tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / drivers / crypto / Kconfig
at v6.13-rc4 876 lines 27 kB view raw
1# SPDX-License-Identifier: GPL-2.0-only 2 3menuconfig CRYPTO_HW 4 bool "Hardware crypto devices" 5 default y 6 help 7 Say Y here to get to see options for hardware crypto devices and 8 processors. This option alone does not add any kernel code. 9 10 If you say N, all options in this submenu will be skipped and disabled. 11 12if CRYPTO_HW 13 14source "drivers/crypto/allwinner/Kconfig" 15 16config CRYPTO_DEV_PADLOCK 17 tristate "Support for VIA PadLock ACE" 18 depends on X86 && !UML 19 help 20 Some VIA processors come with an integrated crypto engine 21 (so called VIA PadLock ACE, Advanced Cryptography Engine) 22 that provides instructions for very fast cryptographic 23 operations with supported algorithms. 24 25 The instructions are used only when the CPU supports them. 26 Otherwise software encryption is used. 27 28config CRYPTO_DEV_PADLOCK_AES 29 tristate "PadLock driver for AES algorithm" 30 depends on CRYPTO_DEV_PADLOCK 31 select CRYPTO_SKCIPHER 32 select CRYPTO_LIB_AES 33 help 34 Use VIA PadLock for AES algorithm. 35 36 Available in VIA C3 and newer CPUs. 37 38 If unsure say M. The compiled module will be 39 called padlock-aes. 40 41config CRYPTO_DEV_PADLOCK_SHA 42 tristate "PadLock driver for SHA1 and SHA256 algorithms" 43 depends on CRYPTO_DEV_PADLOCK 44 select CRYPTO_HASH 45 select CRYPTO_SHA1 46 select CRYPTO_SHA256 47 help 48 Use VIA PadLock for SHA1/SHA256 algorithms. 49 50 Available in VIA C7 and newer processors. 51 52 If unsure say M. The compiled module will be 53 called padlock-sha. 54 55config CRYPTO_DEV_GEODE 56 tristate "Support for the Geode LX AES engine" 57 depends on X86_32 && PCI 58 select CRYPTO_ALGAPI 59 select CRYPTO_SKCIPHER 60 help 61 Say 'Y' here to use the AMD Geode LX processor on-board AES 62 engine for the CryptoAPI AES algorithm. 63 64 To compile this driver as a module, choose M here: the module 65 will be called geode-aes. 66 67config ZCRYPT 68 tristate "Support for s390 cryptographic adapters" 69 depends on S390 70 depends on AP 71 select HW_RANDOM 72 help 73 Select this option if you want to enable support for 74 s390 cryptographic adapters like Crypto Express 4 up 75 to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP) 76 or Accelerator (CEXxA) mode. 77 78config PKEY 79 tristate "Kernel API for protected key handling" 80 depends on S390 81 help 82 With this option enabled the pkey kernel modules provide an API 83 for creation and handling of protected keys. Other parts of the 84 kernel or userspace applications may use these functions. 85 86 The protected key support is distributed into: 87 - A pkey base and API kernel module (pkey.ko) which offers the 88 infrastructure for the pkey handler kernel modules, the ioctl 89 and the sysfs API and the in-kernel API to the crypto cipher 90 implementations using protected key. 91 - A pkey pckmo kernel module (pkey-pckmo.ko) which is automatically 92 loaded when pckmo support (that is generation of protected keys 93 from clear key values) is available. 94 - A pkey CCA kernel module (pkey-cca.ko) which is automatically 95 loaded when a CEX crypto card is available. 96 - A pkey EP11 kernel module (pkey-ep11.ko) which is automatically 97 loaded when a CEX crypto card is available. 98 - A pkey UV kernel module (pkey-uv.ko) which is automatically 99 loaded when the Ultravisor feature is available within a 100 protected execution environment. 101 102 Select this option if you want to enable the kernel and userspace 103 API for protected key handling. 