1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 20b81d077SJaegeuk Kimconfig FS_ENCRYPTION 3643fa961SChandan Rajendra bool "FS Encryption (Per-file encryption)" 40b81d077SJaegeuk Kim select CRYPTO 5ede7a09fSHerbert Xu select CRYPTO_HASH 6*3241cd0cSHannes Reinecke select CRYPTO_HKDF 7ede7a09fSHerbert Xu select CRYPTO_SKCIPHER 8bd0d97b7SEric Biggers select CRYPTO_LIB_SHA256 90b81d077SJaegeuk Kim select KEYS 100b81d077SJaegeuk Kim help 110b81d077SJaegeuk Kim Enable encryption of files and directories. This 120b81d077SJaegeuk Kim feature is similar to ecryptfs, but it is more memory 130b81d077SJaegeuk Kim efficient since it avoids caching the encrypted and 14643fa961SChandan Rajendra decrypted pages in the page cache. Currently Ext4, 15c1f1f5bfSEric Biggers F2FS, UBIFS, and CephFS make use of this feature. 16ede7a09fSHerbert Xu 17ede7a09fSHerbert Xu# Filesystems supporting encryption must select this if FS_ENCRYPTION. This 18a0fc2033SArd Biesheuvel# allows the algorithms to be built as modules when all the filesystems are, 19a0fc2033SArd Biesheuvel# whereas selecting them from FS_ENCRYPTION would force them to be built-in. 20a0fc2033SArd Biesheuvel# 21a0fc2033SArd Biesheuvel# Note: this option only pulls in the algorithms that filesystem encryption 22a0fc2033SArd Biesheuvel# needs "by default". If userspace will use "non-default" encryption modes such 23a0fc2033SArd Biesheuvel# as Adiantum encryption, then those other modes need to be explicitly enabled 24a0fc2033SArd Biesheuvel# in the crypto API; see Documentation/filesystems/fscrypt.rst for details. 25a0fc2033SArd Biesheuvel# 26a0fc2033SArd Biesheuvel# Also note that this option only pulls in the generic implementations of the 27a0fc2033SArd Biesheuvel# algorithms, not any per-architecture optimized implementations. It is 2875eb8b94SEric Biggers# strongly recommended to enable optimized implementations too. 29ede7a09fSHerbert Xuconfig FS_ENCRYPTION_ALGS 30ede7a09fSHerbert Xu tristate 3175eb8b94SEric Biggers select CRYPTO_AES 3275eb8b94SEric Biggers select CRYPTO_CBC 3375eb8b94SEric Biggers select CRYPTO_CTS 3475eb8b94SEric Biggers select CRYPTO_ECB 3575eb8b94SEric Biggers select CRYPTO_HMAC 3675eb8b94SEric Biggers select CRYPTO_SHA512 3775eb8b94SEric Biggers select CRYPTO_XTS 385fee3609SSatya Tangirala 395fee3609SSatya Tangiralaconfig FS_ENCRYPTION_INLINE_CRYPT 405fee3609SSatya Tangirala bool "Enable fscrypt to use inline crypto" 415fee3609SSatya Tangirala depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION 425fee3609SSatya Tangirala help 435fee3609SSatya Tangirala Enable fscrypt to use inline encryption hardware if available. 44