mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-18 19:05:39 +00:00
84c7d76b5a
API: - Remove crypto stats interface. Algorithms: - Add faster AES-XTS on modern x86_64 CPUs. - Forbid curves with order less than 224 bits in ecc (FIPS 186-5). - Add ECDSA NIST P521. Drivers: - Expose otp zone in atmel. - Add dh fallback for primes > 4K in qat. - Add interface for live migration in qat. - Use dma for aes requests in starfive. - Add full DMA support for stm32mpx in stm32. - Add Tegra Security Engine driver. Others: - Introduce scope-based x509_certificate allocation. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmZBjXMACgkQxycdCkmx i6cQ7g/+JPKnzQedhpJSK5AnkAkqO9kJ16JdeB7AtdSeZZA/EIFxuXZ3Fv1fH44y 1CCibowc5zdss8F/1iOqPc57u5vy2Mjyw8qlhs7JlmcYf/lo7CBGfT8Uxo7BK/S9 n+/+y47Xu5p3yt/c6ldrwqjOaWaYuaCKICZtS91XVvrxM80iVnmDSQCNkcch4KQ4 nsdcVJhS4lOStBNjKtkhWlgufqdp8RPzKYH2B6GbW9z6en8WeTbnoMhgqjqQ3UID /DHtixyee0MDUDReQrixyCM3XMV5er/qBMoDrCxipBuVrr4GMd2GlCEaZbXfTUW0 3K8Nle4KMMqi81lBAQKiD/hRjrC68FHOvVRGHtZntR0+NZ/nlinXCVWv4iHwRzAB 7BOqRTC3mfv+uMhTvgwQAkXCHAhivMokSzTaDCIrzPLjKIx2BOfVZKmPBt98LxeW 8/JfgEK4gX6wxe4GRftueEApCfWQrwYK60j5bIkescaJ/mI7M5bEByvTTob1lAka Fw5kGDy8dVnrG9HagLwnXoI1pIGmca8hV1t24Vf1OCdWLgOW+GTCIuyutL2c9AWv 0vEbytGZl69XJlIgQGVcv9RM6NlIXxHwfSHU59N/SHTXhlHjm1XWi3HCiJaZ1b6+ pcILMJ29FMs8LobiN7PT+rNu6fboaH0/o+R7OK9mKRut864xFTk= =NDS0 -----END PGP SIGNATURE----- Merge tag 'v6.10-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "API: - Remove crypto stats interface Algorithms: - Add faster AES-XTS on modern x86_64 CPUs - Forbid curves with order less than 224 bits in ecc (FIPS 186-5) - Add ECDSA NIST P521 Drivers: - Expose otp zone in atmel - Add dh fallback for primes > 4K in qat - Add interface for live migration in qat - Use dma for aes requests in starfive - Add full DMA support for stm32mpx in stm32 - Add Tegra Security Engine driver Others: - Introduce scope-based x509_certificate allocation" * tag 'v6.10-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (123 commits) crypto: atmel-sha204a - provide the otp content crypto: atmel-sha204a - add reading from otp zone crypto: atmel-i2c - rename read function crypto: atmel-i2c - add missing arg description crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() crypto: sahara - use 'time_left' variable with wait_for_completion_timeout() crypto: api - use 'time_left' variable with wait_for_completion_killable_timeout() crypto: caam - i.MX8ULP donot have CAAM page0 access crypto: caam - init-clk based on caam-page0-access crypto: starfive - Use fallback for unaligned dma access crypto: starfive - Do not free stack buffer crypto: starfive - Skip unneeded fallback allocation crypto: starfive - Skip dma setup for zeroed message crypto: hisilicon/sec2 - fix for register offset crypto: hisilicon/debugfs - mask the unnecessary info from the dump crypto: qat - specify firmware files for 402xx crypto: x86/aes-gcm - simplify GCM hash subkey derivation crypto: x86/aes-gcm - delete unused GCM assembly code crypto: x86/aes-xts - simplify loop in xts_crypt_slowpath() hwrng: stm32 - repair clock handling ...
