1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 20b81d077SJaegeuk Kimconfig FS_ENCRYPTION 3643fa961SChandan Rajendra bool "FS Encryption (Per-file encryption)" 40b81d077SJaegeuk Kim select CRYPTO 5ede7a09fSHerbert Xu select CRYPTO_HASH 6ede7a09fSHerbert Xu select CRYPTO_SKCIPHER 7bd0d97b7SEric Biggers select CRYPTO_LIB_SHA256 80b81d077SJaegeuk Kim select KEYS 90b81d077SJaegeuk Kim help 100b81d077SJaegeuk Kim Enable encryption of files and directories. This 110b81d077SJaegeuk Kim feature is similar to ecryptfs, but it is more memory 120b81d077SJaegeuk Kim efficient since it avoids caching the encrypted and 13643fa961SChandan Rajendra decrypted pages in the page cache. Currently Ext4, 14*c1f1f5bfSEric Biggers F2FS, UBIFS, and CephFS make use of this feature. 15ede7a09fSHerbert Xu 16ede7a09fSHerbert Xu# Filesystems supporting encryption must select this if FS_ENCRYPTION. This 17a0fc2033SArd Biesheuvel# allows the algorithms to be built as modules when all the filesystems are, 18a0fc2033SArd Biesheuvel# whereas selecting them from FS_ENCRYPTION would force them to be built-in. 19a0fc2033SArd Biesheuvel# 20a0fc2033SArd Biesheuvel# Note: this option only pulls in the algorithms that filesystem encryption 21a0fc2033SArd Biesheuvel# needs "by default". If userspace will use "non-default" encryption modes such 22a0fc2033SArd Biesheuvel# as Adiantum encryption, then those other modes need to be explicitly enabled 23a0fc2033SArd Biesheuvel# in the crypto API; see Documentation/filesystems/fscrypt.rst for details. 24a0fc2033SArd Biesheuvel# 25a0fc2033SArd Biesheuvel# Also note that this option only pulls in the generic implementations of the 26a0fc2033SArd Biesheuvel# algorithms, not any per-architecture optimized implementations. It is 27a0fc2033SArd Biesheuvel# strongly recommended to enable optimized implementations too. It is safe to 28a0fc2033SArd Biesheuvel# disable these generic implementations if corresponding optimized 29a0fc2033SArd Biesheuvel# implementations will always be available too; for this reason, these are soft 30a0fc2033SArd Biesheuvel# dependencies ('imply' rather than 'select'). Only disable these generic 31a0fc2033SArd Biesheuvel# implementations if you're sure they will never be needed, though. 32ede7a09fSHerbert Xuconfig FS_ENCRYPTION_ALGS 33ede7a09fSHerbert Xu tristate 34a0fc2033SArd Biesheuvel imply CRYPTO_AES 35a0fc2033SArd Biesheuvel imply CRYPTO_CBC 36a0fc2033SArd Biesheuvel imply CRYPTO_CTS 37a0fc2033SArd Biesheuvel imply CRYPTO_ECB 38a0fc2033SArd Biesheuvel imply CRYPTO_HMAC 39a0fc2033SArd Biesheuvel imply CRYPTO_SHA512 40a0fc2033SArd Biesheuvel imply CRYPTO_XTS 415fee3609SSatya Tangirala 425fee3609SSatya Tangiralaconfig FS_ENCRYPTION_INLINE_CRYPT 435fee3609SSatya Tangirala bool "Enable fscrypt to use inline crypto" 445fee3609SSatya Tangirala depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION 455fee3609SSatya Tangirala help 465fee3609SSatya Tangirala Enable fscrypt to use inline encryption hardware if available. 47