2019-05-19 15:07:45 +03:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2007-07-16 10:39:36 +04:00
|
|
|
|
|
|
|
|
menuconfig CRYPTO_HW
|
|
|
|
|
bool "Hardware crypto devices"
|
|
|
|
|
default y
|
2020-06-13 19:50:22 +03:00
|
|
|
help
|
2007-08-18 14:56:21 +04:00
|
|
|
Say Y here to get to see options for hardware crypto devices and
|
|
|
|
|
processors. This option alone does not add any kernel code.
|
|
|
|
|
|
|
|
|
|
If you say N, all options in this submenu will be skipped and disabled.
|
2007-07-16 10:39:36 +04:00
|
|
|
|
|
|
|
|
if CRYPTO_HW
|
2005-04-17 02:20:36 +04:00
|
|
|
|
2019-10-23 23:05:03 +03:00
|
|
|
source "drivers/crypto/allwinner/Kconfig"
|
|
|
|
|
|
2005-04-17 02:20:36 +04:00
|
|
|
config CRYPTO_DEV_PADLOCK
|
2007-05-18 07:17:22 +04:00
|
|
|
tristate "Support for VIA PadLock ACE"
|
2009-04-22 09:00:15 +04:00
|
|
|
depends on X86 && !UML
|
2005-04-17 02:20:36 +04:00
|
|
|
help
|
|
|
|
|
Some VIA processors come with an integrated crypto engine
|
|
|
|
|
(so called VIA PadLock ACE, Advanced Cryptography Engine)
|
2006-08-06 16:46:20 +04:00
|
|
|
that provides instructions for very fast cryptographic
|
|
|
|
|
operations with supported algorithms.
|
2005-04-17 02:20:36 +04:00
|
|
|
|
|
|
|
|
The instructions are used only when the CPU supports them.
|
2006-08-06 16:50:30 +04:00
|
|
|
Otherwise software encryption is used.
|
|
|
|
|
|
2005-04-17 02:20:36 +04:00
|
|
|
config CRYPTO_DEV_PADLOCK_AES
|
2006-08-06 16:46:20 +04:00
|
|
|
tristate "PadLock driver for AES algorithm"
|
2005-04-17 02:20:36 +04:00
|
|
|
depends on CRYPTO_DEV_PADLOCK
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2019-07-02 22:41:25 +03:00
|
|
|
select CRYPTO_LIB_AES
|
2005-04-17 02:20:36 +04:00
|
|
|
help
|
|
|
|
|
Use VIA PadLock for AES algorithm.
|
|
|
|
|
|
2006-08-06 16:46:20 +04:00
|
|
|
Available in VIA C3 and newer CPUs.
|
|
|
|
|
|
|
|
|
|
If unsure say M. The compiled module will be
|
2009-06-05 02:44:53 +04:00
|
|
|
called padlock-aes.
|
2006-08-06 16:46:20 +04:00
|
|
|
|
2006-07-12 06:29:38 +04:00
|
|
|
config CRYPTO_DEV_PADLOCK_SHA
|
|
|
|
|
tristate "PadLock driver for SHA1 and SHA256 algorithms"
|
|
|
|
|
depends on CRYPTO_DEV_PADLOCK
|
2009-07-11 14:16:16 +04:00
|
|
|
select CRYPTO_HASH
|
2006-07-12 06:29:38 +04:00
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
help
|
|
|
|
|
Use VIA PadLock for SHA1/SHA256 algorithms.
|
|
|
|
|
|
|
|
|
|
Available in VIA C7 and newer processors.
|
|
|
|
|
|
|
|
|
|
If unsure say M. The compiled module will be
|
2009-06-05 02:44:53 +04:00
|
|
|
called padlock-sha.
|
2006-07-12 06:29:38 +04:00
|
|
|
|
2006-10-04 12:48:57 +04:00
|
|
|
config CRYPTO_DEV_GEODE
|
|
|
|
|
tristate "Support for the Geode LX AES engine"
|
2007-05-02 16:08:26 +04:00
|
|
|
depends on X86_32 && PCI
|
2006-10-04 12:48:57 +04:00
|
|
|
select CRYPTO_ALGAPI
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2006-10-04 12:48:57 +04:00
|
|
|
help
|
|
|
|
|
Say 'Y' here to use the AMD Geode LX processor on-board AES
|
2007-05-09 09:12:20 +04:00
|
|
|
engine for the CryptoAPI AES algorithm.
|
2006-10-04 12:48:57 +04:00
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called geode-aes.