795 lines
23 KiB
Plaintext
795 lines
23 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
menuconfig CRYPTO_HW
|
|
bool "Hardware crypto devices"
|
|
default y
|
|
help
|
|
Say Y here to get to see options for hardware crypto devices and
|
|
processors. This option alone does not add any kernel code.
|
|
|
|
If you say N, all options in this submenu will be skipped and disabled.
|
|
|
|
if CRYPTO_HW
|
|
|
|
source "drivers/crypto/allwinner/Kconfig"
|
|
|
|
config CRYPTO_DEV_PADLOCK
|
|
tristate "Support for VIA PadLock ACE"
|
|
depends on X86 && !UML
|
|
help
|
|
Some VIA processors come with an integrated crypto engine
|
|
(so called VIA PadLock ACE, Advanced Cryptography Engine)
|
|
that provides instructions for very fast cryptographic
|
|
operations with supported algorithms.
|
|
|
|
The instructions are used only when the CPU supports them.
|
|
Otherwise software encryption is used.
|
|
|
|
config CRYPTO_DEV_PADLOCK_AES
|
|
tristate "PadLock driver for AES algorithm"
|
|
depends on CRYPTO_DEV_PADLOCK
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_AES
|
|
help
|
|
Use VIA PadLock for AES algorithm.
|
|
|
|
Available in VIA C3 and newer CPUs.
|
|
|
|
If unsure say M. The compiled module will be
|
|
called padlock-aes.
|
|
|
|
config CRYPTO_DEV_PADLOCK_SHA
|
|
tristate "PadLock driver for SHA1 and SHA256 algorithms"
|
|
depends on CRYPTO_DEV_PADLOCK
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
help
|
|
Use VIA PadLock for SHA1/SHA256 algorithms.
|
|
|
|
Available in VIA C7 and newer processors.
|
|
|
|
If unsure say M. The compiled module will be
|
|
called padlock-sha.
|
|
|
|
config CRYPTO_DEV_GEODE
|
|
tristate "Support for the Geode LX AES engine"
|
|
depends on X86_32 && PCI
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
Say 'Y' here to use the AMD Geode LX processor on-board AES
|
|
engine for the CryptoAPI AES algorithm.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called geode-aes.
|
|
|
|
config ZCRYPT
|
|
tristate "Support for s390 cryptographic adapters"
|
|
depends on S390
|
|
depends on AP
|
|
select HW_RANDOM
|
|
help
|
|
Select this option if you want to enable support for
|
|
s390 cryptographic adapters like Crypto Express 4 up
|
|
to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP)
|
|
or Accelerator (CEXxA) mode.
|
|
|
|
config PKEY
|
|
tristate "Kernel API for protected key handling"
|
|
depends on S390
|
|
depends on ZCRYPT
|
|
help
|
|
With this option enabled the pkey kernel module provides an API
|
|
for creation and handling of protected keys. Other parts of the
|
|
kernel or userspace applications may use these functions.
|
|
|
|
Select this option if you want to enable the kernel and userspace
|
|
API for proteced key handling.
|
|
|
|
Please note that creation of protected keys from secure keys
|
|
requires to have at least one CEX card in coprocessor mode
|
|
available at runtime.
|
|
|
|
config CRYPTO_PAES_S390
|
|
tristate "PAES cipher algorithms"
|
|
depends on S390
|
|
depends on ZCRYPT
|
|
depends on PKEY
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
This is the s390 hardware accelerated implementation of the
|
|
AES cipher algorithms for use with protected key.
|
|
|
|
Select this option if you want to use the paes cipher
|
|
for example to use protected key encrypted devices.
|
|
|
|
config S390_PRNG
|
|
tristate "Pseudo random number generator device driver"
|
|
depends on S390
|
|
default "m"
|
|
help
|
|
Select this option if you want to use the s390 pseudo random number
|
|
generator. The PRNG is part of the cryptographic processor functions
|
|
and uses triple-DES to generate secure random numbers like the
|
|
ANSI X9.17 standard. User-space programs access the
|
|
pseudo-random-number device through the char device /dev/prandom.
|
|
|
|
It is available as of z9.
