| # SPDX-License-Identifier: GPL-2.0-only |
| |
| menuconfig CRYPTO_HW |
| bool "Hardware crypto devices" |
| default y |
| help |
| Say Y here to get to see options for hardware crypto devices and |
| processors. This option alone does not add any kernel code. |
| |
| If you say N, all options in this submenu will be skipped and disabled. |
| |
| if CRYPTO_HW |
| |
| source "drivers/crypto/allwinner/Kconfig" |
| |
| config CRYPTO_DEV_PADLOCK |
| tristate "Support for VIA PadLock ACE" |
| depends on X86 && !UML |
| help |
| Some VIA processors come with an integrated crypto engine |
| (so called VIA PadLock ACE, Advanced Cryptography Engine) |
| that provides instructions for very fast cryptographic |
| operations with supported algorithms. |
| |
| The instructions are used only when the CPU supports them. |
| Otherwise software encryption is used. |
| |
| config CRYPTO_DEV_PADLOCK_AES |
| tristate "PadLock driver for AES algorithm" |
| depends on CRYPTO_DEV_PADLOCK |
| select CRYPTO_SKCIPHER |
| select CRYPTO_LIB_AES |
| help |
| Use VIA PadLock for AES algorithm. |
| |
| Available in VIA C3 and newer CPUs. |
| |
| If unsure say M. The compiled module will be |
| called padlock-aes. |
| |
| config CRYPTO_DEV_PADLOCK_SHA |
| tristate "PadLock driver for SHA1 and SHA256 algorithms" |
| depends on CRYPTO_DEV_PADLOCK |
| select CRYPTO_HASH |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| help |
| Use VIA PadLock for SHA1/SHA256 algorithms. |
| |
| Available in VIA C7 and newer processors. |
| |
| If unsure say M. The compiled module will be |
| called padlock-sha. |
| |
| config CRYPTO_DEV_GEODE |
| tristate "Support for the Geode LX AES engine" |
| depends on X86_32 && PCI |
| select CRYPTO_ALGAPI |
| select CRYPTO_SKCIPHER |
| help |
| Say 'Y' here to use the AMD Geode LX processor on-board AES |
| engine for the CryptoAPI AES algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called geode-aes. |
| |
| config ZCRYPT |
| tristate "Support for s390 cryptographic adapters" |
| depends on S390 |
| depends on AP |
| select HW_RANDOM |
| help |
| Select this option if you want to enable support for |
| s390 cryptographic adapters like Crypto Express 4 up |
| to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP) |
| or Accelerator (CEXxA) mode. |
| |
| config PKEY |
| tristate "Kernel API for protected key handling" |
| depends on S390 |
| help |
| With this option enabled the pkey kernel modules provide an API |
| for creation and handling of protected keys. Other parts of the |
| kernel or userspace applications may use these functions. |
| |
| The protected key support is distributed into: |
| - A pkey base and API kernel module (pkey.ko) which offers the |
| infrastructure for the pkey handler kernel modules, the ioctl |
| and the sysfs API and the in-kernel API to the crypto cipher |
| implementations using protected key. |
| - A pkey pckmo kernel module (pkey-pckmo.ko) which is automatically |
| loaded when pckmo support (that is generation of protected keys |
| from clear key values) is available. |
| - A pkey CCA kernel module (pkey-cca.ko) which is automatically |
| loaded when a CEX crypto card is available. |
| - A pkey EP11 kernel module (pkey-ep11.ko) which is automatically |
| loaded when a CEX crypto card is available. |
| |
| Select this option if you want to enable the kernel and userspace |
| API for protected key handling. |
| |
| config PKEY_CCA |
| tristate "PKEY CCA support handler" |
| depends on PKEY |
| depends on ZCRYPT |
| help |