|
|
|
|
|
|
2007-05-10 17:46:00 +04:00
|
|
|
config ZCRYPT
|
2017-02-20 18:09:51 +03:00
|
|
|
tristate "Support for s390 cryptographic adapters"
|
2007-05-10 17:46:00 +04:00
|
|
|
depends on S390
|
2008-04-17 09:46:15 +04:00
|
|
|
select HW_RANDOM
|
2007-05-10 17:46:00 +04:00
|
|
|
help
|
2017-02-20 18:09:51 +03:00
|
|
|
Select this option if you want to enable support for
|
|
|
|
|
s390 cryptographic adapters like:
|
2007-05-10 17:46:00 +04:00
|
|
|
+ PCI-X Cryptographic Coprocessor (PCIXCC)
|
2017-02-20 18:09:51 +03:00
|
|
|
+ Crypto Express 2,3,4 or 5 Coprocessor (CEXxC)
|
|
|
|
|
+ Crypto Express 2,3,4 or 5 Accelerator (CEXxA)
|
|
|
|
|
+ Crypto Express 4 or 5 EP11 Coprocessor (CEXxP)
|
2007-05-10 17:46:00 +04:00
|
|
|
|
s390/zcrypt: multiple zcrypt device nodes support
This patch is an extension to the zcrypt device driver to provide,
support and maintain multiple zcrypt device nodes. The individual
zcrypt device nodes can be restricted in terms of crypto cards,
domains and available ioctls. Such a device node can be used as a
base for container solutions like docker to control and restrict
the access to crypto resources.
The handling is done with a new sysfs subdir /sys/class/zcrypt.
Echoing a name (or an empty sting) into the attribute "create" creates
a new zcrypt device node. In /sys/class/zcrypt a new link will appear
which points to the sysfs device tree of this new device. The
attribute files "ioctlmask", "apmask" and "aqmask" in this directory
are used to customize this new zcrypt device node instance. Finally
the zcrypt device node can be destroyed by echoing the name into
/sys/class/zcrypt/destroy. The internal structs holding the device
info are reference counted - so a destroy will not hard remove a
device but only marks it as removable when the reference counter drops
to zero.
The mask values are bitmaps in big endian order starting with bit 0.
So adapter number 0 is the leftmost bit, mask is 0x8000... The sysfs
attributes accept 2 different formats:
* Absolute hex string starting with 0x like "0x12345678" does set
the mask starting from left to right. If the given string is shorter
than the mask it is padded with 0s on the right. If the string is
longer than the mask an error comes back (EINVAL).
* Relative format - a concatenation (done with ',') of the
terms +<bitnr>[-<bitnr>] or -<bitnr>[-<bitnr>]. <bitnr> may be any
valid number (hex, decimal or octal) in the range 0...255. Here are
some examples:
"+0-15,+32,-128,-0xFF"
"-0-255,+1-16,+0x128"
"+1,+2,+3,+4,-5,-7-10"
A simple usage examples:
# create new zcrypt device 'my_zcrypt':
echo "my_zcrypt" >/sys/class/zcrypt/create
# go into the device dir of this new device
echo "my_zcrypt" >create
cd my_zcrypt/
ls -l
total 0
-rw-r--r-- 1 root root 4096 Jul 20 15:23 apmask
-rw-r--r-- 1 root root 4096 Jul 20 15:23 aqmask
-r--r--r-- 1 root root 4096 Jul 20 15:23 dev
-rw-r--r-- 1 root root 4096 Jul 20 15:23 ioctlmask
lrwxrwxrwx 1 root root 0 Jul 20 15:23 subsystem -> ../../../../class/zcrypt
...
# customize this zcrypt node clone
# enable only adapter 0 and 2
echo "0xa0" >apmask
# enable only domain 6
echo "+6" >aqmask
# enable all 256 ioctls
echo "+0-255" >ioctls
# now the /dev/my_zcrypt may be used
# finally destroy it
echo "my_zcrypt" >/sys/class/zcrypt/destroy
Please note that a very similar 'filtering behavior' also applies to
the parent z90crypt device. The two mask attributes apmask and aqmask
in /sys/bus/ap act the very same for the z90crypt device node. However
the implementation here is totally different as the ap bus acts on
bind/unbind of queue devices and associated drivers but the effect is
still the same. So there are two filters active for each additional
zcrypt device node: The adapter/domain needs to be enabled on the ap
bus level and it needs to be active on the zcrypt device node level.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2018-09-17 17:18:41 +03:00
|
|
|
config ZCRYPT_MULTIDEVNODES
|
|
|
|
|
bool "Support for multiple zcrypt device nodes"
|
|
|
|
|
default y
|
|
|
|
|
depends on S390
|
|
|
|
|
depends on ZCRYPT
|
|
|
|
|
help
|
|
|
|
|
With this option enabled the zcrypt device driver can
|
|
|
|
|
provide multiple devices nodes in /dev. Each device
|
|
|
|
|
node can get customized to limit access and narrow
|
|
|
|
|
down the use of the available crypto hardware.