|
|
|
|
config CRYPTO_DEV_NIAGARA2
|
|
tristate "Niagara2 Stream Processing Unit driver"
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_HASH
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
depends on SPARC64
|
|
help
|
|
Each core of a Niagara2 processor contains a Stream
|
|
Processing Unit, which itself contains several cryptographic
|
|
sub-units. One set provides the Modular Arithmetic Unit,
|
|
used for SSL offload. The other set provides the Cipher
|
|
Group, which can perform encryption, decryption, hashing,
|
|
checksumming, and raw copies.
|
|
|
|
config CRYPTO_DEV_SL3516
|
|
tristate "Storlink SL3516 crypto offloader"
|
|
depends on ARCH_GEMINI || COMPILE_TEST
|
|
depends on HAS_IOMEM && PM
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ENGINE
|
|
select CRYPTO_ECB
|
|
select CRYPTO_AES
|
|
select HW_RANDOM
|
|
help
|
|
This option allows you to have support for SL3516 crypto offloader.
|
|
|
|
config CRYPTO_DEV_SL3516_DEBUG
|
|
bool "Enable SL3516 stats"
|
|
depends on CRYPTO_DEV_SL3516
|
|
depends on DEBUG_FS
|
|
help
|
|
Say y to enable SL3516 debug stats.
|
|
This will create /sys/kernel/debug/sl3516/stats for displaying
|
|
the number of requests per algorithm and other internal stats.
|
|
|
|
config CRYPTO_DEV_HIFN_795X
|
|
tristate "Driver HIFN 795x crypto accelerator chips"
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_SKCIPHER
|
|
select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
|
|
depends on PCI
|
|
depends on !ARCH_DMA_ADDR_T_64BIT
|
|
help
|
|
This option allows you to have support for HIFN 795x crypto adapters.
|
|
|
|
config CRYPTO_DEV_HIFN_795X_RNG
|
|
bool "HIFN 795x random number generator"
|
|
depends on CRYPTO_DEV_HIFN_795X
|
|
help
|
|
Select this option if you want to enable the random number generator
|
|
on the HIFN 795x crypto adapters.
|
|
|
|
source "drivers/crypto/caam/Kconfig"
|
|
|
|
config CRYPTO_DEV_TALITOS
|
|
tristate "Talitos Freescale Security Engine (SEC)"
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_HASH
|
|
select CRYPTO_LIB_DES
|
|
select HW_RANDOM
|
|
depends on FSL_SOC
|
|
help
|
|
Say 'Y' here to use the Freescale Security Engine (SEC)
|
|
to offload cryptographic algorithm computation.
|
|
|
|
The Freescale SEC is present on PowerQUICC 'E' processors, such
|
|
as the MPC8349E and MPC8548E.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called talitos.
|
|
|
|
config CRYPTO_DEV_TALITOS1
|
|
bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
|
|
depends on CRYPTO_DEV_TALITOS
|
|
depends on PPC_8xx || PPC_82xx
|
|
default y
|
|
help
|
|
Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
|
|
found on MPC82xx or the Freescale Security Engine (SEC Lite)
|
|
version 1.2 found on MPC8xx
|
|
|
|
config CRYPTO_DEV_TALITOS2
|
|
bool "SEC2+ (SEC version 2.0 or upper)"
|
|
depends on CRYPTO_DEV_TALITOS
|
|
default y if !PPC_8xx
|
|
help
|
|
Say 'Y' here to use the Freescale Security Engine (SEC)
|
|
version 2 and following as found on MPC83xx, MPC85xx, etc ...
|
|
|
|
config CRYPTO_DEV_PPC4XX
|
|
tristate "Driver AMCC PPC4xx crypto accelerator"
|
|
depends on PPC && 4xx
|
|
select CRYPTO_HASH
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_AES
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_CCM
|
|
select CRYPTO_CTR
|
|
select CRYPTO_GCM
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
This option allows you to have support for AMCC crypto acceleration.
|
|
|
|
config HW_RANDOM_PPC4XX
|
|
bool "PowerPC 4xx generic true random number generator support"
|
|
depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y
|
|
default y
|
|
help
|
|
This option provides the kernel-side support for the TRNG hardware
|
|
found in the security function of some PowerPC 4xx SoCs.