| This is the CCA support handler for deriving protected keys |
| from CCA (secure) keys. Also this handler provides an alternate |
| way to make protected keys from clear key values. |
| |
| The PKEY CCA support handler needs a Crypto Express card (CEX) |
| in CCA mode. |
| |
| If you have selected the PKEY option then you should also enable |
| this option unless you are sure you never need to derive protected |
| keys from CCA key material. |
| |
| config PKEY_EP11 |
| tristate "PKEY EP11 support handler" |
| depends on PKEY |
| depends on ZCRYPT |
| help |
| This is the EP11 support handler for deriving protected keys |
| from EP11 (secure) keys. Also this handler provides an alternate |
| way to make protected keys from clear key values. |
| |
| The PKEY EP11 support handler needs a Crypto Express card (CEX) |
| in EP11 mode. |
| |
| If you have selected the PKEY option then you should also enable |
| this option unless you are sure you never need to derive protected |
| keys from EP11 key material. |
| |
| config PKEY_PCKMO |
| tristate "PKEY PCKMO support handler" |
| depends on PKEY |
| help |
| This is the PCKMO support handler for deriving protected keys |
| from clear key values via invoking the PCKMO instruction. |
| |
| The PCKMO instruction can be enabled and disabled in the crypto |
| settings at the LPAR profile. This handler checks for availability |
| during initialization and if build as a kernel module unloads |
| itself if PCKMO is disabled. |
| |
| The PCKMO way of deriving protected keys from clear key material |
| is especially used during self test of protected key ciphers like |
| PAES but the CCA and EP11 handler provide alternate ways to |
| generate protected keys from clear key values. |
| |
| If you have selected the PKEY option then you should also enable |
| this option unless you are sure you never need to derive protected |
| keys from clear key values directly via PCKMO. |
| |
| config CRYPTO_PAES_S390 |
| tristate "PAES cipher algorithms" |
| depends on S390 |
| depends on ZCRYPT |
| depends on PKEY |
| select CRYPTO_ALGAPI |
| select CRYPTO_SKCIPHER |
| help |
| This is the s390 hardware accelerated implementation of the |
| AES cipher algorithms for use with protected key. |
| |
| Select this option if you want to use the paes cipher |
| for example to use protected key encrypted devices. |
| |
| config S390_PRNG |
| tristate "Pseudo random number generator device driver" |
| depends on S390 |
| default "m" |
| help |
| Select this option if you want to use the s390 pseudo random number |
| generator. The PRNG is part of the cryptographic processor functions |
| and uses triple-DES to generate secure random numbers like the |
| ANSI X9.17 standard. User-space programs access the |
| pseudo-random-number device through the char device /dev/prandom. |
| |
| It is available as of z9. |
| |
| config CRYPTO_DEV_NIAGARA2 |
| tristate "Niagara2 Stream Processing Unit driver" |
| select CRYPTO_LIB_DES |
| select CRYPTO_SKCIPHER |
| select CRYPTO_HASH |
| select CRYPTO_MD5 |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| depends on SPARC64 |
| help |
| Each core of a Niagara2 processor contains a Stream |
| Processing Unit, which itself contains several cryptographic |
| sub-units. One set provides the Modular Arithmetic Unit, |
| used for SSL offload. The other set provides the Cipher |
| Group, which can perform encryption, decryption, hashing, |
| checksumming, and raw copies. |
| |
| config CRYPTO_DEV_SL3516 |
| tristate "Storlink SL3516 crypto offloader" |
