freescale Security Engine (SEC Lite)
287	  version 1.2 found on MPC8xx
288
289config CRYPTO_DEV_TALITOS2
290	bool "SEC2+ (SEC version 2.0 or upper)"
291	depends on CRYPTO_DEV_TALITOS
292	default y if !PPC_8xx
293	help
294	  Say 'Y' here to use the Freescale Security Engine (SEC)
295	  version 2 and following as found on MPC83xx, MPC85xx, etc ...
296
297config CRYPTO_DEV_PPC4XX
298	tristate "Driver AMCC PPC4xx crypto accelerator"
299	depends on PPC && 4xx
300	select CRYPTO_HASH
301	select CRYPTO_AEAD
302	select CRYPTO_AES
303	select CRYPTO_LIB_AES
304	select CRYPTO_CCM
305	select CRYPTO_CTR
306	select CRYPTO_GCM
307	select CRYPTO_SKCIPHER
308	help
309	  This option allows you to have support for AMCC crypto acceleration.
310
311config HW_RANDOM_PPC4XX
312	bool "PowerPC 4xx generic true random number generator support"
313	depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y
314	default y
315	help
316	 This option provides the kernel-side support for the TRNG hardware
317	 found in the security function of some PowerPC 4xx SoCs.
318
319config CRYPTO_DEV_OMAP
320	tristate "Support for OMAP crypto HW accelerators"
321	depends on ARCH_OMAP2PLUS
322	help
323	  OMAP processors have various crypto HW accelerators. Select this if
324	  you want to use the OMAP modules for any of the crypto algorithms.
325
326if CRYPTO_DEV_OMAP
327
328config CRYPTO_DEV_OMAP_SHAM
329	tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
330	depends on ARCH_OMAP2PLUS
331	select CRYPTO_ENGINE
332	select CRYPTO_SHA1
333	select CRYPTO_MD5
334	select CRYPTO_SHA256
335	select CRYPTO_SHA512
336	select CRYPTO_HMAC
337	help
338	  OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
339	  want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
340
341config CRYPTO_DEV_OMAP_AES
342	tristate "Support for OMAP AES hw engine"
343	depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
344	select CRYPTO_AES
345	select CRYPTO_SKCIPHER
346	select CRYPTO_ENGINE
347	select CRYPTO_CBC
348	select CRYPTO_ECB
349	select CRYPTO_CTR
350	select CRYPTO_AEAD
351	help
352	  OMAP processors have AES module accelerator. Select this if you
353	  want to use the OMAP module for AES algorithms.
354
355config CRYPTO_DEV_OMAP_DES
356	tristate "Support for OMAP DES/3DES hw engine"
357	depends on ARCH_OMAP2PLUS
358	select CRYPTO_LIB_DES
359	select CRYPTO_SKCIPHER
360	select CRYPTO_ENGINE
361	help
362	  OMAP processors have DES/3DES module accelerator. Select this if you
363	  want to use the OMAP module for DES and 3DES algorithms. Currently
364	  the ECB and CBC modes of operation are supported by the driver. Also
365	  accesses made on unaligned boundaries are supported.
366
367endif # CRYPTO_DEV_OMAP
368
369config CRYPTO_DEV_SAHARA
370	tristate "Support for SAHARA crypto accelerator"
371	depends on ARCH_MXC && OF
372	select CRYPTO_SKCIPHER
373	select CRYPTO_AES
374	select CRYPTO_ECB
375	select CRYPTO_ENGINE
376	help
377	  This option enables support for the SAHARA HW crypto accelerator
378	  found in some Freescale i.MX chips.
379
380config CRYPTO_DEV_EXYNOS_RNG
381	tristate "Exynos HW pseudo random number generator support"
382	depends on ARCH_EXYNOS || COMPILE_TEST
383	depends on HAS_IOMEM
384	select CRYPTO_RNG
385	help
386	  This driver provides kernel-side support through the
387	  cryptographic API for the pseudo random number generator hardware
388	  found on Exynos SoCs.
389
390	  To compile this driver as a module, choose M here: the
391	  module will be called exynos-rng.
392
393	  If unsure, say Y.
394
395config CRYPTO_DEV_S5P
396	tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
397	depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
398	depends on HAS_IOMEM
399	select CRYPTO_AES
400	select CRYPTO_SKCIPHER
401	help
402	  This option allows you to have support for S5P crypto acceleration.
403	  Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
404	  algorithms execution.