|
|
|
|
config CRYPTO_DEV_OMAP
|
|
tristate "Support for OMAP crypto HW accelerators"
|
|
depends on ARCH_OMAP2PLUS
|
|
help
|
|
OMAP processors have various crypto HW accelerators. Select this if
|
|
you want to use the OMAP modules for any of the crypto algorithms.
|
|
|
|
if CRYPTO_DEV_OMAP
|
|
|
|
config CRYPTO_DEV_OMAP_SHAM
|
|
tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
|
|
depends on ARCH_OMAP2PLUS
|
|
select CRYPTO_ENGINE
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_SHA512
|
|
select CRYPTO_HMAC
|
|
help
|
|
OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
|
|
want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
|
|
|
|
config CRYPTO_DEV_OMAP_AES
|
|
tristate "Support for OMAP AES hw engine"
|
|
depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
|
|
select CRYPTO_AES
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ENGINE
|
|
select CRYPTO_CBC
|
|
select CRYPTO_ECB
|
|
select CRYPTO_CTR
|
|
select CRYPTO_AEAD
|
|
help
|
|
OMAP processors have AES module accelerator. Select this if you
|
|
want to use the OMAP module for AES algorithms.
|
|
|
|
config CRYPTO_DEV_OMAP_DES
|
|
tristate "Support for OMAP DES/3DES hw engine"
|
|
depends on ARCH_OMAP2PLUS
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_ENGINE
|
|
help
|
|
OMAP processors have DES/3DES module accelerator. Select this if you
|
|
want to use the OMAP module for DES and 3DES algorithms. Currently
|
|
the ECB and CBC modes of operation are supported by the driver. Also
|
|
accesses made on unaligned boundaries are supported.
|
|
|
|
endif # CRYPTO_DEV_OMAP
|
|
|
|
config CRYPTO_DEV_SAHARA
|
|
tristate "Support for SAHARA crypto accelerator"
|
|
depends on ARCH_MXC && OF
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_AES
|
|
select CRYPTO_ECB
|
|
select CRYPTO_ENGINE
|
|
help
|
|
This option enables support for the SAHARA HW crypto accelerator
|
|
found in some Freescale i.MX chips.
|
|
|
|
config CRYPTO_DEV_EXYNOS_RNG
|
|
tristate "Exynos HW pseudo random number generator support"
|
|
depends on ARCH_EXYNOS || COMPILE_TEST
|
|
depends on HAS_IOMEM
|
|
select CRYPTO_RNG
|
|
help
|
|
This driver provides kernel-side support through the
|
|
cryptographic API for the pseudo random number generator hardware
|
|
found on Exynos SoCs.
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
module will be called exynos-rng.
|
|
|
|
If unsure, say Y.
|
|
|
|
config CRYPTO_DEV_S5P
|
|
tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
|
|
depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
|
|
depends on HAS_IOMEM
|
|
select CRYPTO_AES
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
This option allows you to have support for S5P crypto acceleration.
|
|
Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
|
|
algorithms execution.
|
|
|
|
config CRYPTO_DEV_EXYNOS_HASH
|
|
bool "Support for Samsung Exynos HASH accelerator"
|
|
depends on CRYPTO_DEV_S5P
|
|
depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA256
|
|
help
|
|
Select this to offload Exynos from HASH MD5/SHA1/SHA256.
|
|
This will select software SHA1, MD5 and SHA256 as they are
|
|
needed for small and zero-size messages.
|
|
HASH algorithms will be disabled if EXYNOS_RNG
|
|
is enabled due to hw conflict.
|
|
|
|
config CRYPTO_DEV_NX
|
|
bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
|
|
depends on PPC64
|
|
help
|
|
This enables support for the NX hardware cryptographic accelerator
|
|
coprocessor that is in IBM PowerPC P7+ or later processors. This
|
|
does not actually enable any drivers, it only allows you to select
|
|
which acceleration type (encryption and/or compression) to enable.