|
|
|
|
|
|
2016-11-02 16:37:20 +03:00
|
|
|
config PKEY
|
|
|
|
|
tristate "Kernel API for protected key handling"
|
|
|
|
|
depends on S390
|
|
|
|
|
depends on ZCRYPT
|
|
|
|
|
help
|
|
|
|
|
With this option enabled the pkey kernel module provides an API
|
|
|
|
|
for creation and handling of protected keys. Other parts of the
|
|
|
|
|
kernel or userspace applications may use these functions.
|
|
|
|
|
|
|
|
|
|
Select this option if you want to enable the kernel and userspace
|
|
|
|
|
API for proteced key handling.
|
|
|
|
|
|
|
|
|
|
Please note that creation of protected keys from secure keys
|
|
|
|
|
requires to have at least one CEX card in coprocessor mode
|
|
|
|
|
available at runtime.
|
2007-05-10 17:46:00 +04:00
|
|
|
|
2017-05-11 18:15:54 +03:00
|
|
|
config CRYPTO_PAES_S390
|
|
|
|
|
tristate "PAES cipher algorithms"
|
|
|
|
|
depends on S390
|
|
|
|
|
depends on ZCRYPT
|
|
|
|
|
depends on PKEY
|
|
|
|
|
select CRYPTO_ALGAPI
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2017-05-11 18:15:54 +03:00
|
|
|
help
|
|
|
|
|
This is the s390 hardware accelerated implementation of the
|
|
|
|
|
AES cipher algorithms for use with protected key.
|
|
|
|
|
|
|
|
|
|
Select this option if you want to use the paes cipher
|
|
|
|
|
for example to use protected key encrypted devices.
|
|
|
|
|
|
2008-01-26 16:11:07 +03:00
|
|
|
config CRYPTO_SHA1_S390
|
|
|
|
|
tristate "SHA1 digest algorithm"
|
|
|
|
|
depends on S390
|
2009-01-18 12:33:33 +03:00
|
|
|
select CRYPTO_HASH
|
2008-01-26 16:11:07 +03:00
|
|
|
help
|
|
|
|
|
This is the s390 hardware accelerated implementation of the
|
|
|
|
|
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
|
|
|
|
|
|
2011-04-19 23:29:19 +04:00
|
|
|
It is available as of z990.
|
|
|
|
|
|
2008-01-26 16:11:07 +03:00
|
|
|
config CRYPTO_SHA256_S390
|
|
|
|
|
tristate "SHA256 digest algorithm"
|
|
|
|
|
depends on S390
|
2009-01-18 12:33:33 +03:00
|
|
|
select CRYPTO_HASH
|
2008-01-26 16:11:07 +03:00
|
|
|
help
|
|
|
|
|
This is the s390 hardware accelerated implementation of the
|
|
|
|
|
SHA256 secure hash standard (DFIPS 180-2).
|
|
|
|
|
|
2011-04-19 23:29:19 +04:00
|
|
|
It is available as of z9.
|
2008-01-26 16:11:07 +03:00
|
|
|
|
2008-03-06 14:52:00 +03:00
|
|
|
config CRYPTO_SHA512_S390
|
2008-03-06 14:53:50 +03:00
|
|
|
tristate "SHA384 and SHA512 digest algorithm"
|
2008-03-06 14:52:00 +03:00
|
|
|
depends on S390
|
2009-01-18 12:33:33 +03:00
|
|
|
select CRYPTO_HASH
|
2008-03-06 14:52:00 +03:00
|
|
|
help
|
|
|
|
|
This is the s390 hardware accelerated implementation of the
|
|
|
|
|
SHA512 secure hash standard.
|
|
|
|
|
|
2011-04-19 23:29:19 +04:00
|
|
|
It is available as of z10.
|
2008-03-06 14:52:00 +03:00
|
|
|
|
2019-08-14 15:56:54 +03:00
|
|
|
config CRYPTO_SHA3_256_S390
|
|
|
|
|
tristate "SHA3_224 and SHA3_256 digest algorithm"
|
|
|
|
|
depends on S390
|
|
|
|
|
select CRYPTO_HASH
|
|
|
|
|
help
|
|
|
|
|
This is the s390 hardware accelerated implementation of the
|
|
|
|
|
SHA3_256 secure hash standard.