104 105config PKEY_CCA 106 tristate "PKEY CCA support handler" 107 depends on PKEY 108 depends on ZCRYPT 109 help 110 This is the CCA support handler for deriving protected keys 111 from CCA (secure) keys. Also this handler provides an alternate 112 way to make protected keys from clear key values. 113 114 The PKEY CCA support handler needs a Crypto Express card (CEX) 115 in CCA mode. 116 117 If you have selected the PKEY option then you should also enable 118 this option unless you are sure you never need to derive protected 119 keys from CCA key material. 120 121config PKEY_EP11 122 tristate "PKEY EP11 support handler" 123 depends on PKEY 124 depends on ZCRYPT 125 help 126 This is the EP11 support handler for deriving protected keys 127 from EP11 (secure) keys. Also this handler provides an alternate 128 way to make protected keys from clear key values. 129 130 The PKEY EP11 support handler needs a Crypto Express card (CEX) 131 in EP11 mode. 132 133 If you have selected the PKEY option then you should also enable 134 this option unless you are sure you never need to derive protected 135 keys from EP11 key material. 136 137config PKEY_PCKMO 138 tristate "PKEY PCKMO support handler" 139 depends on PKEY 140 help 141 This is the PCKMO support handler for deriving protected keys 142 from clear key values via invoking the PCKMO instruction. 143 144 The PCKMO instruction can be enabled and disabled in the crypto 145 settings at the LPAR profile. This handler checks for availability 146 during initialization and if build as a kernel module unloads 147 itself if PCKMO is disabled. 148 149 The PCKMO way of deriving protected keys from clear key material 150 is especially used during self test of protected key ciphers like 151 PAES but the CCA and EP11 handler provide alternate ways to 152 generate protected keys from clear key values. 153 154 If you have selected the PKEY option then you should also enable 155 this option unless you are sure you never need to derive protected 156 keys from clear key values directly via PCKMO. 157 158config PKEY_UV 159 tristate "PKEY UV support handler" 160 depends on PKEY 161 depends on S390_UV_UAPI 162 help 163 This is the PKEY Ultravisor support handler for deriving protected 164 keys from secrets stored within the Ultravisor (UV). 165 166 This module works together with the UV device and supports the 167 retrieval of protected keys from secrets stored within the 168 UV firmware layer. This service is only available within 169 a protected execution guest and thus this module will fail upon 170 modprobe if no protected execution environment is detected. 171 172 Enable this option if you intend to run this kernel with an KVM 173 guest with protected execution and you want to use UV retrievable 174 secrets via PKEY API. 175 176config CRYPTO_PAES_S390 177 tristate "PAES cipher algorithms" 178 depends on S390 179 depends on ZCRYPT 180 depends on PKEY 181 select CRYPTO_ALGAPI 182 select CRYPTO_SKCIPHER 183 help 184 This is the s390 hardware accelerated implementation of the 185 AES cipher algorithms for use with protected key. 186 187 Select this option if you want to use the paes cipher 188 for example to use protected key encrypted devices. 189 190config S390_PRNG 191 tristate "Pseudo random number generator device driver" 192 depends on S390 193 default "m" 194 help 195 Select this option if you want to use the s390 pseudo random number 196 generator. The PRNG is part of the cryptographic processor functions 197 and uses triple-DES to generate secure random numbers like the 198 ANSI X9.17 standard. User-space programs access the 199 pseudo-random-number device through the char device /dev/prandom. 