|
|
|
|
if CRYPTO_DEV_NX
|
|
source "drivers/crypto/nx/Kconfig"
|
|
endif
|
|
|
|
config CRYPTO_DEV_ATMEL_AUTHENC
|
|
bool "Support for Atmel IPSEC/SSL hw accelerator"
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
|
depends on CRYPTO_DEV_ATMEL_AES
|
|
help
|
|
Some Atmel processors can combine the AES and SHA hw accelerators
|
|
to enhance support of IPSEC/SSL.
|
|
Select this if you want to use the Atmel modules for
|
|
authenc(hmac(shaX),Y(cbc)) algorithms.
|
|
|
|
config CRYPTO_DEV_ATMEL_AES
|
|
tristate "Support for Atmel AES hw accelerator"
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
|
select CRYPTO_AES
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
|
|
select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
|
|
help
|
|
Some Atmel processors have AES hw accelerator.
|
|
Select this if you want to use the Atmel module for
|
|
AES algorithms.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called atmel-aes.
|
|
|
|
config CRYPTO_DEV_ATMEL_TDES
|
|
tristate "Support for Atmel DES/TDES hw accelerator"
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_SKCIPHER
|
|
help
|
|
Some Atmel processors have DES/TDES hw accelerator.
|
|
Select this if you want to use the Atmel module for
|
|
DES/TDES algorithms.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called atmel-tdes.
|
|
|
|
config CRYPTO_DEV_ATMEL_SHA
|
|
tristate "Support for Atmel SHA hw accelerator"
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
|
select CRYPTO_HASH
|
|
help
|
|
Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
|
|
hw accelerator.
|
|
Select this if you want to use the Atmel module for
|
|
SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called atmel-sha.
|
|
|
|
config CRYPTO_DEV_ATMEL_I2C
|
|
tristate
|
|
select BITREVERSE
|
|
|
|
config CRYPTO_DEV_ATMEL_ECC
|
|
tristate "Support for Microchip / Atmel ECC hw accelerator"
|
|
depends on I2C
|
|
select CRYPTO_DEV_ATMEL_I2C
|
|
select CRYPTO_ECDH
|
|
select CRC16
|
|
help
|
|
Microhip / Atmel ECC hw accelerator.
|
|
Select this if you want to use the Microchip / Atmel module for
|
|
ECDH algorithm.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called atmel-ecc.
|
|
|
|
config CRYPTO_DEV_ATMEL_SHA204A
|
|
tristate "Support for Microchip / Atmel SHA accelerator and RNG"
|
|
depends on I2C
|
|
select CRYPTO_DEV_ATMEL_I2C
|
|
select HW_RANDOM
|
|
select CRC16
|
|
help
|
|
Microhip / Atmel SHA accelerator and RNG.
|
|
Select this if you want to use the Microchip / Atmel SHA204A
|
|
module as a random number generator. (Other functions of the
|
|
chip are currently not exposed by this driver)
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called atmel-sha204a.
|
|
|
|
config CRYPTO_DEV_CCP
|
|
bool "Support for AMD Secure Processor"
|
|
depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
|
|
help
|
|
The AMD Secure Processor provides support for the Cryptographic Coprocessor
|
|
(CCP) and the Platform Security Processor (PSP) devices.
|
|
|
|
if CRYPTO_DEV_CCP
|
|
source "drivers/crypto/ccp/Kconfig"
|
|
endif
|
|
|
|
config CRYPTO_DEV_MXS_DCP
|
|
tristate "Support for Freescale MXS DCP"
|
|
depends on (ARCH_MXS || ARCH_MXC)
|
|
select STMP_DEVICE
|
|
select CRYPTO_CBC
|
|
select CRYPTO_ECB
|
|
select CRYPTO_AES
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_HASH
|
|
help
|
|
The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
|
|
co-processor on the die.