| depends on ARCH_GEMINI || COMPILE_TEST |
| depends on HAS_IOMEM && PM |
| select CRYPTO_SKCIPHER |
| select CRYPTO_ENGINE |
| select CRYPTO_ECB |
| select CRYPTO_AES |
| select HW_RANDOM |
| help |
| This option allows you to have support for SL3516 crypto offloader. |
| |
| config CRYPTO_DEV_SL3516_DEBUG |
| bool "Enable SL3516 stats" |
| depends on CRYPTO_DEV_SL3516 |
| depends on DEBUG_FS |
| help |
| Say y to enable SL3516 debug stats. |
| This will create /sys/kernel/debug/sl3516/stats for displaying |
| the number of requests per algorithm and other internal stats. |
| |
| config CRYPTO_DEV_HIFN_795X |
| tristate "Driver HIFN 795x crypto accelerator chips" |
| select CRYPTO_LIB_DES |
| select CRYPTO_SKCIPHER |
| select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG |
| depends on PCI |
| depends on !ARCH_DMA_ADDR_T_64BIT |
| help |
| This option allows you to have support for HIFN 795x crypto adapters. |
| |
| config CRYPTO_DEV_HIFN_795X_RNG |
| bool "HIFN 795x random number generator" |
| depends on CRYPTO_DEV_HIFN_795X |
| help |
| Select this option if you want to enable the random number generator |
| on the HIFN 795x crypto adapters. |
| |
| source "drivers/crypto/caam/Kconfig" |
| |
| config CRYPTO_DEV_TALITOS |
| tristate "Talitos Freescale Security Engine (SEC)" |
| select CRYPTO_AEAD |
| select CRYPTO_AUTHENC |
| select CRYPTO_SKCIPHER |
| select CRYPTO_HASH |
| select CRYPTO_LIB_DES |
| select HW_RANDOM |
| depends on FSL_SOC |
| help |
| Say 'Y' here to use the Freescale Security Engine (SEC) |
| to offload cryptographic algorithm computation. |
| |
| The Freescale SEC is present on PowerQUICC 'E' processors, such |
| as the MPC8349E and MPC8548E. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called talitos. |
| |
| config CRYPTO_DEV_TALITOS1 |
| bool "SEC1 (SEC 1.0 and SEC Lite 1.2)" |
| depends on CRYPTO_DEV_TALITOS |
| depends on PPC_8xx || PPC_82xx |
| default y |
| help |
| Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0 |
| found on MPC82xx or the Freescale Security Engine (SEC Lite) |
| version 1.2 found on MPC8xx |
| |
| config CRYPTO_DEV_TALITOS2 |
| bool "SEC2+ (SEC version 2.0 or upper)" |
| depends on CRYPTO_DEV_TALITOS |
| default y if !PPC_8xx |
| help |
| Say 'Y' here to use the Freescale Security Engine (SEC) |
| version 2 and following as found on MPC83xx, MPC85xx, etc ... |
| |
| config CRYPTO_DEV_PPC4XX |
| tristate "Driver AMCC PPC4xx crypto accelerator" |
| depends on PPC && 4xx |
| select CRYPTO_HASH |
| select CRYPTO_AEAD |
| select CRYPTO_AES |
| select CRYPTO_LIB_AES |
| select CRYPTO_CCM |
| select CRYPTO_CTR |
| select CRYPTO_GCM |
| select CRYPTO_SKCIPHER |
| help |
| This option allows you to have support for AMCC crypto acceleration. |
| |
| config HW_RANDOM_PPC4XX |
| bool "PowerPC 4xx generic true random number generator support" |
| depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y |
| default y |
| help |
| This option provides the kernel-side support for the TRNG hardware |
| found in the security function of some PowerPC 4xx SoCs. |
| |
| config CRYPTO_DEV_OMAP |
| tristate "Support for OMAP crypto HW accelerators" |
| depends on ARCH_OMAP2PLUS |
| help |
| OMAP processors have various crypto HW accelerators. Select this if |
| you want to use the OMAP modules for any of the crypto algorithms. |
| |
| if CRYPTO_DEV_OMAP |
| |
| config CRYPTO_DEV_OMAP_SHAM |
| tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator" |
| depends on ARCH_OMAP2PLUS |
| select CRYPTO_ENGINE |