200 201 It is available as of z9. 202 203config CRYPTO_DEV_NIAGARA2 204 tristate "Niagara2 Stream Processing Unit driver" 205 select CRYPTO_LIB_DES 206 select CRYPTO_SKCIPHER 207 select CRYPTO_HASH 208 select CRYPTO_MD5 209 select CRYPTO_SHA1 210 select CRYPTO_SHA256 211 depends on SPARC64 212 help 213 Each core of a Niagara2 processor contains a Stream 214 Processing Unit, which itself contains several cryptographic 215 sub-units. One set provides the Modular Arithmetic Unit, 216 used for SSL offload. The other set provides the Cipher 217 Group, which can perform encryption, decryption, hashing, 218 checksumming, and raw copies. 219 220config CRYPTO_DEV_SL3516 221 tristate "Storlink SL3516 crypto offloader" 222 depends on ARCH_GEMINI || COMPILE_TEST 223 depends on HAS_IOMEM && PM 224 select CRYPTO_SKCIPHER 225 select CRYPTO_ENGINE 226 select CRYPTO_ECB 227 select CRYPTO_AES 228 select HW_RANDOM 229 help 230 This option allows you to have support for SL3516 crypto offloader. 231 232config CRYPTO_DEV_SL3516_DEBUG 233 bool "Enable SL3516 stats" 234 depends on CRYPTO_DEV_SL3516 235 depends on DEBUG_FS 236 help 237 Say y to enable SL3516 debug stats. 238 This will create /sys/kernel/debug/sl3516/stats for displaying 239 the number of requests per algorithm and other internal stats. 240 241config CRYPTO_DEV_HIFN_795X 242 tristate "Driver HIFN 795x crypto accelerator chips" 243 select CRYPTO_LIB_DES 244 select CRYPTO_SKCIPHER 245 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG 246 depends on PCI 247 depends on !ARCH_DMA_ADDR_T_64BIT 248 help 249 This option allows you to have support for HIFN 795x crypto adapters. 250 251config CRYPTO_DEV_HIFN_795X_RNG 252 bool "HIFN 795x random number generator" 253 depends on CRYPTO_DEV_HIFN_795X 254 help 255 Select this option if you want to enable the random number generator 256 on the HIFN 795x crypto adapters. 257 258source "drivers/crypto/caam/Kconfig" 259 260config CRYPTO_DEV_TALITOS 261 tristate "Talitos Freescale Security Engine (SEC)" 262 select CRYPTO_AEAD 263 select CRYPTO_AUTHENC 264 select CRYPTO_SKCIPHER 265 select CRYPTO_HASH 266 select CRYPTO_LIB_DES 267 select HW_RANDOM 268 depends on FSL_SOC 269 help 270 Say 'Y' here to use the Freescale Security Engine (SEC) 271 to offload cryptographic algorithm computation. 272 273 The Freescale SEC is present on PowerQUICC 'E' processors, such 274 as the MPC8349E and MPC8548E. 275 276 To compile this driver as a module, choose M here: the module 277 will be called talitos. 278 279config CRYPTO_DEV_TALITOS1 280 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)" 281 depends on CRYPTO_DEV_TALITOS 282 depends on PPC_8xx || PPC_82xx 283 default y 284 help 285 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0 286 found on MPC82xx or the Freescale Security Engine (SEC Lite) 287 version 1.2 found on MPC8xx 288 289config CRYPTO_DEV_TALITOS2 290 bool "SEC2+ (SEC version 2.0 or upper)" 291 depends on CRYPTO_DEV_TALITOS 292 default y if !PPC_8xx 293 help 294 Say 'Y' here to use the Freescale Security Engine (SEC) 295 version 2 and following as found on MPC83xx, MPC85xx, etc ... 296 297config CRYPTO_DEV_PPC4XX 298 tristate "Driver AMCC PPC4xx crypto accelerator" 299 depends on PPC && 4xx 300 select CRYPTO_HASH 301 select CRYPTO_AEAD 302 select CRYPTO_AES 303 select CRYPTO_LIB_AES 304 select CRYPTO_CCM 305 select CRYPTO_CTR 306 select CRYPTO_GCM 307 select CRYPTO_SKCIPHER 308 help 309 This option allows you to have support for AMCC crypto acceleration. 