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
will be called mxs-dcp.
|
|
|
|
source "drivers/crypto/cavium/cpt/Kconfig"
|
|
source "drivers/crypto/cavium/nitrox/Kconfig"
|
|
source "drivers/crypto/marvell/Kconfig"
|
|
source "drivers/crypto/intel/Kconfig"
|
|
|
|
config CRYPTO_DEV_CAVIUM_ZIP
|
|
tristate "Cavium ZIP driver"
|
|
depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
|
|
help
|
|
Select this option if you want to enable compression/decompression
|
|
acceleration on Cavium's ARM based SoCs
|
|
|
|
config CRYPTO_DEV_QCE
|
|
tristate "Qualcomm crypto engine accelerator"
|
|
depends on ARCH_QCOM || COMPILE_TEST
|
|
depends on HAS_IOMEM
|
|
help
|
|
This driver supports Qualcomm crypto engine accelerator
|
|
hardware. To compile this driver as a module, choose M here. The
|
|
module will be called qcrypto.
|
|
|
|
config CRYPTO_DEV_QCE_SKCIPHER
|
|
bool
|
|
depends on CRYPTO_DEV_QCE
|
|
select CRYPTO_AES
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_ECB
|
|
select CRYPTO_CBC
|
|
select CRYPTO_XTS
|
|
select CRYPTO_CTR
|
|
select CRYPTO_SKCIPHER
|
|
|
|
config CRYPTO_DEV_QCE_SHA
|
|
bool
|
|
depends on CRYPTO_DEV_QCE
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
|
|
config CRYPTO_DEV_QCE_AEAD
|
|
bool
|
|
depends on CRYPTO_DEV_QCE
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_LIB_DES
|
|
|
|
choice
|
|
prompt "Algorithms enabled for QCE acceleration"
|
|
default CRYPTO_DEV_QCE_ENABLE_ALL
|
|
depends on CRYPTO_DEV_QCE
|
|
help
|
|
This option allows to choose whether to build support for all algorithms
|
|
(default), hashes-only, or skciphers-only.
|
|
|
|
The QCE engine does not appear to scale as well as the CPU to handle
|
|
multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the
|
|
QCE handles only 2 requests in parallel.
|
|
|
|
Ipsec throughput seems to improve when disabling either family of
|
|
algorithms, sharing the load with the CPU. Enabling skciphers-only
|
|
appears to work best.
|
|
|
|
config CRYPTO_DEV_QCE_ENABLE_ALL
|
|
bool "All supported algorithms"
|
|
select CRYPTO_DEV_QCE_SKCIPHER
|
|
select CRYPTO_DEV_QCE_SHA
|
|
select CRYPTO_DEV_QCE_AEAD
|
|
help
|
|
Enable all supported algorithms:
|
|
- AES (CBC, CTR, ECB, XTS)
|
|
- 3DES (CBC, ECB)
|
|
- DES (CBC, ECB)
|
|
- SHA1, HMAC-SHA1
|
|
- SHA256, HMAC-SHA256
|
|
|
|
config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
|
|
bool "Symmetric-key ciphers only"
|
|
select CRYPTO_DEV_QCE_SKCIPHER
|
|
help
|
|
Enable symmetric-key ciphers only:
|
|
- AES (CBC, CTR, ECB, XTS)
|
|
- 3DES (ECB, CBC)
|
|
- DES (ECB, CBC)
|
|
|
|
config CRYPTO_DEV_QCE_ENABLE_SHA
|
|
bool "Hash/HMAC only"
|
|
select CRYPTO_DEV_QCE_SHA
|
|
help
|
|
Enable hashes/HMAC algorithms only:
|
|
- SHA1, HMAC-SHA1
|
|
- SHA256, HMAC-SHA256
|
|
|
|
config CRYPTO_DEV_QCE_ENABLE_AEAD
|
|
bool "AEAD algorithms only"
|
|
select CRYPTO_DEV_QCE_AEAD
|
|
help
|
|
Enable AEAD algorithms only:
|
|
- authenc()
|
|
- ccm(aes)
|
|
- rfc4309(ccm(aes))
|
|
endchoice
|
|
|
|
config CRYPTO_DEV_QCE_SW_MAX_LEN
|
|
int "Default maximum request size to use software for AES"
|
|
depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
|
|
default 512
|
|
help
|
|
This sets the default maximum request size to perform AES requests
|
|
using software instead of the crypto engine. It can be changed by
|
|
setting the aes_sw_max_len parameter.
