xref: /linux/net/sunrpc/Kconfig (revision 3394682fba3b9010c6147e94f37633f044876e5e) 
1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only
29098c24fSAlexey Dobriyanconfig SUNRPC
39098c24fSAlexey Dobriyan	tristate
42813893fSIulia Manda	depends on MULTIUSER
59098c24fSAlexey Dobriyan
69098c24fSAlexey Dobriyanconfig SUNRPC_GSS
79098c24fSAlexey Dobriyan	tristate
8f783288fSChuck Lever	select OID_REGISTRY
92813893fSIulia Manda	depends on MULTIUSER
109098c24fSAlexey Dobriyan
119e00abc3STrond Myklebustconfig SUNRPC_BACKCHANNEL
129e00abc3STrond Myklebust	bool
139e00abc3STrond Myklebust	depends on SUNRPC
149e00abc3STrond Myklebust
15a564b8f0SMel Gormanconfig SUNRPC_SWAP
16a564b8f0SMel Gorman	bool
17a564b8f0SMel Gorman	depends on SUNRPC
18a564b8f0SMel Gorman
199098c24fSAlexey Dobriyanconfig RPCSEC_GSS_KRB5
20e3b2854fSTrond Myklebust	tristate "Secure RPC: Kerberos V mechanism"
21df486a25STrond Myklebust	depends on SUNRPC && CRYPTO
22df486a25STrond Myklebust	default y
239098c24fSAlexey Dobriyan	select SUNRPC_GSS
24dfe9a123SChuck Lever	select CRYPTO_SKCIPHER
25dfe9a123SChuck Lever	select CRYPTO_HASH
269098c24fSAlexey Dobriyan	help
279098c24fSAlexey Dobriyan	  Choose Y here to enable Secure RPC using the Kerberos version 5
289098c24fSAlexey Dobriyan	  GSS-API mechanism (RFC 1964).
299098c24fSAlexey Dobriyan
309098c24fSAlexey Dobriyan	  Secure RPC calls with Kerberos require an auxiliary user-space
319098c24fSAlexey Dobriyan	  daemon which may be found in the Linux nfs-utils package
329098c24fSAlexey Dobriyan	  available from http://linux-nfs.org/.  In addition, user-space
339098c24fSAlexey Dobriyan	  Kerberos support should be installed.
349098c24fSAlexey Dobriyan
35df486a25STrond Myklebust	  If unsure, say Y.
36e27d359eSTrond Myklebust
37dfe9a123SChuck Leverconfig RPCSEC_GSS_KRB5_SIMPLIFIED
38dfe9a123SChuck Lever	bool
39fe9a2705SChuck Lever	depends on RPCSEC_GSS_KRB5
40fe9a2705SChuck Lever
41dfe9a123SChuck Leverconfig RPCSEC_GSS_KRB5_CRYPTOSYSTEM
42dfe9a123SChuck Lever	bool
43dfe9a123SChuck Lever	depends on RPCSEC_GSS_KRB5
44dfe9a123SChuck Lever
45dfe9a123SChuck Leverconfig RPCSEC_GSS_KRB5_ENCTYPES_DES
46dfe9a123SChuck Lever	bool "Enable Kerberos enctypes based on DES (deprecated)"
47dfe9a123SChuck Lever	depends on RPCSEC_GSS_KRB5
48dfe9a123SChuck Lever	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB
49dfe9a123SChuck Lever	depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1
50dfe9a123SChuck Lever	depends on CRYPTO_DES
51dfe9a123SChuck Lever	default n
52dfe9a123SChuck Lever	select RPCSEC_GSS_KRB5_SIMPLIFIED
53dfe9a123SChuck Lever	help
54dfe9a123SChuck Lever	  Choose Y to enable the use of deprecated Kerberos 5
55dfe9a123SChuck Lever	  encryption types that utilize Data Encryption Standard
56dfe9a123SChuck Lever	  (DES) based ciphers. These include des-cbc-md5,
57dfe9a123SChuck Lever	  des-cbc-crc, and des-cbc-md4, which were deprecated by
58dfe9a123SChuck Lever	  RFC 6649, and des3-cbc-sha1, which was deprecated by RFC
59dfe9a123SChuck Lever	  8429.
60dfe9a123SChuck Lever
61dfe9a123SChuck Lever	  These encryption types are known to be insecure, therefore
62dfe9a123SChuck Lever	  the default setting of this option is N. Support for these
63dfe9a123SChuck Lever	  encryption types is available only for compatibility with
64dfe9a123SChuck Lever	  legacy NFS client and server implementations.
65dfe9a123SChuck Lever
66dfe9a123SChuck Lever	  Removal of support is planned for a subsequent kernel
67dfe9a123SChuck Lever	  release.
