| # SPDX-License-Identifier: GPL-2.0-only |
| config SUNRPC |
| tristate |
| depends on MULTIUSER |
| |
| config SUNRPC_GSS |
| tristate |
| select OID_REGISTRY |
| depends on MULTIUSER |
| |
| config SUNRPC_BACKCHANNEL |
| bool |
| depends on SUNRPC |
| |
| config SUNRPC_SWAP |
| bool |
| depends on SUNRPC |
| |
| config RPCSEC_GSS_KRB5 |
| tristate "Secure RPC: Kerberos V mechanism" |
| depends on SUNRPC && CRYPTO |
| default y |
| select SUNRPC_GSS |
| select CRYPTO_SKCIPHER |
| select CRYPTO_HASH |
| help |
| Choose Y here to enable Secure RPC using the Kerberos version 5 |
| GSS-API mechanism (RFC 1964). |
| |
| Secure RPC calls with Kerberos require an auxiliary user-space |
| daemon which may be found in the Linux nfs-utils package |
| available from http://linux-nfs.org/. In addition, user-space |
| Kerberos support should be installed. |
| |
| If unsure, say Y. |
| |
| config RPCSEC_GSS_KRB5_SIMPLIFIED |
| bool |
| depends on RPCSEC_GSS_KRB5 |
| |
| config RPCSEC_GSS_KRB5_CRYPTOSYSTEM |
| bool |
| depends on RPCSEC_GSS_KRB5 |
| |
| config RPCSEC_GSS_KRB5_ENCTYPES_DES |
| bool "Enable Kerberos enctypes based on DES (deprecated)" |
| depends on RPCSEC_GSS_KRB5 |
| depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB |
| depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1 |
| depends on CRYPTO_DES |
| default n |
| select RPCSEC_GSS_KRB5_SIMPLIFIED |
| help |
| Choose Y to enable the use of deprecated Kerberos 5 |
| encryption types that utilize Data Encryption Standard |
| (DES) based ciphers. These include des-cbc-md5, |
| des-cbc-crc, and des-cbc-md4, which were deprecated by |
| RFC 6649, and des3-cbc-sha1, which was deprecated by RFC |
| 8429. |
| |
| These encryption types are known to be insecure, therefore |
| the default setting of this option is N. Support for these |
| encryption types is available only for compatibility with |
| legacy NFS client and server implementations. |
| |
| Removal of support is planned for a subsequent kernel |
| release. |
| |
| config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1 |
| bool "Enable Kerberos enctypes based on AES and SHA-1" |
| depends on RPCSEC_GSS_KRB5 |
| depends on CRYPTO_CBC && CRYPTO_CTS |
| depends on CRYPTO_HMAC && CRYPTO_SHA1 |
| depends on CRYPTO_AES |
| default y |
| select RPCSEC_GSS_KRB5_CRYPTOSYSTEM |
| help |
| Choose Y to enable the use of Kerberos 5 encryption types |
| that utilize Advanced Encryption Standard (AES) ciphers and |
| SHA-1 digests. These include aes128-cts-hmac-sha1-96 and |
| aes256-cts-hmac-sha1-96. |
| |
| config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA |
| bool "Enable Kerberos encryption types based on Camellia and CMAC" |
| depends on RPCSEC_GSS_KRB5 |
| depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA |
| depends on CRYPTO_CMAC |
| default n |
| select RPCSEC_GSS_KRB5_CRYPTOSYSTEM |
| help |
| Choose Y to enable the use of Kerberos 5 encryption types |
| that utilize Camellia ciphers (RFC 3713) and CMAC digests |
| (NIST Special Publication 800-38B). These include |
| camellia128-cts-cmac and camellia256-cts-cmac. |
| |
| config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 |
| bool "Enable Kerberos enctypes based on AES and SHA-2" |
| depends on RPCSEC_GSS_KRB5 |
| depends on CRYPTO_CBC && CRYPTO_CTS |
| depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512 |
| depends on CRYPTO_AES |
| default n |
| select RPCSEC_GSS_KRB5_CRYPTOSYSTEM |
| help |
| Choose Y to enable the use of Kerberos 5 encryption types |
| that utilize Advanced Encryption Standard (AES) ciphers and |
| SHA-2 digests. These include aes128-cts-hmac-sha256-128 and |
| aes256-cts-hmac-sha384-192. |
| |
| config RPCSEC_GSS_KRB5_KUNIT_TEST |
| tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS |
| depends on RPCSEC_GSS_KRB5 && KUNIT |
| default KUNIT_ALL_TESTS |
| help |
| This builds the KUnit tests for RPCSEC GSS Kerberos 5. |
| |
| KUnit tests run during boot and output the results to the debug |
| log in TAP format (https://testanything.org/). Only useful for |
| kernel devs running KUnit test harness and are not for inclusion |
| into a production build. |
| |
| For more information on KUnit and unit tests in general, refer |
| to the KUnit documentation in Documentation/dev-tools/kunit/. |
| |
| config SUNRPC_DEBUG |
| bool "RPC: Enable dprintk debugging" |
| depends on SUNRPC && SYSCTL |
| select DEBUG_FS |
| help |
| This option enables a sysctl-based debugging interface |
| that is be used by the 'rpcdebug' utility to turn on or off |
| logging of different aspects of the kernel RPC activity. |
| |
| Disabling this option will make your kernel slightly smaller, |
| but makes troubleshooting NFS issues significantly harder. |
| |
| If unsure, say Y. |
| |
| config SUNRPC_XPRT_RDMA |
| tristate "RPC-over-RDMA transport" |
| depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS |
| default SUNRPC && INFINIBAND |
| select SG_POOL |
| help |
| This option allows the NFS client and server to use RDMA |
| transports (InfiniBand, iWARP, or RoCE). |
| |
| To compile this support as a module, choose M. The module |
| will be called rpcrdma.ko. |
| |
| If unsure, or you know there is no RDMA capability on your |
| hardware platform, say N. |