|
|
|
|
Small blocks are processed faster in software than hardware.
|
|
Considering the 256-bit ciphers, software is 2-3 times faster than
|
|
qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
|
|
With 128-bit keys, the break-even point would be around 1024-bytes.
|
|
|
|
The default is set a little lower, to 512 bytes, to balance the
|
|
cost in CPU usage. The minimum recommended setting is 16-bytes
|
|
(1 AES block), since AES-GCM will fail if you set it lower.
|
|
Setting this to zero will send all requests to the hardware.
|
|
|
|
Note that 192-bit keys are not supported by the hardware and are
|
|
always processed by the software fallback, and all DES requests
|
|
are done by the hardware.
|
|
|
|
config CRYPTO_DEV_QCOM_RNG
|
|
tristate "Qualcomm Random Number Generator Driver"
|
|
depends on ARCH_QCOM || COMPILE_TEST
|
|
depends on HW_RANDOM
|
|
select CRYPTO_RNG
|
|
help
|
|
This driver provides support for the Random Number
|
|
Generator hardware found on Qualcomm SoCs.
|
|
|
|
To compile this driver as a module, choose M here. The
|
|
module will be called qcom-rng. If unsure, say N.
|
|
|
|
#config CRYPTO_DEV_VMX
|
|
# bool "Support for VMX cryptographic acceleration instructions"
|
|
# depends on PPC64 && VSX
|
|
# help
|
|
# Support for VMX cryptographic acceleration instructions.
|
|
#
|
|
#source "drivers/crypto/vmx/Kconfig"
|
|
|
|
config CRYPTO_DEV_IMGTEC_HASH
|
|
tristate "Imagination Technologies hardware hash accelerator"
|
|
depends on MIPS || COMPILE_TEST
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_HASH
|
|
help
|
|
This driver interfaces with the Imagination Technologies
|
|
hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
|
|
hashing algorithms.
|
|
|
|
config CRYPTO_DEV_ROCKCHIP
|
|
tristate "Rockchip's Cryptographic Engine driver"
|
|
depends on OF && ARCH_ROCKCHIP
|
|
depends on PM
|
|
select CRYPTO_ECB
|
|
select CRYPTO_CBC
|
|
select CRYPTO_DES
|
|
select CRYPTO_AES
|
|
select CRYPTO_ENGINE
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SKCIPHER
|
|
|
|
help
|
|
This driver interfaces with the hardware crypto accelerator.
|
|
Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
|
|
|
|
config CRYPTO_DEV_ROCKCHIP_DEBUG
|
|
bool "Enable Rockchip crypto stats"
|
|
depends on CRYPTO_DEV_ROCKCHIP
|
|
depends on DEBUG_FS
|
|
help
|
|
Say y to enable Rockchip crypto debug stats.
|
|
This will create /sys/kernel/debug/rk3288_crypto/stats for displaying
|
|
the number of requests per algorithm and other internal stats.
|
|
|
|
config CRYPTO_DEV_TEGRA
|
|
tristate "Enable Tegra Security Engine"
|
|
depends on TEGRA_HOST1X
|
|
select CRYPTO_ENGINE
|
|
|
|
help
|
|
Select this to enable Tegra Security Engine which accelerates various
|
|
AES encryption/decryption and HASH algorithms.
|
|
|
|
config CRYPTO_DEV_ZYNQMP_AES
|
|
tristate "Support for Xilinx ZynqMP AES hw accelerator"
|
|
depends on ZYNQMP_FIRMWARE || COMPILE_TEST
|
|
select CRYPTO_AES
|
|
select CRYPTO_ENGINE
|
|
select CRYPTO_AEAD
|
|
help
|
|
Xilinx ZynqMP has AES-GCM engine used for symmetric key
|
|
encryption and decryption. This driver interfaces with AES hw
|
|
accelerator. Select this if you want to use the ZynqMP module
|
|
for AES algorithms.