|
|
|
|
|
|
|
|
|
|
It is available as of z14.
|
|
|
|
|
|
|
|
|
|
config CRYPTO_SHA3_512_S390
|
|
|
|
|
tristate "SHA3_384 and SHA3_512 digest algorithm"
|
|
|
|
|
depends on S390
|
|
|
|
|
select CRYPTO_HASH
|
|
|
|
|
help
|
|
|
|
|
This is the s390 hardware accelerated implementation of the
|
|
|
|
|
SHA3_512 secure hash standard.
|
|
|
|
|
|
|
|
|
|
It is available as of z14.
|
|
|
|
|
|
2008-01-26 16:11:07 +03:00
|
|
|
config CRYPTO_DES_S390
|
|
|
|
|
tristate "DES and Triple DES cipher algorithms"
|
|
|
|
|
depends on S390
|
|
|
|
|
select CRYPTO_ALGAPI
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2008-01-26 16:11:07 +03:00
|
|
|
help
|
2011-05-04 09:09:44 +04:00
|
|
|
This is the s390 hardware accelerated implementation of the
|
2008-01-26 16:11:07 +03:00
|
|
|
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
|
|
|
|
|
|
2011-05-04 09:09:44 +04:00
|
|
|
As of z990 the ECB and CBC mode are hardware accelerated.
|
|
|
|
|
As of z196 the CTR mode is hardware accelerated.
|
|
|
|
|
|
2008-01-26 16:11:07 +03:00
|
|
|
config CRYPTO_AES_S390
|
|
|
|
|
tristate "AES cipher algorithms"
|
|
|
|
|
depends on S390
|
|
|
|
|
select CRYPTO_ALGAPI
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2008-01-26 16:11:07 +03:00
|
|
|
help
|
|
|
|
|
This is the s390 hardware accelerated implementation of the
|
2011-04-26 10:12:42 +04:00
|
|
|
AES cipher algorithms (FIPS-197).
|
|
|
|
|
|
|
|
|
|
As of z9 the ECB and CBC modes are hardware accelerated
|
|
|
|
|
for 128 bit keys.
|
|
|
|
|
As of z10 the ECB and CBC modes are hardware accelerated
|
|
|
|
|
for all AES key sizes.
|
2011-05-04 09:09:44 +04:00
|
|
|
As of z196 the CTR mode is hardware accelerated for all AES
|
|
|
|
|
key sizes and XTS mode is hardware accelerated for 256 and
|
2011-04-26 10:12:42 +04:00
|
|
|
512 bit keys.
|
2008-01-26 16:11:07 +03:00
|
|
|
|
|
|
|
|
config S390_PRNG
|
|
|
|
|
tristate "Pseudo random number generator device driver"
|
|
|
|
|
depends on S390
|
|
|
|
|
default "m"
|
|
|
|
|
help
|
|
|
|
|
Select this option if you want to use the s390 pseudo random number
|
|
|
|
|
generator. The PRNG is part of the cryptographic processor functions
|
|
|
|
|
and uses triple-DES to generate secure random numbers like the
|
2011-04-19 23:29:19 +04:00
|
|
|
ANSI X9.17 standard. User-space programs access the
|
|
|
|
|
pseudo-random-number device through the char device /dev/prandom.
|
|
|
|
|
|
|
|
|
|
It is available as of z9.
|
2008-01-26 16:11:07 +03:00
|
|
|
|
2011-04-19 23:29:18 +04:00
|
|
|
config CRYPTO_GHASH_S390
|
2019-07-20 09:09:18 +03:00
|
|
|
tristate "GHASH hash function"
|
2011-04-19 23:29:18 +04:00
|
|
|
depends on S390
|
|
|
|
|
select CRYPTO_HASH
|
|
|
|
|
help
|
2019-07-20 09:09:18 +03:00
|
|
|
This is the s390 hardware accelerated implementation of GHASH,
|
|
|
|
|
the hash function used in GCM (Galois/Counter mode).
|
2011-04-19 23:29:18 +04:00
|
|
|
|
|
|
|
|
It is available as of z196.
|
|
|
|
|
|
2015-04-28 16:52:44 +03:00
|
|
|
config CRYPTO_CRC32_S390
|
|
|
|
|
tristate "CRC-32 algorithms"
|
|
|
|
|
depends on S390
|
|
|
|
|
select CRYPTO_HASH
|
|
|
|
|
select CRC32
|
|
|
|
|
help
|
|
|
|
|
Select this option if you want to use hardware accelerated
|
|
|
|
|
implementations of CRC algorithms. With this option, you
|
|
|
|
|
can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
|
|
|
|
|
and CRC-32C (Castagnoli).