| select CRYPTO_SHA1 |
| select CRYPTO_MD5 |
| select CRYPTO_SHA256 |
| select CRYPTO_SHA512 |
| select CRYPTO_HMAC |
| help |
| OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you |
| want to use the OMAP module for MD5/SHA1/SHA2 algorithms. |
| |
| config CRYPTO_DEV_OMAP_AES |
| tristate "Support for OMAP AES hw engine" |
| depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS |
| select CRYPTO_AES |
| select CRYPTO_SKCIPHER |
| select CRYPTO_ENGINE |
| select CRYPTO_CBC |
| select CRYPTO_ECB |
| select CRYPTO_CTR |
| select CRYPTO_AEAD |
| help |
| OMAP processors have AES module accelerator. Select this if you |
| want to use the OMAP module for AES algorithms. |
| |
| config CRYPTO_DEV_OMAP_DES |
| tristate "Support for OMAP DES/3DES hw engine" |
| depends on ARCH_OMAP2PLUS |
| select CRYPTO_LIB_DES |
| select CRYPTO_SKCIPHER |
| select CRYPTO_ENGINE |
| help |
| OMAP processors have DES/3DES module accelerator. Select this if you |
| want to use the OMAP module for DES and 3DES algorithms. Currently |
| the ECB and CBC modes of operation are supported by the driver. Also |
| accesses made on unaligned boundaries are supported. |
| |
| endif # CRYPTO_DEV_OMAP |
| |
| config CRYPTO_DEV_SAHARA |
| tristate "Support for SAHARA crypto accelerator" |
| depends on ARCH_MXC && OF |
| select CRYPTO_SKCIPHER |
| select CRYPTO_AES |
| select CRYPTO_ECB |
| select CRYPTO_ENGINE |
| help |
| This option enables support for the SAHARA HW crypto accelerator |
| found in some Freescale i.MX chips. |
| |
| config CRYPTO_DEV_EXYNOS_RNG |
| tristate "Exynos HW pseudo random number generator support" |
| depends on ARCH_EXYNOS || COMPILE_TEST |
| depends on HAS_IOMEM |
| select CRYPTO_RNG |
| help |
| This driver provides kernel-side support through the |
| cryptographic API for the pseudo random number generator hardware |
| found on Exynos SoCs. |
| |
| To compile this driver as a module, choose M here: the |
| module will be called exynos-rng. |
| |
| If unsure, say Y. |
| |
| config CRYPTO_DEV_S5P |
| tristate "Support for Samsung S5PV210/Exynos crypto accelerator" |
| depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST |
| depends on HAS_IOMEM |
| select CRYPTO_AES |
| select CRYPTO_SKCIPHER |
| help |
| This option allows you to have support for S5P crypto acceleration. |
| Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES |
| algorithms execution. |
| |
| config CRYPTO_DEV_EXYNOS_HASH |
| bool "Support for Samsung Exynos HASH accelerator" |
| depends on CRYPTO_DEV_S5P |
| depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m |
| select CRYPTO_SHA1 |
| select CRYPTO_MD5 |
| select CRYPTO_SHA256 |
| help |
| Select this to offload Exynos from HASH MD5/SHA1/SHA256. |
| This will select software SHA1, MD5 and SHA256 as they are |
| needed for small and zero-size messages. |
| HASH algorithms will be disabled if EXYNOS_RNG |
| is enabled due to hw conflict. |
| |
| config CRYPTO_DEV_NX |
| bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration" |
| depends on PPC64 |
| help |
| This enables support for the NX hardware cryptographic accelerator |
| coprocessor that is in IBM PowerPC P7+ or later processors. This |
| does not actually enable any drivers, it only allows you to select |
| which acceleration type (encryption and/or compression) to enable. |
| |
| if CRYPTO_DEV_NX |
| source "drivers/crypto/nx/Kconfig" |
| endif |
| |
| config CRYPTO_DEV_ATMEL_AUTHENC |
| bool "Support for Atmel IPSEC/SSL hw accelerator" |
| depends on ARCH_AT91 || COMPILE_TEST |
