xref: /linux/net/sunrpc/Kconfig (revision 20a72af11f411bb74c14bd424f33b02e03937cf6)
1# SPDX-License-Identifier: GPL-2.0-only
2config SUNRPC
3	tristate
4	depends on MULTIUSER
5
6config SUNRPC_GSS
7	tristate
8	select OID_REGISTRY
9	depends on MULTIUSER
10
11config SUNRPC_BACKCHANNEL
12	bool
13	depends on SUNRPC
14
15config SUNRPC_SWAP
16	bool
17	depends on SUNRPC
18
19config RPCSEC_GSS_KRB5
20	tristate "Secure RPC: Kerberos V mechanism"
21	depends on SUNRPC && CRYPTO
22	default y
23	select SUNRPC_GSS
24	select CRYPTO_SKCIPHER
25	select CRYPTO_HASH
26	help
27	  Choose Y here to enable Secure RPC using the Kerberos version 5
28	  GSS-API mechanism (RFC 1964).
29
30	  Secure RPC calls with Kerberos require an auxiliary user-space
31	  daemon which may be found in the Linux nfs-utils package
32	  available from http://linux-nfs.org/.  In addition, user-space
33	  Kerberos support should be installed.
34
35	  If unsure, say Y.
36
37config RPCSEC_GSS_KRB5_SIMPLIFIED
38	bool
39	depends on RPCSEC_GSS_KRB5
40
41config RPCSEC_GSS_KRB5_CRYPTOSYSTEM
42	bool
43	depends on RPCSEC_GSS_KRB5
44
45config RPCSEC_GSS_KRB5_ENCTYPES_DES
46	bool "Enable Kerberos enctypes based on DES (deprecated)"
47	depends on RPCSEC_GSS_KRB5
48	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB
49	depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1
50	depends on CRYPTO_DES
51	default n
52	select RPCSEC_GSS_KRB5_SIMPLIFIED
53	help
54	  Choose Y to enable the use of deprecated Kerberos 5
55	  encryption types that utilize Data Encryption Standard
56	  (DES) based ciphers. These include des-cbc-md5,
57	  des-cbc-crc, and des-cbc-md4, which were deprecated by
58	  RFC 6649, and des3-cbc-sha1, which was deprecated by RFC
59	  8429.
60
61	  These encryption types are known to be insecure, therefore
62	  the default setting of this option is N. Support for these
63	  encryption types is available only for compatibility with
64	  legacy NFS client and server implementations.
65
66	  Removal of support is planned for a subsequent kernel
67	  release.
68
69config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
70	bool "Enable Kerberos enctypes based on AES and SHA-1"
71	depends on RPCSEC_GSS_KRB5
72	depends on CRYPTO_CBC && CRYPTO_CTS
73	depends on CRYPTO_HMAC && CRYPTO_SHA1
74	depends on CRYPTO_AES
75	default y
76	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
77	help
78	  Choose Y to enable the use of Kerberos 5 encryption types
79	  that utilize Advanced Encryption Standard (AES) ciphers and
80	  SHA-1 digests. These include aes128-cts-hmac-sha1-96 and
81	  aes256-cts-hmac-sha1-96.
82
83config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA
84	bool "Enable Kerberos encryption types based on Camellia and CMAC"
85	depends on RPCSEC_GSS_KRB5
86	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA
87	depends on CRYPTO_CMAC
88	default n
89	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
90	help
91	  Choose Y to enable the use of Kerberos 5 encryption types
92	  that utilize Camellia ciphers (RFC 3713) and CMAC digests
93	  (NIST Special Publication 800-38B). These include
94	  camellia128-cts-cmac and camellia256-cts-cmac.
95
96config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
97	bool "Enable Kerberos enctypes based on AES and SHA-2"
98	depends on RPCSEC_GSS_KRB5
99	depends on CRYPTO_CBC && CRYPTO_CTS
100	depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
101	depends on CRYPTO_AES
102	default n
103	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
104	help
105	  Choose Y to enable the use of Kerberos 5 encryption types
106	  that utilize Advanced Encryption Standard (AES) ciphers and
107	  SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
108	  aes256-cts-hmac-sha384-192.
109
110config RPCSEC_GSS_KRB5_KUNIT_TEST
111	tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS
112	depends on RPCSEC_GSS_KRB5 && KUNIT
113	default KUNIT_ALL_TESTS
114	help
115	  This builds the KUnit tests for RPCSEC GSS Kerberos 5.
116
117	  KUnit tests run during boot and output the results to the debug
118	  log in TAP format (https://testanything.org/). Only useful for
119	  kernel devs running KUnit test harness and are not for inclusion
120	  into a production build.
121
122	  For more information on KUnit and unit tests in general, refer
123	  to the KUnit documentation in Documentation/dev-tools/kunit/.
124
125config SUNRPC_DEBUG
126	bool "RPC: Enable dprintk debugging"
127	depends on SUNRPC && SYSCTL
128	select DEBUG_FS
129	help
130	  This option enables a sysctl-based debugging interface
131	  that is be used by the 'rpcdebug' utility to turn on or off
132	  logging of different aspects of the kernel RPC activity.
133
134	  Disabling this option will make your kernel slightly smaller,
135	  but makes troubleshooting NFS issues significantly harder.
136
137	  If unsure, say Y.
138
139config SUNRPC_XPRT_RDMA
140	tristate "RPC-over-RDMA transport"
141	depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
142	default SUNRPC && INFINIBAND
143	select SG_POOL
144	help
145	  This option allows the NFS client and server to use RDMA
146	  transports (InfiniBand, iWARP, or RoCE).
147
148	  To compile this support as a module, choose M. The module
149	  will be called rpcrdma.ko.
150
151	  If unsure, or you know there is no RDMA capability on your
152	  hardware platform, say N.
153