|
|
|
|
|
|
|
|
|
|
It is available with IBM z13 or later.
|
|
|
|
|
|
2010-05-19 08:14:04 +04:00
|
|
|
config CRYPTO_DEV_NIAGARA2
|
2019-11-21 06:20:48 +03:00
|
|
|
tristate "Niagara2 Stream Processing Unit driver"
|
|
|
|
|
select CRYPTO_LIB_DES
|
|
|
|
|
select CRYPTO_SKCIPHER
|
|
|
|
|
select CRYPTO_HASH
|
|
|
|
|
select CRYPTO_MD5
|
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
depends on SPARC64
|
|
|
|
|
help
|
2010-05-19 08:14:04 +04:00
|
|
|
Each core of a Niagara2 processor contains a Stream
|
|
|
|
|
Processing Unit, which itself contains several cryptographic
|
|
|
|
|
sub-units. One set provides the Modular Arithmetic Unit,
|
|
|
|
|
used for SSL offload. The other set provides the Cipher
|
|
|
|
|
Group, which can perform encryption, decryption, hashing,
|
|
|
|
|
checksumming, and raw copies.
|
|
|
|
|
|
2007-10-26 17:31:14 +04:00
|
|
|
config CRYPTO_DEV_HIFN_795X
|
|
|
|
|
tristate "Driver HIFN 795x crypto accelerator chips"
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2008-01-26 01:48:44 +03:00
|
|
|
select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
|
2007-11-12 16:56:38 +03:00
|
|
|
depends on PCI
|
2011-10-10 14:55:41 +04:00
|
|
|
depends on !ARCH_DMA_ADDR_T_64BIT
|
2007-10-26 17:31:14 +04:00
|
|
|
help
|
|
|
|
|
This option allows you to have support for HIFN 795x crypto adapters.
|
|
|
|
|
|
2008-01-26 01:48:44 +03:00
|
|
|
config CRYPTO_DEV_HIFN_795X_RNG
|
|
|
|
|
bool "HIFN 795x random number generator"
|
|
|
|
|
depends on CRYPTO_DEV_HIFN_795X
|
|
|
|
|
help
|
|
|
|
|
Select this option if you want to enable the random number generator
|
|
|
|
|
on the HIFN 795x crypto adapters.
|
2007-10-26 17:31:14 +04:00
|
|
|
|
2018-12-11 14:01:04 +03:00
|
|
|
source "drivers/crypto/caam/Kconfig"
|
2011-03-13 11:54:26 +03:00
|
|
|
|
2008-06-23 15:50:15 +04:00
|
|
|
config CRYPTO_DEV_TALITOS
|
|
|
|
|
tristate "Talitos Freescale Security Engine (SEC)"
|
2015-06-17 09:58:24 +03:00
|
|
|
select CRYPTO_AEAD
|
2008-06-23 15:50:15 +04:00
|
|
|
select CRYPTO_AUTHENC
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2015-06-17 09:58:24 +03:00
|
|
|
select CRYPTO_HASH
|
2019-11-26 14:28:36 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2008-06-23 15:50:15 +04:00
|
|
|
select HW_RANDOM
|
|
|
|
|
depends on FSL_SOC
|
|
|
|
|
help
|
|
|
|
|
Say 'Y' here to use the Freescale Security Engine (SEC)
|
|
|
|
|
to offload cryptographic algorithm computation.
|
|
|
|
|
|
|
|
|
|
The Freescale SEC is present on PowerQUICC 'E' processors, such
|
|
|
|
|
as the MPC8349E and MPC8548E.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called talitos.
|
|
|
|
|
|
2015-04-17 17:32:03 +03:00
|
|
|
config CRYPTO_DEV_TALITOS1
|
|
|
|
|
bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
|
|
|
|
|
depends on CRYPTO_DEV_TALITOS
|
|
|
|
|
depends on PPC_8xx || PPC_82xx
|
|
|
|
|
default y
|
|
|
|
|
help
|
|
|
|
|
Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
|
|
|
|
|
found on MPC82xx or the Freescale Security Engine (SEC Lite)
|
|
|
|
|
version 1.2 found on MPC8xx
|
|
|
|
|
|
|
|
|
|
config CRYPTO_DEV_TALITOS2
|
|
|
|
|
bool "SEC2+ (SEC version 2.0 or upper)"
|
|
|
|
|
depends on CRYPTO_DEV_TALITOS
|
|
|
|
|
default y if !PPC_8xx
|
|
|
|
|
help
|
|
|
|
|
Say 'Y' here to use the Freescale Security Engine (SEC)
|
|
|
|
|
version 2 and following as found on MPC83xx, MPC85xx, etc ...