310 311config HW_RANDOM_PPC4XX 312 bool "PowerPC 4xx generic true random number generator support" 313 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y 314 default y 315 help 316 This option provides the kernel-side support for the TRNG hardware 317 found in the security function of some PowerPC 4xx SoCs. 318 319config CRYPTO_DEV_OMAP 320 tristate "Support for OMAP crypto HW accelerators" 321 depends on ARCH_OMAP2PLUS 322 help 323 OMAP processors have various crypto HW accelerators. Select this if 324 you want to use the OMAP modules for any of the crypto algorithms. 325 326if CRYPTO_DEV_OMAP 327 328config CRYPTO_DEV_OMAP_SHAM 329 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator" 330 depends on ARCH_OMAP2PLUS 331 select CRYPTO_ENGINE 332 select CRYPTO_SHA1 333 select CRYPTO_MD5 334 select CRYPTO_SHA256 335 select CRYPTO_SHA512 336 select CRYPTO_HMAC 337 help 338 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you 339 want to use the OMAP module for MD5/SHA1/SHA2 algorithms. 340 341config CRYPTO_DEV_OMAP_AES 342 tristate "Support for OMAP AES hw engine" 343 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS 344 select CRYPTO_AES 345 select CRYPTO_SKCIPHER 346 select CRYPTO_ENGINE 347 select CRYPTO_CBC 348 select CRYPTO_ECB 349 select CRYPTO_CTR 350 select CRYPTO_AEAD 351 help 352 OMAP processors have AES module accelerator. Select this if you 353 want to use the OMAP module for AES algorithms. 354 355config CRYPTO_DEV_OMAP_DES 356 tristate "Support for OMAP DES/3DES hw engine" 357 depends on ARCH_OMAP2PLUS 358 select CRYPTO_LIB_DES 359 select CRYPTO_SKCIPHER 360 select CRYPTO_ENGINE 361 help 362 OMAP processors have DES/3DES module accelerator. Select this if you 363 want to use the OMAP module for DES and 3DES algorithms. Currently 364 the ECB and CBC modes of operation are supported by the driver. Also 365 accesses made on unaligned boundaries are supported. 366 367endif # CRYPTO_DEV_OMAP 368 369config CRYPTO_DEV_SAHARA 370 tristate "Support for SAHARA crypto accelerator" 371 depends on ARCH_MXC && OF 372 select CRYPTO_SKCIPHER 373 select CRYPTO_AES 374 select CRYPTO_ECB 375 select CRYPTO_ENGINE 376 help 377 This option enables support for the SAHARA HW crypto accelerator 378 found in some Freescale i.MX chips. 379 380config CRYPTO_DEV_EXYNOS_RNG 381 tristate "Exynos HW pseudo random number generator support" 382 depends on ARCH_EXYNOS || COMPILE_TEST 383 depends on HAS_IOMEM 384 select CRYPTO_RNG 385 help 386 This driver provides kernel-side support through the 387 cryptographic API for the pseudo random number generator hardware 388 found on Exynos SoCs. 389 390 To compile this driver as a module, choose M here: the 391 module will be called exynos-rng. 392 393 If unsure, say Y. 394 395config CRYPTO_DEV_S5P 396 tristate "Support for Samsung S5PV210/Exynos crypto accelerator" 397 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST 398 depends on HAS_IOMEM 399 select CRYPTO_AES 400 select CRYPTO_SKCIPHER 401 help 402 This option allows you to have support for S5P crypto acceleration. 403 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES 404 algorithms execution. 405 406config CRYPTO_DEV_EXYNOS_HASH 407 bool "Support for Samsung Exynos HASH accelerator" 408 depends on CRYPTO_DEV_S5P 409 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m 410 select CRYPTO_SHA1 411 select CRYPTO_MD5 412 select CRYPTO_SHA256 413 help 414 Select this to offload Exynos from HASH MD5/SHA1/SHA256. 415 This will select software SHA1, MD5 and SHA256 as they are 416 needed for small and zero-size messages. 417 HASH algorithms will be disabled if EXYNOS_RNG 418 is enabled due to hw conflict. 