|
|
|
|
config CRYPTO_DEV_ZYNQMP_SHA3
|
|
tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator"
|
|
depends on ZYNQMP_FIRMWARE || COMPILE_TEST
|
|
select CRYPTO_SHA3
|
|
help
|
|
Xilinx ZynqMP has SHA3 engine used for secure hash calculation.
|
|
This driver interfaces with SHA3 hardware engine.
|
|
Select this if you want to use the ZynqMP module
|
|
for SHA3 hash computation.
|
|
|
|
source "drivers/crypto/chelsio/Kconfig"
|
|
|
|
source "drivers/crypto/virtio/Kconfig"
|
|
|
|
config CRYPTO_DEV_BCM_SPU
|
|
tristate "Broadcom symmetric crypto/hash acceleration support"
|
|
depends on ARCH_BCM_IPROC
|
|
depends on MAILBOX
|
|
default m
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_SHA512
|
|
help
|
|
This driver provides support for Broadcom crypto acceleration using the
|
|
Secure Processing Unit (SPU). The SPU driver registers skcipher,
|
|
ahash, and aead algorithms with the kernel cryptographic API.
|
|
|
|
source "drivers/crypto/stm32/Kconfig"
|
|
|
|
config CRYPTO_DEV_SAFEXCEL
|
|
tristate "Inside Secure's SafeXcel cryptographic engine driver"
|
|
depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
|
|
select CRYPTO_LIB_AES
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_HASH
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_SHA512
|
|
select CRYPTO_CHACHA20POLY1305
|
|
select CRYPTO_SHA3
|
|
help
|
|
This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
|
|
engines designed by Inside Secure. It currently accelerates DES, 3DES and
|
|
AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
|
|
SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
|
|
Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
|
|
|
|
config CRYPTO_DEV_ARTPEC6
|
|
tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
|
|
depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
|
|
depends on OF
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_AES
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_CTR
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_SHA512
|
|
help
|
|
Enables the driver for the on-chip crypto accelerator
|
|
of Axis ARTPEC SoCs.
|
|
|
|
To compile this driver as a module, choose M here.
|
|
|
|
config CRYPTO_DEV_CCREE
|
|
tristate "Support for ARM TrustZone CryptoCell family of security processors"
|
|
depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
|
|
depends on HAS_IOMEM
|
|
select CRYPTO_HASH
|
|
select CRYPTO_SKCIPHER
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_AEAD
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_MD5
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_SHA512
|
|
select CRYPTO_HMAC
|
|
select CRYPTO_AES
|
|
select CRYPTO_CBC
|
|
select CRYPTO_ECB
|
|
select CRYPTO_CTR
|
|
select CRYPTO_XTS
|
|
select CRYPTO_SM4_GENERIC
|
|
select CRYPTO_SM3_GENERIC
|
|
help
|
|
Say 'Y' to enable a driver for the REE interface of the Arm
|
|
TrustZone CryptoCell family of processors. Currently the
|
|
CryptoCell 713, 703, 712, 710 and 630 are supported.
|
|
Choose this if you wish to use hardware acceleration of
|
|
cryptographic operations on the system REE.
|
|
If unsure say Y.
|
|
|
|
source "drivers/crypto/hisilicon/Kconfig"
|
|
|
|
source "drivers/crypto/amlogic/Kconfig"
|
|
|
|
config CRYPTO_DEV_SA2UL
|
|
tristate "Support for TI security accelerator"
|
|
depends on ARCH_K3 || COMPILE_TEST
|
|
select CRYPTO_AES
|
|
select CRYPTO_ALGAPI
|
|
select CRYPTO_AUTHENC
|
|
select CRYPTO_DES
|
|
select CRYPTO_SHA1
|
|
select CRYPTO_SHA256
|
|
select CRYPTO_SHA512
|
|
select HW_RANDOM
|
|
select SG_SPLIT
|
|
help
|
|
K3 devices include a security accelerator engine that may be
|
|
used for crypto offload. Select this if you want to use hardware
|
|
acceleration for cryptographic algorithms on these devices.
|
|
|
|
source "drivers/crypto/aspeed/Kconfig"
|
|
source "drivers/crypto/starfive/Kconfig"
|
|
|
|
endif # CRYPTO_HW
|