68dfe9a123SChuck Lever
69dfe9a123SChuck Leverconfig RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
70dfe9a123SChuck Lever	bool "Enable Kerberos enctypes based on AES and SHA-1"
71dfe9a123SChuck Lever	depends on RPCSEC_GSS_KRB5
72dfe9a123SChuck Lever	depends on CRYPTO_CBC && CRYPTO_CTS
73dfe9a123SChuck Lever	depends on CRYPTO_HMAC && CRYPTO_SHA1
74dfe9a123SChuck Lever	depends on CRYPTO_AES
75dfe9a123SChuck Lever	default y
76dfe9a123SChuck Lever	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
77dfe9a123SChuck Lever	help
78dfe9a123SChuck Lever	  Choose Y to enable the use of Kerberos 5 encryption types
79dfe9a123SChuck Lever	  that utilize Advanced Encryption Standard (AES) ciphers and
80dfe9a123SChuck Lever	  SHA-1 digests. These include aes128-cts-hmac-sha1-96 and
81dfe9a123SChuck Lever	  aes256-cts-hmac-sha1-96.
82fe9a2705SChuck Lever
83*3394682fSChuck Leverconfig RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA
84*3394682fSChuck Lever	bool "Enable Kerberos encryption types based on Camellia and CMAC"
85*3394682fSChuck Lever	depends on RPCSEC_GSS_KRB5
86*3394682fSChuck Lever	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA
87*3394682fSChuck Lever	depends on CRYPTO_CMAC
88*3394682fSChuck Lever	default n
89*3394682fSChuck Lever	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
90*3394682fSChuck Lever	help
91*3394682fSChuck Lever	  Choose Y to enable the use of Kerberos 5 encryption types
92*3394682fSChuck Lever	  that utilize Camellia ciphers (RFC 3713) and CMAC digests
93*3394682fSChuck Lever	  (NIST Special Publication 800-38B). These include
94*3394682fSChuck Lever	  camellia128-cts-cmac and camellia256-cts-cmac.
95*3394682fSChuck Lever
96a40cf753SChuck Leverconfig RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
97a40cf753SChuck Lever	bool "Enable Kerberos enctypes based on AES and SHA-2"
98a40cf753SChuck Lever	depends on RPCSEC_GSS_KRB5
99a40cf753SChuck Lever	depends on CRYPTO_CBC && CRYPTO_CTS
100a40cf753SChuck Lever	depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
101a40cf753SChuck Lever	depends on CRYPTO_AES
102a40cf753SChuck Lever	default n
103a40cf753SChuck Lever	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
104a40cf753SChuck Lever	help
105a40cf753SChuck Lever	  Choose Y to enable the use of Kerberos 5 encryption types
106a40cf753SChuck Lever	  that utilize Advanced Encryption Standard (AES) ciphers and
107a40cf753SChuck Lever	  SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
108a40cf753SChuck Lever	  aes256-cts-hmac-sha384-192.
109a40cf753SChuck Lever
110e27d359eSTrond Myklebustconfig SUNRPC_DEBUG
111e27d359eSTrond Myklebust	bool "RPC: Enable dprintk debugging"
112e27d359eSTrond Myklebust	depends on SUNRPC && SYSCTL
113b4b9d2ccSJeff Layton	select DEBUG_FS
114e27d359eSTrond Myklebust	help
115e27d359eSTrond Myklebust	  This option enables a sysctl-based debugging interface
116e27d359eSTrond Myklebust	  that is be used by the 'rpcdebug' utility to turn on or off
117e27d359eSTrond Myklebust	  logging of different aspects of the kernel RPC activity.
118e27d359eSTrond Myklebust
119e27d359eSTrond Myklebust	  Disabling this option will make your kernel slightly smaller,
120e27d359eSTrond Myklebust	  but makes troubleshooting NFS issues significantly harder.
121e27d359eSTrond Myklebust
122e27d359eSTrond Myklebust	  If unsure, say Y.
1232e8c12e1SJeff Layton
124ffe1f0dfSChuck Leverconfig SUNRPC_XPRT_RDMA
125ffe1f0dfSChuck Lever	tristate "RPC-over-RDMA transport"
126533d1daeSArnd Bergmann	depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
1272e8c12e1SJeff Layton	default SUNRPC && INFINIBAND
128f13193f5SChuck Lever	select SG_POOL
1292e8c12e1SJeff Layton	help
130ffe1f0dfSChuck Lever	  This option allows the NFS client and server to use RDMA
131ffe1f0dfSChuck Lever	  transports (InfiniBand, iWARP, or RoCE).
1322e8c12e1SJeff Layton
133ffe1f0dfSChuck Lever	  To compile this support as a module, choose M. The module
134ffe1f0dfSChuck Lever	  will be called rpcrdma.ko.
1352e8c12e1SJeff Layton
136ffe1f0dfSChuck Lever	  If unsure, or you know there is no RDMA capability on your
137ffe1f0dfSChuck Lever	  hardware platform, say N.
138