| depends on CRYPTO_DEV_ATMEL_AES |
| help |
| Some Atmel processors can combine the AES and SHA hw accelerators |
| to enhance support of IPSEC/SSL. |
| Select this if you want to use the Atmel modules for |
| authenc(hmac(shaX),Y(cbc)) algorithms. |
| |
| config CRYPTO_DEV_ATMEL_AES |
| tristate "Support for Atmel AES hw accelerator" |
| depends on ARCH_AT91 || COMPILE_TEST |
| select CRYPTO_AES |
| select CRYPTO_AEAD |
| select CRYPTO_SKCIPHER |
| select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC |
| select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC |
| help |
| Some Atmel processors have AES hw accelerator. |
| Select this if you want to use the Atmel module for |
| AES algorithms. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called atmel-aes. |
| |
| config CRYPTO_DEV_ATMEL_TDES |
| tristate "Support for Atmel DES/TDES hw accelerator" |
| depends on ARCH_AT91 || COMPILE_TEST |
| select CRYPTO_LIB_DES |
| select CRYPTO_SKCIPHER |
| help |
| Some Atmel processors have DES/TDES hw accelerator. |
| Select this if you want to use the Atmel module for |
| DES/TDES algorithms. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called atmel-tdes. |
| |
| config CRYPTO_DEV_ATMEL_SHA |
| tristate "Support for Atmel SHA hw accelerator" |
| depends on ARCH_AT91 || COMPILE_TEST |
| select CRYPTO_HASH |
| help |
| Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512 |
| hw accelerator. |
| Select this if you want to use the Atmel module for |
| SHA1/SHA224/SHA256/SHA384/SHA512 algorithms. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called atmel-sha. |
| |
| config CRYPTO_DEV_ATMEL_I2C |
| tristate |
| select BITREVERSE |
| |
| config CRYPTO_DEV_ATMEL_ECC |
| tristate "Support for Microchip / Atmel ECC hw accelerator" |
| depends on I2C |
| select CRYPTO_DEV_ATMEL_I2C |
| select CRYPTO_ECDH |
| select CRC16 |
| help |
| Microhip / Atmel ECC hw accelerator. |
| Select this if you want to use the Microchip / Atmel module for |
| ECDH algorithm. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called atmel-ecc. |
| |
| config CRYPTO_DEV_ATMEL_SHA204A |
| tristate "Support for Microchip / Atmel SHA accelerator and RNG" |
| depends on I2C |
| select CRYPTO_DEV_ATMEL_I2C |
| select HW_RANDOM |
| select CRC16 |
| help |
| Microhip / Atmel SHA accelerator and RNG. |
| Select this if you want to use the Microchip / Atmel SHA204A |
| module as a random number generator. (Other functions of the |
| chip are currently not exposed by this driver) |
| |
| To compile this driver as a module, choose M here: the module |
| will be called atmel-sha204a. |
| |
| config CRYPTO_DEV_CCP |
| bool "Support for AMD Secure Processor" |
| depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM |
| help |
| The AMD Secure Processor provides support for the Cryptographic Coprocessor |
| (CCP) and the Platform Security Processor (PSP) devices. |
| |
| if CRYPTO_DEV_CCP |
| source "drivers/crypto/ccp/Kconfig" |
| endif |
| |
| config CRYPTO_DEV_MXS_DCP |
| tristate "Support for Freescale MXS DCP" |
| depends on (ARCH_MXS || ARCH_MXC) |
| select STMP_DEVICE |
| select CRYPTO_CBC |
| select CRYPTO_ECB |
| select CRYPTO_AES |
| select CRYPTO_SKCIPHER |
| select CRYPTO_HASH |
| help |
| The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB |
| co-processor on the die. |
| |
| To compile this driver as a module, choose M here: the module |
| will be called mxs-dcp. |
| |
| source "drivers/crypto/cavium/cpt/Kconfig" |
| source "drivers/crypto/cavium/nitrox/Kconfig" |