405
406config CRYPTO_DEV_EXYNOS_HASH
407	bool "Support for Samsung Exynos HASH accelerator"
408	depends on CRYPTO_DEV_S5P
409	depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
410	select CRYPTO_SHA1
411	select CRYPTO_MD5
412	select CRYPTO_SHA256
413	help
414	  Select this to offload Exynos from HASH MD5/SHA1/SHA256.
415	  This will select software SHA1, MD5 and SHA256 as they are
416	  needed for small and zero-size messages.
417	  HASH algorithms will be disabled if EXYNOS_RNG
418	  is enabled due to hw conflict.
419
420config CRYPTO_DEV_NX
421	bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
422	depends on PPC64
423	help
424	  This enables support for the NX hardware cryptographic accelerator
425	  coprocessor that is in IBM PowerPC P7+ or later processors.  This
426	  does not actually enable any drivers, it only allows you to select
427	  which acceleration type (encryption and/or compression) to enable.
428
429if CRYPTO_DEV_NX
430	source "drivers/crypto/nx/Kconfig"
431endif
432
433config CRYPTO_DEV_ATMEL_AUTHENC
434	bool "Support for Atmel IPSEC/SSL hw accelerator"
435	depends on ARCH_AT91 || COMPILE_TEST
436	depends on CRYPTO_DEV_ATMEL_AES
437	help
438	  Some Atmel processors can combine the AES and SHA hw accelerators
439	  to enhance support of IPSEC/SSL.
440	  Select this if you want to use the Atmel modules for
441	  authenc(hmac(shaX),Y(cbc)) algorithms.
442
443config CRYPTO_DEV_ATMEL_AES
444	tristate "Support for Atmel AES hw accelerator"
445	depends on ARCH_AT91 || COMPILE_TEST
446	select CRYPTO_AES
447	select CRYPTO_AEAD
448	select CRYPTO_SKCIPHER
449	select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
450	select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
451	help
452	  Some Atmel processors have AES hw accelerator.
453	  Select this if you want to use the Atmel module for
454	  AES algorithms.
455
456	  To compile this driver as a module, choose M here: the module
457	  will be called atmel-aes.
458
459config CRYPTO_DEV_ATMEL_TDES
460	tristate "Support for Atmel DES/TDES hw accelerator"
461	depends on ARCH_AT91 || COMPILE_TEST
462	select CRYPTO_LIB_DES
463	select CRYPTO_SKCIPHER
464	help
465	  Some Atmel processors have DES/TDES hw accelerator.
466	  Select this if you want to use the Atmel module for
467	  DES/TDES algorithms.
468
469	  To compile this driver as a module, choose M here: the module
470	  will be called atmel-tdes.
471
472config CRYPTO_DEV_ATMEL_SHA
473	tristate "Support for Atmel SHA hw accelerator"
474	depends on ARCH_AT91 || COMPILE_TEST
475	select CRYPTO_HASH
476	help
477	  Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
478	  hw accelerator.
479	  Select this if you want to use the Atmel module for
480	  SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
481
482	  To compile this driver as a module, choose M here: the module
483	  will be called atmel-sha.
484
485config CRYPTO_DEV_ATMEL_I2C
486	tristate
487	select BITREVERSE
488
489config CRYPTO_DEV_ATMEL_ECC
490	tristate "Support for Microchip / Atmel ECC hw accelerator"
491	depends on I2C
492	select CRYPTO_DEV_ATMEL_I2C
493	select CRYPTO_ECDH
494	select CRC16
495	help
496	  Microhip / Atmel ECC hw accelerator.
497	  Select this if you want to use the Microchip / Atmel module for
498	  ECDH algorithm.
499
500	  To compile this driver as a module, choose M here: the module
501	  will be called atmel-ecc.
502
503config CRYPTO_DEV_ATMEL_SHA204A
504	tristate "Support for Microchip / Atmel SHA accelerator and RNG"
505	depends on I2C
506	select CRYPTO_DEV_ATMEL_I2C
507	select HW_RANDOM
508	select CRC16
509	help
510	  Microhip / Atmel SHA accelerator and RNG.
511	  Select this if you want to use the Microchip / Atmel SHA204A
512	  module as a random number generator. (Other functions of the
513	  chip are currently not exposed by this driver)
514
515	  To compile this driver as a module, choose M here: the module
516	  will be called atmel-sha204a.
517
518config CRYPTO_DEV_CCP
519	bool "Support for AMD Secure Processor"
520	depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
521	help
522	  The AMD Secure Processor provides support for the Cryptographic Coprocessor
523	  (CCP) and the Platform Security Processor (PSP) devices.