|
|
|
|
|
|
2008-06-25 10:38:47 +04:00
|
|
|
config CRYPTO_DEV_IXP4XX
|
|
|
|
|
tristate "Driver for IXP4xx crypto hardware acceleration"
|
2010-03-26 01:56:05 +03:00
|
|
|
depends on ARCH_IXP4XX && IXP4XX_QMGR && IXP4XX_NPE
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2015-06-17 09:58:24 +03:00
|
|
|
select CRYPTO_AEAD
|
2008-07-13 16:12:11 +04:00
|
|
|
select CRYPTO_AUTHENC
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2008-06-25 10:38:47 +04:00
|
|
|
help
|
|
|
|
|
Driver for the IXP4xx NPE crypto engine.
|
|
|
|
|
|
2009-02-05 08:18:13 +03:00
|
|
|
config CRYPTO_DEV_PPC4XX
|
|
|
|
|
tristate "Driver AMCC PPC4xx crypto accelerator"
|
|
|
|
|
depends on PPC && 4xx
|
|
|
|
|
select CRYPTO_HASH
|
2017-10-04 02:00:15 +03:00
|
|
|
select CRYPTO_AEAD
|
2019-10-27 18:47:47 +03:00
|
|
|
select CRYPTO_AES
|
2019-07-02 22:41:42 +03:00
|
|
|
select CRYPTO_LIB_AES
|
2017-10-04 02:00:15 +03:00
|
|
|
select CRYPTO_CCM
|
2018-04-19 19:41:54 +03:00
|
|
|
select CRYPTO_CTR
|
2017-10-04 02:00:15 +03:00
|
|
|
select CRYPTO_GCM
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2009-02-05 08:18:13 +03:00
|
|
|
help
|
|
|
|
|
This option allows you to have support for AMCC crypto acceleration.
|
|
|
|
|
|
2016-04-18 13:57:41 +03:00
|
|
|
config HW_RANDOM_PPC4XX
|
|
|
|
|
bool "PowerPC 4xx generic true random number generator support"
|
|
|
|
|
depends on CRYPTO_DEV_PPC4XX && HW_RANDOM
|
|
|
|
|
default y
|
2020-06-13 19:50:22 +03:00
|
|
|
help
|
2016-04-18 13:57:41 +03:00
|
|
|
This option provides the kernel-side support for the TRNG hardware
|
|
|
|
|
found in the security function of some PowerPC 4xx SoCs.
|
|
|
|
|
|
2017-05-24 10:35:26 +03:00
|
|
|
config CRYPTO_DEV_OMAP
|
|
|
|
|
tristate "Support for OMAP crypto HW accelerators"
|
|
|
|
|
depends on ARCH_OMAP2PLUS
|
|
|
|
|
help
|
|
|
|
|
OMAP processors have various crypto HW accelerators. Select this if
|
2019-11-21 06:20:48 +03:00
|
|
|
you want to use the OMAP modules for any of the crypto algorithms.
|
2017-05-24 10:35:26 +03:00
|
|
|
|
|
|
|
|
if CRYPTO_DEV_OMAP
|
|
|
|
|
|
2010-05-03 07:10:59 +04:00
|
|
|
config CRYPTO_DEV_OMAP_SHAM
|
2013-07-26 10:59:14 +04:00
|
|
|
tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
|
|
|
|
|
depends on ARCH_OMAP2PLUS
|
2010-05-03 07:10:59 +04:00
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_MD5
|
2013-07-26 10:59:14 +04:00
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_SHA512
|
|
|
|
|
select CRYPTO_HMAC
|
2010-05-03 07:10:59 +04:00
|
|
|
help
|
2013-07-26 10:59:14 +04:00
|
|
|
OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
|
|
|
|
|
want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
|
2010-05-03 07:10:59 +04:00
|
|
|
|
2010-09-03 15:16:02 +04:00
|
|
|
config CRYPTO_DEV_OMAP_AES
|
|
|
|
|
tristate "Support for OMAP AES hw engine"
|
2013-08-18 06:42:35 +04:00
|
|
|
depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
|
2010-09-03 15:16:02 +04:00
|
|
|
select CRYPTO_AES
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2016-01-26 15:25:40 +03:00
|
|
|
select CRYPTO_ENGINE
|
2016-08-04 13:28:44 +03:00
|
|
|
select CRYPTO_CBC
|
|
|
|
|
select CRYPTO_ECB
|
|
|
|
|
select CRYPTO_CTR
|
2017-05-24 10:35:31 +03:00
|
|
|
select CRYPTO_AEAD
|
2010-09-03 15:16:02 +04:00
|
|
|
help
|
|
|
|
|
OMAP processors have AES module accelerator. Select this if you
|
|
|
|
|
want to use the OMAP module for AES algorithms.