| source "drivers/crypto/marvell/Kconfig" |
| source "drivers/crypto/intel/Kconfig" |
| |
| config CRYPTO_DEV_CAVIUM_ZIP |
| tristate "Cavium ZIP driver" |
| depends on PCI && 64BIT && (ARM64 || COMPILE_TEST) |
| help |
| Select this option if you want to enable compression/decompression |
| acceleration on Cavium's ARM based SoCs |
| |
| config CRYPTO_DEV_QCE |
| tristate "Qualcomm crypto engine accelerator" |
| depends on ARCH_QCOM || COMPILE_TEST |
| depends on HAS_IOMEM |
| help |
| This driver supports Qualcomm crypto engine accelerator |
| hardware. To compile this driver as a module, choose M here. The |
| module will be called qcrypto. |
| |
| config CRYPTO_DEV_QCE_SKCIPHER |
| bool |
| depends on CRYPTO_DEV_QCE |
| select CRYPTO_AES |
| select CRYPTO_LIB_DES |
| select CRYPTO_ECB |
| select CRYPTO_CBC |
| select CRYPTO_XTS |
| select CRYPTO_CTR |
| select CRYPTO_SKCIPHER |
| |
| config CRYPTO_DEV_QCE_SHA |
| bool |
| depends on CRYPTO_DEV_QCE |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| |
| config CRYPTO_DEV_QCE_AEAD |
| bool |
| depends on CRYPTO_DEV_QCE |
| select CRYPTO_AUTHENC |
| select CRYPTO_LIB_DES |
| |
| choice |
| prompt "Algorithms enabled for QCE acceleration" |
| default CRYPTO_DEV_QCE_ENABLE_ALL |
| depends on CRYPTO_DEV_QCE |
| help |
| This option allows to choose whether to build support for all algorithms |
| (default), hashes-only, or skciphers-only. |
| |
| The QCE engine does not appear to scale as well as the CPU to handle |
| multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the |
| QCE handles only 2 requests in parallel. |
| |
| Ipsec throughput seems to improve when disabling either family of |
| algorithms, sharing the load with the CPU. Enabling skciphers-only |
| appears to work best. |
| |
| config CRYPTO_DEV_QCE_ENABLE_ALL |
| bool "All supported algorithms" |
| select CRYPTO_DEV_QCE_SKCIPHER |
| select CRYPTO_DEV_QCE_SHA |
| select CRYPTO_DEV_QCE_AEAD |
| help |
| Enable all supported algorithms: |
| - AES (CBC, CTR, ECB, XTS) |
| - 3DES (CBC, ECB) |
| - DES (CBC, ECB) |
| - SHA1, HMAC-SHA1 |
| - SHA256, HMAC-SHA256 |
| |
| config CRYPTO_DEV_QCE_ENABLE_SKCIPHER |
| bool "Symmetric-key ciphers only" |
| select CRYPTO_DEV_QCE_SKCIPHER |
| help |
| Enable symmetric-key ciphers only: |
| - AES (CBC, CTR, ECB, XTS) |
| - 3DES (ECB, CBC) |
| - DES (ECB, CBC) |
| |
| config CRYPTO_DEV_QCE_ENABLE_SHA |
| bool "Hash/HMAC only" |
| select CRYPTO_DEV_QCE_SHA |
| help |
| Enable hashes/HMAC algorithms only: |
| - SHA1, HMAC-SHA1 |
| - SHA256, HMAC-SHA256 |
| |
| config CRYPTO_DEV_QCE_ENABLE_AEAD |
| bool "AEAD algorithms only" |
| select CRYPTO_DEV_QCE_AEAD |
| help |
| Enable AEAD algorithms only: |
| - authenc() |
| - ccm(aes) |
| - rfc4309(ccm(aes)) |
| endchoice |
| |
| config CRYPTO_DEV_QCE_SW_MAX_LEN |
| int "Default maximum request size to use software for AES" |
| depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER |
| default 512 |
| help |
| This sets the default maximum request size to perform AES requests |
| using software instead of the crypto engine. It can be changed by |
| setting the aes_sw_max_len parameter. |
| |
| Small blocks are processed faster in software than hardware. |
| Considering the 256-bit ciphers, software is 2-3 times faster than |
| qce at 256-bytes, 30% faster at 512, and about even at 768-bytes. |
| With 128-bit keys, the break-even point would be around 1024-bytes. |
| |
| The default is set a little lower, to 512 bytes, to balance the |
| cost in CPU usage. The minimum recommended setting is 16-bytes |
| (1 AES block), since AES-GCM will fail if you set it lower. |
| Setting this to zero will send all requests to the hardware. |
| |
| Note that 192-bit keys are not supported by the hardware and are |
| always processed by the software fallback, and all DES requests |
| are done by the hardware. |
| |
| config CRYPTO_DEV_QCOM_RNG |
| tristate "Qualcomm Random Number Generator Driver" |
| depends on ARCH_QCOM || COMPILE_TEST |
| depends on HW_RANDOM |
| select CRYPTO_RNG |
| help |
| This driver provides support for the Random Number |
| Generator hardware found on Qualcomm SoCs. |
| |
| To compile this driver as a module, choose M here. The |
| module will be called qcom-rng. If unsure, say N. |
| |
| #config CRYPTO_DEV_VMX |
| # bool "Support for VMX cryptographic acceleration instructions" |
| # depends on PPC64 && VSX |
| # help |
| # Support for VMX cryptographic acceleration instructions. |
| # |
| #source "drivers/crypto/vmx/Kconfig" |
| |
| config CRYPTO_DEV_IMGTEC_HASH |
| tristate "Imagination Technologies hardware hash accelerator" |
| depends on MIPS || COMPILE_TEST |
| select CRYPTO_MD5 |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| select CRYPTO_HASH |
| help |
| This driver interfaces with the Imagination Technologies |
| hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256 |
| hashing algorithms. |
| |
| config CRYPTO_DEV_ROCKCHIP |
| tristate "Rockchip's Cryptographic Engine driver" |
| depends on OF && ARCH_ROCKCHIP |
| depends on PM |
| select CRYPTO_ECB |
| select CRYPTO_CBC |
| select CRYPTO_DES |
| select CRYPTO_AES |
| select CRYPTO_ENGINE |
| select CRYPTO_LIB_DES |
| select CRYPTO_MD5 |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| select CRYPTO_HASH |
| select CRYPTO_SKCIPHER |
| |
| help |
| This driver interfaces with the hardware crypto accelerator. |
| Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode. |
| |
| config CRYPTO_DEV_ROCKCHIP_DEBUG |
| bool "Enable Rockchip crypto stats" |
| depends on CRYPTO_DEV_ROCKCHIP |
| depends on DEBUG_FS |
| help |
| Say y to enable Rockchip crypto debug stats. |
| This will create /sys/kernel/debug/rk3288_crypto/stats for displaying |
| the number of requests per algorithm and other internal stats. |
| |
| config CRYPTO_DEV_TEGRA |
| tristate "Enable Tegra Security Engine" |
| depends on TEGRA_HOST1X |
| select CRYPTO_ENGINE |
| |
| help |
| Select this to enable Tegra Security Engine which accelerates various |
| AES encryption/decryption and HASH algorithms. |
| |
| config CRYPTO_DEV_ZYNQMP_AES |
| tristate "Support for Xilinx ZynqMP AES hw accelerator" |
| depends on ZYNQMP_FIRMWARE || COMPILE_TEST |
| select CRYPTO_AES |
| select CRYPTO_ENGINE |
| select CRYPTO_AEAD |
| help |
| Xilinx ZynqMP has AES-GCM engine used for symmetric key |
| encryption and decryption. This driver interfaces with AES hw |
| accelerator. Select this if you want to use the ZynqMP module |
| for AES algorithms. |
| |
| config CRYPTO_DEV_ZYNQMP_SHA3 |
| tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator" |
| depends on ZYNQMP_FIRMWARE || COMPILE_TEST |
| select CRYPTO_SHA3 |
| help |
| Xilinx ZynqMP has SHA3 engine used for secure hash calculation. |
| This driver interfaces with SHA3 hardware engine. |
| Select this if you want to use the ZynqMP module |
| for SHA3 hash computation. |
| |
| source "drivers/crypto/chelsio/Kconfig" |
| |
| source "drivers/crypto/virtio/Kconfig" |
| |
| config CRYPTO_DEV_BCM_SPU |
| tristate "Broadcom symmetric crypto/hash acceleration support" |