524
525if CRYPTO_DEV_CCP
526	source "drivers/crypto/ccp/Kconfig"
527endif
528
529config CRYPTO_DEV_MXS_DCP
530	tristate "Support for Freescale MXS DCP"
531	depends on (ARCH_MXS || ARCH_MXC)
532	select STMP_DEVICE
533	select CRYPTO_CBC
534	select CRYPTO_ECB
535	select CRYPTO_AES
536	select CRYPTO_SKCIPHER
537	select CRYPTO_HASH
538	help
539	  The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
540	  co-processor on the die.
541
542	  To compile this driver as a module, choose M here: the module
543	  will be called mxs-dcp.
544
545source "drivers/crypto/cavium/cpt/Kconfig"
546source "drivers/crypto/cavium/nitrox/Kconfig"
547source "drivers/crypto/marvell/Kconfig"
548source "drivers/crypto/intel/Kconfig"
549
550config CRYPTO_DEV_CAVIUM_ZIP
551	tristate "Cavium ZIP driver"
552	depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
553	help
554	  Select this option if you want to enable compression/decompression
555	  acceleration on Cavium's ARM based SoCs
556
557config CRYPTO_DEV_QCE
558	tristate "Qualcomm crypto engine accelerator"
559	depends on ARCH_QCOM || COMPILE_TEST
560	depends on HAS_IOMEM
561	help
562	  This driver supports Qualcomm crypto engine accelerator
563	  hardware. To compile this driver as a module, choose M here. The
564	  module will be called qcrypto.
565
566config CRYPTO_DEV_QCE_SKCIPHER
567	bool
568	depends on CRYPTO_DEV_QCE
569	select CRYPTO_AES
570	select CRYPTO_LIB_DES
571	select CRYPTO_ECB
572	select CRYPTO_CBC
573	select CRYPTO_XTS
574	select CRYPTO_CTR
575	select CRYPTO_SKCIPHER
576
577config CRYPTO_DEV_QCE_SHA
578	bool
579	depends on CRYPTO_DEV_QCE
580	select CRYPTO_SHA1
581	select CRYPTO_SHA256
582
583config CRYPTO_DEV_QCE_AEAD
584	bool
585	depends on CRYPTO_DEV_QCE
586	select CRYPTO_AUTHENC
587	select CRYPTO_LIB_DES
588
589choice
590	prompt "Algorithms enabled for QCE acceleration"
591	default CRYPTO_DEV_QCE_ENABLE_ALL
592	depends on CRYPTO_DEV_QCE
593	help
594	  This option allows to choose whether to build support for all algorithms
595	  (default), hashes-only, or skciphers-only.
596
597	  The QCE engine does not appear to scale as well as the CPU to handle
598	  multiple crypto requests.  While the ipq40xx chips have 4-core CPUs, the
599	  QCE handles only 2 requests in parallel.
600
601	  Ipsec throughput seems to improve when disabling either family of
602	  algorithms, sharing the load with the CPU.  Enabling skciphers-only
603	  appears to work best.
604
605	config CRYPTO_DEV_QCE_ENABLE_ALL
606		bool "All supported algorithms"
607		select CRYPTO_DEV_QCE_SKCIPHER
608		select CRYPTO_DEV_QCE_SHA
609		select CRYPTO_DEV_QCE_AEAD
610		help
611		  Enable all supported algorithms:
612			- AES (CBC, CTR, ECB, XTS)
613			- 3DES (CBC, ECB)
614			- DES (CBC, ECB)
615			- SHA1, HMAC-SHA1
616			- SHA256, HMAC-SHA256
617
618	config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
619		bool "Symmetric-key ciphers only"
620		select CRYPTO_DEV_QCE_SKCIPHER
621		help
622		  Enable symmetric-key ciphers only:
623			- AES (CBC, CTR, ECB, XTS)
624			- 3DES (ECB, CBC)
625			- DES (ECB, CBC)
626
627	config CRYPTO_DEV_QCE_ENABLE_SHA
628		bool "Hash/HMAC only"
629		select CRYPTO_DEV_QCE_SHA
630		help
631		  Enable hashes/HMAC algorithms only:
632			- SHA1, HMAC-SHA1
633			- SHA256, HMAC-SHA256
634
635	config CRYPTO_DEV_QCE_ENABLE_AEAD
636		bool "AEAD algorithms only"
637		select CRYPTO_DEV_QCE_AEAD
638		help
639		  Enable AEAD algorithms only:
640			- authenc()
641			- ccm(aes)
642			- rfc4309(ccm(aes))
643endchoice
644
645config CRYPTO_DEV_QCE_SW_MAX_LEN
646	int "Default maximum request size to use software for AES"
647	depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
648	default 512
649	help
650	  This sets the default maximum request size to perform AES requests
651	  using software instead of the crypto engine.  It can be changed by
652	  setting the aes_sw_max_len parameter.