419 420config CRYPTO_DEV_NX 421 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration" 422 depends on PPC64 423 help 424 This enables support for the NX hardware cryptographic accelerator 425 coprocessor that is in IBM PowerPC P7+ or later processors. This 426 does not actually enable any drivers, it only allows you to select 427 which acceleration type (encryption and/or compression) to enable. 428 429if CRYPTO_DEV_NX 430 source "drivers/crypto/nx/Kconfig" 431endif 432 433config CRYPTO_DEV_ATMEL_AUTHENC 434 bool "Support for Atmel IPSEC/SSL hw accelerator" 435 depends on ARCH_AT91 || COMPILE_TEST 436 depends on CRYPTO_DEV_ATMEL_AES 437 help 438 Some Atmel processors can combine the AES and SHA hw accelerators 439 to enhance support of IPSEC/SSL. 440 Select this if you want to use the Atmel modules for 441 authenc(hmac(shaX),Y(cbc)) algorithms. 442 443config CRYPTO_DEV_ATMEL_AES 444 tristate "Support for Atmel AES hw accelerator" 445 depends on ARCH_AT91 || COMPILE_TEST 446 select CRYPTO_AES 447 select CRYPTO_AEAD 448 select CRYPTO_SKCIPHER 449 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC 450 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC 451 help 452 Some Atmel processors have AES hw accelerator. 453 Select this if you want to use the Atmel module for 454 AES algorithms. 455 456 To compile this driver as a module, choose M here: the module 457 will be called atmel-aes. 458 459config CRYPTO_DEV_ATMEL_TDES 460 tristate "Support for Atmel DES/TDES hw accelerator" 461 depends on ARCH_AT91 || COMPILE_TEST 462 select CRYPTO_LIB_DES 463 select CRYPTO_SKCIPHER 464 help 465 Some Atmel processors have DES/TDES hw accelerator. 466 Select this if you want to use the Atmel module for 467 DES/TDES algorithms. 468 469 To compile this driver as a module, choose M here: the module 470 will be called atmel-tdes. 471 472config CRYPTO_DEV_ATMEL_SHA 473 tristate "Support for Atmel SHA hw accelerator" 474 depends on ARCH_AT91 || COMPILE_TEST 475 select CRYPTO_HASH 476 help 477 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512 478 hw accelerator. 479 Select this if you want to use the Atmel module for 480 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms. 481 482 To compile this driver as a module, choose M here: the module 483 will be called atmel-sha. 484 485config CRYPTO_DEV_ATMEL_I2C 486 tristate 487 select BITREVERSE 488 489config CRYPTO_DEV_ATMEL_ECC 490 tristate "Support for Microchip / Atmel ECC hw accelerator" 491 depends on I2C 492 select CRYPTO_DEV_ATMEL_I2C 493 select CRYPTO_ECDH 494 select CRC16 495 help 496 Microhip / Atmel ECC hw accelerator. 497 Select this if you want to use the Microchip / Atmel module for 498 ECDH algorithm. 499 500 To compile this driver as a module, choose M here: the module 501 will be called atmel-ecc. 502 503config CRYPTO_DEV_ATMEL_SHA204A 504 tristate "Support for Microchip / Atmel SHA accelerator and RNG" 505 depends on I2C 506 select CRYPTO_DEV_ATMEL_I2C 507 select HW_RANDOM 508 select CRC16 509 help 510 Microhip / Atmel SHA accelerator and RNG. 511 Select this if you want to use the Microchip / Atmel SHA204A 512 module as a random number generator. (Other functions of the 513 chip are currently not exposed by this driver) 514 515 To compile this driver as a module, choose M here: the module 516 will be called atmel-sha204a. 517 518config CRYPTO_DEV_CCP 519 bool "Support for AMD Secure Processor" 520 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM 521 help 522 The AMD Secure Processor provides support for the Cryptographic Coprocessor 523 (CCP) and the Platform Security Processor (PSP) devices. 