1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 20b81d077SJaegeuk Kimconfig FS_ENCRYPTION 3643fa961SChandan Rajendra bool "FS Encryption (Per-file encryption)" 40b81d077SJaegeuk Kim select CRYPTO 5ede7a09fSHerbert Xu select CRYPTO_SKCIPHER 6bd0d97b7SEric Biggers select CRYPTO_LIB_SHA256 7*19591f7eSEric Biggers select CRYPTO_LIB_SHA512 80b81d077SJaegeuk Kim select KEYS 90b81d077SJaegeuk Kim help 100b81d077SJaegeuk Kim Enable encryption of files and directories. This 110b81d077SJaegeuk Kim feature is similar to ecryptfs, but it is more memory 120b81d077SJaegeuk Kim efficient since it avoids caching the encrypted and 13643fa961SChandan Rajendra decrypted pages in the page cache. Currently Ext4, 14c1f1f5bfSEric Biggers F2FS, UBIFS, and CephFS make use of this feature. 15ede7a09fSHerbert Xu 16ede7a09fSHerbert Xu# Filesystems supporting encryption must select this if FS_ENCRYPTION. This 17a0fc2033SArd Biesheuvel# allows the algorithms to be built as modules when all the filesystems are, 18a0fc2033SArd Biesheuvel# whereas selecting them from FS_ENCRYPTION would force them to be built-in. 19a0fc2033SArd Biesheuvel# 20a0fc2033SArd Biesheuvel# Note: this option only pulls in the algorithms that filesystem encryption 21a0fc2033SArd Biesheuvel# needs "by default". If userspace will use "non-default" encryption modes such 22a0fc2033SArd Biesheuvel# as Adiantum encryption, then those other modes need to be explicitly enabled 23a0fc2033SArd Biesheuvel# in the crypto API; see Documentation/filesystems/fscrypt.rst for details. 24a0fc2033SArd Biesheuvel# 25a0fc2033SArd Biesheuvel# Also note that this option only pulls in the generic implementations of the 26a0fc2033SArd Biesheuvel# algorithms, not any per-architecture optimized implementations. It is 2775eb8b94SEric Biggers# strongly recommended to enable optimized implementations too. 28ede7a09fSHerbert Xuconfig FS_ENCRYPTION_ALGS 29ede7a09fSHerbert Xu tristate 3075eb8b94SEric Biggers select CRYPTO_AES 3175eb8b94SEric Biggers select CRYPTO_CBC 3275eb8b94SEric Biggers select CRYPTO_CTS 3375eb8b94SEric Biggers select CRYPTO_ECB 3475eb8b94SEric Biggers select CRYPTO_XTS 355fee3609SSatya Tangirala 365fee3609SSatya Tangiralaconfig FS_ENCRYPTION_INLINE_CRYPT 375fee3609SSatya Tangirala bool "Enable fscrypt to use inline crypto" 385fee3609SSatya Tangirala depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION 395fee3609SSatya Tangirala help 405fee3609SSatya Tangirala Enable fscrypt to use inline encryption hardware if available. 41