653
654	  Small blocks are processed faster in software than hardware.
655	  Considering the 256-bit ciphers, software is 2-3 times faster than
656	  qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
657	  With 128-bit keys, the break-even point would be around 1024-bytes.
658
659	  The default is set a little lower, to 512 bytes, to balance the
660	  cost in CPU usage.  The minimum recommended setting is 16-bytes
661	  (1 AES block), since AES-GCM will fail if you set it lower.
662	  Setting this to zero will send all requests to the hardware.
663
664	  Note that 192-bit keys are not supported by the hardware and are
665	  always processed by the software fallback, and all DES requests
666	  are done by the hardware.
667
668config CRYPTO_DEV_QCOM_RNG
669	tristate "Qualcomm Random Number Generator Driver"
670	depends on ARCH_QCOM || COMPILE_TEST
671	depends on HW_RANDOM
672	select CRYPTO_RNG
673	help
674	  This driver provides support for the Random Number
675	  Generator hardware found on Qualcomm SoCs.
676
677	  To compile this driver as a module, choose M here. The
678	  module will be called qcom-rng. If unsure, say N.
679
680#config CRYPTO_DEV_VMX
681#	bool "Support for VMX cryptographic acceleration instructions"
682#	depends on PPC64 && VSX
683#	help
684#	  Support for VMX cryptographic acceleration instructions.
685#
686#source "drivers/crypto/vmx/Kconfig"
687
688config CRYPTO_DEV_IMGTEC_HASH
689	tristate "Imagination Technologies hardware hash accelerator"
690	depends on MIPS || COMPILE_TEST
691	select CRYPTO_MD5
692	select CRYPTO_SHA1
693	select CRYPTO_SHA256
694	select CRYPTO_HASH
695	help
696	  This driver interfaces with the Imagination Technologies
697	  hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
698	  hashing algorithms.
699
700config CRYPTO_DEV_ROCKCHIP
701	tristate "Rockchip's Cryptographic Engine driver"
702	depends on OF && ARCH_ROCKCHIP
703	depends on PM
704	select CRYPTO_ECB
705	select CRYPTO_CBC
706	select CRYPTO_DES
707	select CRYPTO_AES
708	select CRYPTO_ENGINE
709	select CRYPTO_LIB_DES
710	select CRYPTO_MD5
711	select CRYPTO_SHA1
712	select CRYPTO_SHA256
713	select CRYPTO_HASH
714	select CRYPTO_SKCIPHER
715
716	help
717	  This driver interfaces with the hardware crypto accelerator.
718	  Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
719
720config CRYPTO_DEV_ROCKCHIP_DEBUG
721	bool "Enable Rockchip crypto stats"
722	depends on CRYPTO_DEV_ROCKCHIP
723	depends on DEBUG_FS
724	help
725	  Say y to enable Rockchip crypto debug stats.
726	  This will create /sys/kernel/debug/rk3288_crypto/stats for displaying
727	  the number of requests per algorithm and other internal stats.
728
729config CRYPTO_DEV_TEGRA
730	tristate "Enable Tegra Security Engine"
731	depends on TEGRA_HOST1X
732	select CRYPTO_ENGINE
733
734	help
735	  Select this to enable Tegra Security Engine which accelerates various
736	  AES encryption/decryption and HASH algorithms.
737
738config CRYPTO_DEV_ZYNQMP_AES
739	tristate "Support for Xilinx ZynqMP AES hw accelerator"
740	depends on ZYNQMP_FIRMWARE || COMPILE_TEST
741	select CRYPTO_AES
742	select CRYPTO_ENGINE
743	select CRYPTO_AEAD
744	help
745	  Xilinx ZynqMP has AES-GCM engine used for symmetric key
746	  encryption and decryption. This driver interfaces with AES hw
747	  accelerator. Select this if you want to use the ZynqMP module
748	  for AES algorithms.
749
750config CRYPTO_DEV_ZYNQMP_SHA3
751	tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator"
752	depends on ZYNQMP_FIRMWARE || COMPILE_TEST
753	select CRYPTO_SHA3
754	help
755	  Xilinx ZynqMP has SHA3 engine used for secure hash calculation.
756	  This driver interfaces with SHA3 hardware engine.
757	  Select this if you want to use the ZynqMP module
758	  for SHA3 hash computation.