524 525if CRYPTO_DEV_CCP 526 source "drivers/crypto/ccp/Kconfig" 527endif 528 529config CRYPTO_DEV_MXS_DCP 530 tristate "Support for Freescale MXS DCP" 531 depends on (ARCH_MXS || ARCH_MXC) 532 select STMP_DEVICE 533 select CRYPTO_CBC 534 select CRYPTO_ECB 535 select CRYPTO_AES 536 select CRYPTO_SKCIPHER 537 select CRYPTO_HASH 538 help 539 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB 540 co-processor on the die. 541 542 To compile this driver as a module, choose M here: the module 543 will be called mxs-dcp. 544 545source "drivers/crypto/cavium/cpt/Kconfig" 546source "drivers/crypto/cavium/nitrox/Kconfig" 547source "drivers/crypto/marvell/Kconfig" 548source "drivers/crypto/intel/Kconfig" 549 550config CRYPTO_DEV_CAVIUM_ZIP 551 tristate "Cavium ZIP driver" 552 depends on PCI && 64BIT && (ARM64 || COMPILE_TEST) 553 help 554 Select this option if you want to enable compression/decompression 555 acceleration on Cavium's ARM based SoCs 556 557config CRYPTO_DEV_QCE 558 tristate "Qualcomm crypto engine accelerator" 559 depends on ARCH_QCOM || COMPILE_TEST 560 depends on HAS_IOMEM 561 help 562 This driver supports Qualcomm crypto engine accelerator 563 hardware. To compile this driver as a module, choose M here. The 564 module will be called qcrypto. 565 566config CRYPTO_DEV_QCE_SKCIPHER 567 bool 568 depends on CRYPTO_DEV_QCE 569 select CRYPTO_AES 570 select CRYPTO_LIB_DES 571 select CRYPTO_ECB 572 select CRYPTO_CBC 573 select CRYPTO_XTS 574 select CRYPTO_CTR 575 select CRYPTO_SKCIPHER 576 577config CRYPTO_DEV_QCE_SHA 578 bool 579 depends on CRYPTO_DEV_QCE 580 select CRYPTO_SHA1 581 select CRYPTO_SHA256 582 583config CRYPTO_DEV_QCE_AEAD 584 bool 585 depends on CRYPTO_DEV_QCE 586 select CRYPTO_AUTHENC 587 select CRYPTO_LIB_DES 588 589choice 590 prompt "Algorithms enabled for QCE acceleration" 591 default CRYPTO_DEV_QCE_ENABLE_ALL 592 depends on CRYPTO_DEV_QCE 593 help 594 This option allows to choose whether to build support for all algorithms 595 (default), hashes-only, or skciphers-only. 596 597 The QCE engine does not appear to scale as well as the CPU to handle 598 multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the 599 QCE handles only 2 requests in parallel. 600 601 Ipsec throughput seems to improve when disabling either family of 602 algorithms, sharing the load with the CPU. Enabling skciphers-only 603 appears to work best. 604 605 config CRYPTO_DEV_QCE_ENABLE_ALL 606 bool "All supported algorithms" 607 select CRYPTO_DEV_QCE_SKCIPHER 608 select CRYPTO_DEV_QCE_SHA 609 select CRYPTO_DEV_QCE_AEAD 610 help 611 Enable all supported algorithms: 612 - AES (CBC, CTR, ECB, XTS) 613 - 3DES (CBC, ECB) 614 - DES (CBC, ECB) 615 - SHA1, HMAC-SHA1 616 - SHA256, HMAC-SHA256 617 618 config CRYPTO_DEV_QCE_ENABLE_SKCIPHER 619 bool "Symmetric-key ciphers only" 620 select CRYPTO_DEV_QCE_SKCIPHER 621 help 622 Enable symmetric-key ciphers only: 623 - AES (CBC, CTR, ECB, XTS) 624 - 3DES (ECB, CBC) 625 - DES (ECB, CBC) 626 627 config CRYPTO_DEV_QCE_ENABLE_SHA 628 bool "Hash/HMAC only" 629 select CRYPTO_DEV_QCE_SHA 630 help 631 Enable hashes/HMAC algorithms only: 632 - SHA1, HMAC-SHA1 633 - SHA256, HMAC-SHA256 634 635 config CRYPTO_DEV_QCE_ENABLE_AEAD 636 bool "AEAD algorithms only" 637 select CRYPTO_DEV_QCE_AEAD 638 help 639 Enable AEAD algorithms only: 640 - authenc() 641 - ccm(aes) 642 - rfc4309(ccm(aes)) 643endchoice 644 645config CRYPTO_DEV_QCE_SW_MAX_LEN 646 int "Default maximum request size to use software for AES" 647 depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER 648 default 512 649 help 650 This sets the default maximum request size to perform AES requests 651 using software instead of the crypto engine. It can be changed by 652 setting the aes_sw_max_len parameter. 653 654 Small blocks are processed faster in software than hardware. 