|
|
|
|
|
|
2014-02-14 20:49:47 +04:00
|
|
|
config CRYPTO_DEV_OMAP_DES
|
2016-03-13 18:15:37 +03:00
|
|
|
tristate "Support for OMAP DES/3DES hw engine"
|
2014-02-14 20:49:47 +04:00
|
|
|
depends on ARCH_OMAP2PLUS
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2016-04-28 09:11:51 +03:00
|
|
|
select CRYPTO_ENGINE
|
2014-02-14 20:49:47 +04:00
|
|
|
help
|
|
|
|
|
OMAP processors have DES/3DES module accelerator. Select this if you
|
|
|
|
|
want to use the OMAP module for DES and 3DES algorithms. Currently
|
2016-03-13 18:15:37 +03:00
|
|
|
the ECB and CBC modes of operation are supported by the driver. Also
|
|
|
|
|
accesses made on unaligned boundaries are supported.
|
2014-02-14 20:49:47 +04:00
|
|
|
|
2017-05-24 10:35:26 +03:00
|
|
|
endif # CRYPTO_DEV_OMAP
|
|
|
|
|
|
2011-02-21 08:43:21 +03:00
|
|
|
config CRYPTO_DEV_PICOXCELL
|
|
|
|
|
tristate "Support for picoXcell IPSEC and Layer2 crypto engines"
|
2017-01-02 20:06:57 +03:00
|
|
|
depends on (ARCH_PICOXCELL || COMPILE_TEST) && HAVE_CLK
|
2015-06-17 09:58:24 +03:00
|
|
|
select CRYPTO_AEAD
|
2011-02-21 08:43:21 +03:00
|
|
|
select CRYPTO_AES
|
|
|
|
|
select CRYPTO_AUTHENC
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2011-02-21 08:43:21 +03:00
|
|
|
select CRYPTO_CBC
|
|
|
|
|
select CRYPTO_ECB
|
|
|
|
|
select CRYPTO_SEQIV
|
|
|
|
|
help
|
|
|
|
|
This option enables support for the hardware offload engines in the
|
|
|
|
|
Picochip picoXcell SoC devices. Select this for IPSEC ESP offload
|
|
|
|
|
and for 3gpp Layer 2 ciphering support.
|
|
|
|
|
|
2019-08-19 08:18:33 +03:00
|
|
|
Saying m here will build a module named picoxcell_crypto.
|
2011-02-21 08:43:21 +03:00
|
|
|
|
2013-03-01 15:37:53 +04:00
|
|
|
config CRYPTO_DEV_SAHARA
|
|
|
|
|
tristate "Support for SAHARA crypto accelerator"
|
2013-05-12 15:57:19 +04:00
|
|
|
depends on ARCH_MXC && OF
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2013-03-01 15:37:53 +04:00
|
|
|
select CRYPTO_AES
|
|
|
|
|
select CRYPTO_ECB
|
|
|
|
|
help
|
|
|
|
|
This option enables support for the SAHARA HW crypto accelerator
|
|
|
|
|
found in some Freescale i.MX chips.
|
|
|
|
|
|
2017-04-11 21:08:35 +03:00
|
|
|
config CRYPTO_DEV_EXYNOS_RNG
|
2020-01-04 18:20:59 +03:00
|
|
|
tristate "Exynos HW pseudo random number generator support"
|
2017-04-11 21:08:35 +03:00
|
|
|
depends on ARCH_EXYNOS || COMPILE_TEST
|
|
|
|
|
depends on HAS_IOMEM
|
|
|
|
|
select CRYPTO_RNG
|
2020-06-13 19:50:22 +03:00
|
|
|
help
|
2017-04-11 21:08:35 +03:00
|
|
|
This driver provides kernel-side support through the
|
|
|
|
|
cryptographic API for the pseudo random number generator hardware
|
|
|
|
|
found on Exynos SoCs.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called exynos-rng.
|
|
|
|
|
|
|
|
|
|
If unsure, say Y.
|
|
|
|
|
|
2011-04-08 16:40:51 +04:00
|
|
|
config CRYPTO_DEV_S5P
|
2014-05-08 17:58:14 +04:00
|
|
|
tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
|
2016-03-14 07:20:18 +03:00
|
|
|
depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
|
2018-04-17 20:49:03 +03:00
|
|
|
depends on HAS_IOMEM
|
2011-04-08 16:40:51 +04:00
|
|
|
select CRYPTO_AES
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2011-04-08 16:40:51 +04:00
|
|
|
help
|
|
|
|
|
This option allows you to have support for S5P crypto acceleration.