759
760source "drivers/crypto/chelsio/Kconfig"
761
762source "drivers/crypto/virtio/Kconfig"
763
764config CRYPTO_DEV_BCM_SPU
765	tristate "Broadcom symmetric crypto/hash acceleration support"
766	depends on ARCH_BCM_IPROC
767	depends on MAILBOX
768	default m
769	select CRYPTO_AUTHENC
770	select CRYPTO_LIB_DES
771	select CRYPTO_MD5
772	select CRYPTO_SHA1
773	select CRYPTO_SHA256
774	select CRYPTO_SHA512
775	help
776	  This driver provides support for Broadcom crypto acceleration using the
777	  Secure Processing Unit (SPU). The SPU driver registers skcipher,
778	  ahash, and aead algorithms with the kernel cryptographic API.
779
780source "drivers/crypto/stm32/Kconfig"
781
782config CRYPTO_DEV_SAFEXCEL
783	tristate "Inside Secure's SafeXcel cryptographic engine driver"
784	depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
785	select CRYPTO_LIB_AES
786	select CRYPTO_AUTHENC
787	select CRYPTO_SKCIPHER
788	select CRYPTO_LIB_DES
789	select CRYPTO_HASH
790	select CRYPTO_HMAC
791	select CRYPTO_MD5
792	select CRYPTO_SHA1
793	select CRYPTO_SHA256
794	select CRYPTO_SHA512
795	select CRYPTO_CHACHA20POLY1305
796	select CRYPTO_SHA3
797	help
798	  This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
799	  engines designed by Inside Secure. It currently accelerates DES, 3DES and
800	  AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
801	  SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
802	  Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
803
804config CRYPTO_DEV_ARTPEC6
805	tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
806	depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
807	depends on OF
808	select CRYPTO_AEAD
809	select CRYPTO_AES
810	select CRYPTO_ALGAPI
811	select CRYPTO_SKCIPHER
812	select CRYPTO_CTR
813	select CRYPTO_HASH
814	select CRYPTO_SHA1
815	select CRYPTO_SHA256
816	select CRYPTO_SHA512
817	help
818	  Enables the driver for the on-chip crypto accelerator
819	  of Axis ARTPEC SoCs.
820
821	  To compile this driver as a module, choose M here.
822
823config CRYPTO_DEV_CCREE
824	tristate "Support for ARM TrustZone CryptoCell family of security processors"
825	depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
826	depends on HAS_IOMEM
827	select CRYPTO_HASH
828	select CRYPTO_SKCIPHER
829	select CRYPTO_LIB_DES
830	select CRYPTO_AEAD
831	select CRYPTO_AUTHENC
832	select CRYPTO_SHA1
833	select CRYPTO_MD5
834	select CRYPTO_SHA256
835	select CRYPTO_SHA512
836	select CRYPTO_HMAC
837	select CRYPTO_AES
838	select CRYPTO_CBC
839	select CRYPTO_ECB
840	select CRYPTO_CTR
841	select CRYPTO_XTS
842	select CRYPTO_SM4_GENERIC
843	select CRYPTO_SM3_GENERIC
844	help
845	  Say 'Y' to enable a driver for the REE interface of the Arm
846	  TrustZone CryptoCell family of processors. Currently the
847	  CryptoCell 713, 703, 712, 710 and 630 are supported.
848	  Choose this if you wish to use hardware acceleration of
849	  cryptographic operations on the system REE.
850	  If unsure say Y.
851
852source "drivers/crypto/hisilicon/Kconfig"
853
854source "drivers/crypto/amlogic/Kconfig"
855
856config CRYPTO_DEV_SA2UL
857	tristate "Support for TI security accelerator"
858	depends on ARCH_K3 || COMPILE_TEST
859	select CRYPTO_AES
860	select CRYPTO_ALGAPI
861	select CRYPTO_AUTHENC
862	select CRYPTO_DES
863	select CRYPTO_SHA1
864	select CRYPTO_SHA256
865	select CRYPTO_SHA512
866	select HW_RANDOM
867	select SG_SPLIT
868	help
869	  K3 devices include a security accelerator engine that may be
870	  used for crypto offload.  Select this if you want to use hardware
871	  acceleration for cryptographic algorithms on these devices.
872
873source "drivers/crypto/aspeed/Kconfig"
874source "drivers/crypto/starfive/Kconfig"
875
876endif # CRYPTO_HW
877