655 Considering the 256-bit ciphers, software is 2-3 times faster than 656 qce at 256-bytes, 30% faster at 512, and about even at 768-bytes. 657 With 128-bit keys, the break-even point would be around 1024-bytes. 658 659 The default is set a little lower, to 512 bytes, to balance the 660 cost in CPU usage. The minimum recommended setting is 16-bytes 661 (1 AES block), since AES-GCM will fail if you set it lower. 662 Setting this to zero will send all requests to the hardware. 663 664 Note that 192-bit keys are not supported by the hardware and are 665 always processed by the software fallback, and all DES requests 666 are done by the hardware. 667 668config CRYPTO_DEV_QCOM_RNG 669 tristate "Qualcomm Random Number Generator Driver" 670 depends on ARCH_QCOM || COMPILE_TEST 671 depends on HW_RANDOM 672 select CRYPTO_RNG 673 help 674 This driver provides support for the Random Number 675 Generator hardware found on Qualcomm SoCs. 676 677 To compile this driver as a module, choose M here. The 678 module will be called qcom-rng. If unsure, say N. 679 680#config CRYPTO_DEV_VMX 681# bool "Support for VMX cryptographic acceleration instructions" 682# depends on PPC64 && VSX 683# help 684# Support for VMX cryptographic acceleration instructions. 685# 686#source "drivers/crypto/vmx/Kconfig" 687 688config CRYPTO_DEV_IMGTEC_HASH 689 tristate "Imagination Technologies hardware hash accelerator" 690 depends on MIPS || COMPILE_TEST 691 select CRYPTO_MD5 692 select CRYPTO_SHA1 693 select CRYPTO_SHA256 694 select CRYPTO_HASH 695 help 696 This driver interfaces with the Imagination Technologies 697 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256 698 hashing algorithms. 699 700config CRYPTO_DEV_ROCKCHIP 701 tristate "Rockchip's Cryptographic Engine driver" 702 depends on OF && ARCH_ROCKCHIP 703 depends on PM 704 select CRYPTO_ECB 705 select CRYPTO_CBC 706 select CRYPTO_DES 707 select CRYPTO_AES 708 select CRYPTO_ENGINE 709 select CRYPTO_LIB_DES 710 select CRYPTO_MD5 711 select CRYPTO_SHA1 712 select CRYPTO_SHA256 713 select CRYPTO_HASH 714 select CRYPTO_SKCIPHER 715 716 help 717 This driver interfaces with the hardware crypto accelerator. 718 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode. 719 720config CRYPTO_DEV_ROCKCHIP_DEBUG 721 bool "Enable Rockchip crypto stats" 722 depends on CRYPTO_DEV_ROCKCHIP 723 depends on DEBUG_FS 724 help 725 Say y to enable Rockchip crypto debug stats. 726 This will create /sys/kernel/debug/rk3288_crypto/stats for displaying 727 the number of requests per algorithm and other internal stats. 728 729config CRYPTO_DEV_TEGRA 730 tristate "Enable Tegra Security Engine" 731 depends on TEGRA_HOST1X 732 select CRYPTO_ENGINE 733 734 help 735 Select this to enable Tegra Security Engine which accelerates various 736 AES encryption/decryption and HASH algorithms. 737 738config CRYPTO_DEV_ZYNQMP_AES 739 tristate "Support for Xilinx ZynqMP AES hw accelerator" 740 depends on ZYNQMP_FIRMWARE || COMPILE_TEST 741 select CRYPTO_AES 742 select CRYPTO_ENGINE 743 select CRYPTO_AEAD 744 help 745 Xilinx ZynqMP has AES-GCM engine used for symmetric key 746 encryption and decryption. This driver interfaces with AES hw 747 accelerator. Select this if you want to use the ZynqMP module 748 for AES algorithms. 749 750config CRYPTO_DEV_ZYNQMP_SHA3 751 tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator" 752 depends on ZYNQMP_FIRMWARE || COMPILE_TEST 753 select CRYPTO_SHA3 754 help 755 Xilinx ZynqMP has SHA3 engine used for secure hash calculation. 756 This driver interfaces with SHA3 hardware engine. 757 Select this if you want to use the ZynqMP module 758 for SHA3 hash computation. 