^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) config FS_ENCRYPTION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) bool "FS Encryption (Per-file encryption)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) select CRYPTO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) select CRYPTO_HASH
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) select CRYPTO_SKCIPHER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) select CRYPTO_LIB_SHA256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) select KEYS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) Enable encryption of files and directories. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) feature is similar to ecryptfs, but it is more memory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) efficient since it avoids caching the encrypted and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) decrypted pages in the page cache. Currently Ext4,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) F2FS and UBIFS make use of this feature.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) # Filesystems supporting encryption must select this if FS_ENCRYPTION. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) # allows the algorithms to be built as modules when all the filesystems are,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) # whereas selecting them from FS_ENCRYPTION would force them to be built-in.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) # Note: this option only pulls in the algorithms that filesystem encryption
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) # needs "by default". If userspace will use "non-default" encryption modes such
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) # as Adiantum encryption, then those other modes need to be explicitly enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) # Also note that this option only pulls in the generic implementations of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) # algorithms, not any per-architecture optimized implementations. It is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) # strongly recommended to enable optimized implementations too. It is safe to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) # disable these generic implementations if corresponding optimized
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) # implementations will always be available too; for this reason, these are soft
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) # dependencies ('imply' rather than 'select'). Only disable these generic
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) # implementations if you're sure they will never be needed, though.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) config FS_ENCRYPTION_ALGS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) tristate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) imply CRYPTO_AES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) imply CRYPTO_CBC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) imply CRYPTO_CTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) imply CRYPTO_ECB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) imply CRYPTO_HMAC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) imply CRYPTO_SHA512
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) imply CRYPTO_XTS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) config FS_ENCRYPTION_INLINE_CRYPT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) bool "Enable fscrypt to use inline crypto"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) Enable fscrypt to use inline encryption hardware if available.
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags