fs/crypto/Kconfig - linux - Git at Google

 # SPDX-License-Identifier: GPL-2.0-only
 config FS_ENCRYPTION
 	bool "FS Encryption (Per-file encryption)"
 	select CRYPTO
 	select CRYPTO_HASH
 	select CRYPTO_SKCIPHER
 	select CRYPTO_LIB_SHA256
 	select KEYS
 	help
 	  Enable encryption of files and directories.  This
 	  feature is similar to ecryptfs, but it is more memory
 	  efficient since it avoids caching the encrypted and
 	  decrypted pages in the page cache.  Currently Ext4,
 	  F2FS and UBIFS make use of this feature.

 # Filesystems supporting encryption must select this if FS_ENCRYPTION.  This
 # allows the algorithms to be built as modules when all the filesystems are,
 # whereas selecting them from FS_ENCRYPTION would force them to be built-in.
 #
 # Note: this option only pulls in the algorithms that filesystem encryption
 # needs "by default".  If userspace will use "non-default" encryption modes such
 # as Adiantum encryption, then those other modes need to be explicitly enabled
 # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
 #
 # Also note that this option only pulls in the generic implementations of the
 # algorithms, not any per-architecture optimized implementations.  It is
 # strongly recommended to enable optimized implementations too.  It is safe to
 # disable these generic implementations if corresponding optimized
 # implementations will always be available too; for this reason, these are soft
 # dependencies ('imply' rather than 'select').  Only disable these generic
 # implementations if you're sure they will never be needed, though.
 config FS_ENCRYPTION_ALGS
 	tristate
 	imply CRYPTO_AES
 	imply CRYPTO_CBC
 	imply CRYPTO_CTS
 	imply CRYPTO_ECB
 	imply CRYPTO_HMAC
 	imply CRYPTO_SHA512
 	imply CRYPTO_XTS

 config FS_ENCRYPTION_INLINE_CRYPT
 	bool "Enable fscrypt to use inline crypto"
 	depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
 	help
 	  Enable fscrypt to use inline encryption hardware if available.
	# SPDX-License-Identifier: GPL-2.0-only
	config FS_ENCRYPTION
	bool "FS Encryption (Per-file encryption)"
	select CRYPTO
	select CRYPTO_HASH
	select CRYPTO_SKCIPHER
	select CRYPTO_LIB_SHA256
	select KEYS
	help
	Enable encryption of files and directories. This
	feature is similar to ecryptfs, but it is more memory
	efficient since it avoids caching the encrypted and
	decrypted pages in the page cache. Currently Ext4,
	F2FS and UBIFS make use of this feature.

	# Filesystems supporting encryption must select this if FS_ENCRYPTION. This
	# allows the algorithms to be built as modules when all the filesystems are,
	# whereas selecting them from FS_ENCRYPTION would force them to be built-in.
	#
	# Note: this option only pulls in the algorithms that filesystem encryption
	# needs "by default". If userspace will use "non-default" encryption modes such
	# as Adiantum encryption, then those other modes need to be explicitly enabled
	# in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
	#
	# Also note that this option only pulls in the generic implementations of the
	# algorithms, not any per-architecture optimized implementations. It is
	# strongly recommended to enable optimized implementations too. It is safe to
	# disable these generic implementations if corresponding optimized
	# implementations will always be available too; for this reason, these are soft
	# dependencies ('imply' rather than 'select'). Only disable these generic
	# implementations if you're sure they will never be needed, though.
	config FS_ENCRYPTION_ALGS
	tristate
	imply CRYPTO_AES
	imply CRYPTO_CBC
	imply CRYPTO_CTS
	imply CRYPTO_ECB
	imply CRYPTO_HMAC
	imply CRYPTO_SHA512
	imply CRYPTO_XTS

	config FS_ENCRYPTION_INLINE_CRYPT
	bool "Enable fscrypt to use inline crypto"
	depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
	help
	Enable fscrypt to use inline encryption hardware if available.