759 760source "drivers/crypto/chelsio/Kconfig" 761 762source "drivers/crypto/virtio/Kconfig" 763 764config CRYPTO_DEV_BCM_SPU 765 tristate "Broadcom symmetric crypto/hash acceleration support" 766 depends on ARCH_BCM_IPROC 767 depends on MAILBOX 768 default m 769 select CRYPTO_AUTHENC 770 select CRYPTO_LIB_DES 771 select CRYPTO_MD5 772 select CRYPTO_SHA1 773 select CRYPTO_SHA256 774 select CRYPTO_SHA512 775 help 776 This driver provides support for Broadcom crypto acceleration using the 777 Secure Processing Unit (SPU). The SPU driver registers skcipher, 778 ahash, and aead algorithms with the kernel cryptographic API. 779 780source "drivers/crypto/stm32/Kconfig" 781 782config CRYPTO_DEV_SAFEXCEL 783 tristate "Inside Secure's SafeXcel cryptographic engine driver" 784 depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM 785 select CRYPTO_LIB_AES 786 select CRYPTO_AUTHENC 787 select CRYPTO_SKCIPHER 788 select CRYPTO_LIB_DES 789 select CRYPTO_HASH 790 select CRYPTO_HMAC 791 select CRYPTO_MD5 792 select CRYPTO_SHA1 793 select CRYPTO_SHA256 794 select CRYPTO_SHA512 795 select CRYPTO_CHACHA20POLY1305 796 select CRYPTO_SHA3 797 help 798 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic 799 engines designed by Inside Secure. It currently accelerates DES, 3DES and 800 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256, 801 SHA384 and SHA512 hash algorithms for both basic hash and HMAC. 802 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations. 803 804config CRYPTO_DEV_ARTPEC6 805 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration." 806 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST) 807 depends on OF 808 select CRYPTO_AEAD 809 select CRYPTO_AES 810 select CRYPTO_ALGAPI 811 select CRYPTO_SKCIPHER 812 select CRYPTO_CTR 813 select CRYPTO_HASH 814 select CRYPTO_SHA1 815 select CRYPTO_SHA256 816 select CRYPTO_SHA512 817 help 818 Enables the driver for the on-chip crypto accelerator 819 of Axis ARTPEC SoCs. 820 821 To compile this driver as a module, choose M here. 822 823config CRYPTO_DEV_CCREE 824 tristate "Support for ARM TrustZone CryptoCell family of security processors" 825 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA 826 depends on HAS_IOMEM 827 select CRYPTO_HASH 828 select CRYPTO_SKCIPHER 829 select CRYPTO_LIB_DES 830 select CRYPTO_AEAD 831 select CRYPTO_AUTHENC 832 select CRYPTO_SHA1 833 select CRYPTO_MD5 834 select CRYPTO_SHA256 835 select CRYPTO_SHA512 836 select CRYPTO_HMAC 837 select CRYPTO_AES 838 select CRYPTO_CBC 839 select CRYPTO_ECB 840 select CRYPTO_CTR 841 select CRYPTO_XTS 842 select CRYPTO_SM4_GENERIC 843 select CRYPTO_SM3_GENERIC 844 help 845 Say 'Y' to enable a driver for the REE interface of the Arm 846 TrustZone CryptoCell family of processors. Currently the 847 CryptoCell 713, 703, 712, 710 and 630 are supported. 848 Choose this if you wish to use hardware acceleration of 849 cryptographic operations on the system REE. 850 If unsure say Y. 851 852source "drivers/crypto/hisilicon/Kconfig" 853 854source "drivers/crypto/amlogic/Kconfig" 855 856config CRYPTO_DEV_SA2UL 857 tristate "Support for TI security accelerator" 858 depends on ARCH_K3 || COMPILE_TEST 859 select CRYPTO_AES 860 select CRYPTO_ALGAPI 861 select CRYPTO_AUTHENC 862 select CRYPTO_DES 863 select CRYPTO_SHA1 864 select CRYPTO_SHA256 865 select CRYPTO_SHA512 866 select HW_RANDOM 867 select SG_SPLIT 868 help 869 K3 devices include a security accelerator engine that may be 870 used for crypto offload. Select this if you want to use hardware 871 acceleration for cryptographic algorithms on these devices. 872 873source "drivers/crypto/aspeed/Kconfig" 874source "drivers/crypto/starfive/Kconfig" 875 876endif # CRYPTO_HW