| depends on ARCH_BCM_IPROC |
| depends on MAILBOX |
| default m |
| select CRYPTO_AUTHENC |
| select CRYPTO_LIB_DES |
| select CRYPTO_MD5 |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| select CRYPTO_SHA512 |
| help |
| This driver provides support for Broadcom crypto acceleration using the |
| Secure Processing Unit (SPU). The SPU driver registers skcipher, |
| ahash, and aead algorithms with the kernel cryptographic API. |
| |
| source "drivers/crypto/stm32/Kconfig" |
| |
| config CRYPTO_DEV_SAFEXCEL |
| tristate "Inside Secure's SafeXcel cryptographic engine driver" |
| depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM |
| select CRYPTO_LIB_AES |
| select CRYPTO_AUTHENC |
| select CRYPTO_SKCIPHER |
| select CRYPTO_LIB_DES |
| select CRYPTO_HASH |
| select CRYPTO_HMAC |
| select CRYPTO_MD5 |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| select CRYPTO_SHA512 |
| select CRYPTO_CHACHA20POLY1305 |
| select CRYPTO_SHA3 |
| help |
| This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic |
| engines designed by Inside Secure. It currently accelerates DES, 3DES and |
| AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256, |
| SHA384 and SHA512 hash algorithms for both basic hash and HMAC. |
| Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations. |
| |
| config CRYPTO_DEV_ARTPEC6 |
| tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration." |
| depends on ARM && (ARCH_ARTPEC || COMPILE_TEST) |
| depends on OF |
| select CRYPTO_AEAD |
| select CRYPTO_AES |
| select CRYPTO_ALGAPI |
| select CRYPTO_SKCIPHER |
| select CRYPTO_CTR |
| select CRYPTO_HASH |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| select CRYPTO_SHA512 |
| help |
| Enables the driver for the on-chip crypto accelerator |
| of Axis ARTPEC SoCs. |
| |
| To compile this driver as a module, choose M here. |
| |
| config CRYPTO_DEV_CCREE |
| tristate "Support for ARM TrustZone CryptoCell family of security processors" |
| depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA |
| depends on HAS_IOMEM |
| select CRYPTO_HASH |
| select CRYPTO_SKCIPHER |
| select CRYPTO_LIB_DES |
| select CRYPTO_AEAD |
| select CRYPTO_AUTHENC |
| select CRYPTO_SHA1 |
| select CRYPTO_MD5 |
| select CRYPTO_SHA256 |
| select CRYPTO_SHA512 |
| select CRYPTO_HMAC |
| select CRYPTO_AES |
| select CRYPTO_CBC |
| select CRYPTO_ECB |
| select CRYPTO_CTR |
| select CRYPTO_XTS |
| select CRYPTO_SM4_GENERIC |
| select CRYPTO_SM3_GENERIC |
| help |
| Say 'Y' to enable a driver for the REE interface of the Arm |
| TrustZone CryptoCell family of processors. Currently the |
| CryptoCell 713, 703, 712, 710 and 630 are supported. |
| Choose this if you wish to use hardware acceleration of |
| cryptographic operations on the system REE. |
| If unsure say Y. |
| |
| source "drivers/crypto/hisilicon/Kconfig" |
| |
| source "drivers/crypto/amlogic/Kconfig" |
| |
| config CRYPTO_DEV_SA2UL |
| tristate "Support for TI security accelerator" |
| depends on ARCH_K3 || COMPILE_TEST |
| select CRYPTO_AES |
| select CRYPTO_ALGAPI |
| select CRYPTO_AUTHENC |
| select CRYPTO_DES |
| select CRYPTO_SHA1 |
| select CRYPTO_SHA256 |
| select CRYPTO_SHA512 |
| select HW_RANDOM |
| select SG_SPLIT |
| help |
| K3 devices include a security accelerator engine that may be |
| used for crypto offload. Select this if you want to use hardware |
| acceleration for cryptographic algorithms on these devices. |
| |
| source "drivers/crypto/aspeed/Kconfig" |
| source "drivers/crypto/starfive/Kconfig" |
| |
| endif # CRYPTO_HW |