|
2014-05-08 17:58:14 +04:00
|
|
|
Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
|
2011-04-08 16:40:51 +04:00
|
|
|
algorithms execution.
|
|
|
|
|
|
2017-10-25 18:27:35 +03:00
|
|
|
config CRYPTO_DEV_EXYNOS_HASH
|
|
|
|
|
bool "Support for Samsung Exynos HASH accelerator"
|
|
|
|
|
depends on CRYPTO_DEV_S5P
|
|
|
|
|
depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
|
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_MD5
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
help
|
|
|
|
|
Select this to offload Exynos from HASH MD5/SHA1/SHA256.
|
|
|
|
|
This will select software SHA1, MD5 and SHA256 as they are
|
|
|
|
|
needed for small and zero-size messages.
|
|
|
|
|
HASH algorithms will be disabled if EXYNOS_RNG
|
|
|
|
|
is enabled due to hw conflict.
|
|
|
|
|
|
2012-04-12 09:39:26 +04:00
|
|
|
config CRYPTO_DEV_NX
|
2015-05-07 20:49:17 +03:00
|
|
|
bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
|
|
|
|
|
depends on PPC64
|
2012-04-12 09:39:26 +04:00
|
|
|
help
|
2015-05-07 20:49:17 +03:00
|
|
|
This enables support for the NX hardware cryptographic accelerator
|
|
|
|
|
coprocessor that is in IBM PowerPC P7+ or later processors. This
|
|
|
|
|
does not actually enable any drivers, it only allows you to select
|
|
|
|
|
which acceleration type (encryption and/or compression) to enable.
|
2012-07-19 18:42:38 +04:00
|
|
|
|
|
|
|
|
if CRYPTO_DEV_NX
|
|
|
|
|
source "drivers/crypto/nx/Kconfig"
|
|
|
|
|
endif
|
2012-04-12 09:39:26 +04:00
|
|
|
|
2012-04-30 12:11:17 +04:00
|
|
|
config CRYPTO_DEV_UX500
|
|
|
|
|
tristate "Driver for ST-Ericsson UX500 crypto hardware acceleration"
|
|
|
|
|
depends on ARCH_U8500
|
|
|
|
|
help
|
|
|
|
|
Driver for ST-Ericsson UX500 crypto engine.
|
|
|
|
|
|
|
|
|
|
if CRYPTO_DEV_UX500
|
|
|
|
|
source "drivers/crypto/ux500/Kconfig"
|
|
|
|
|
endif # if CRYPTO_DEV_UX500
|
|
|
|
|
|
2017-01-26 19:07:56 +03:00
|
|
|
config CRYPTO_DEV_ATMEL_AUTHENC
|
2019-11-13 12:55:50 +03:00
|
|
|
bool "Support for Atmel IPSEC/SSL hw accelerator"
|
2017-02-06 15:32:15 +03:00
|
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
2019-11-13 12:55:50 +03:00
|
|
|
depends on CRYPTO_DEV_ATMEL_AES
|
2017-01-26 19:07:56 +03:00
|
|
|
help
|
|
|
|
|
Some Atmel processors can combine the AES and SHA hw accelerators
|
|
|
|
|
to enhance support of IPSEC/SSL.
|
|
|
|
|
Select this if you want to use the Atmel modules for
|
|
|
|
|
authenc(hmac(shaX),Y(cbc)) algorithms.
|
|
|
|
|
|
2012-07-01 21:19:44 +04:00
|
|
|
config CRYPTO_DEV_ATMEL_AES
|
|
|
|
|
tristate "Support for Atmel AES hw accelerator"
|
2017-02-06 15:32:15 +03:00
|
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
2012-07-01 21:19:44 +04:00
|
|
|
select CRYPTO_AES
|
2015-12-17 20:13:07 +03:00
|
|
|
select CRYPTO_AEAD
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2019-11-13 12:55:50 +03:00
|
|
|
select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
|
|
|
|
|
select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
|
2012-07-01 21:19:44 +04:00
|
|
|
help
|
|
|
|
|
Some Atmel processors have AES hw accelerator.
|
|
|
|
|
Select this if you want to use the Atmel module for
|
|
|
|
|
AES algorithms.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called atmel-aes.
|
|
|
|
|
|
2012-07-01 21:19:45 +04:00
|
|
|
config CRYPTO_DEV_ATMEL_TDES
|
|
|
|
|
tristate "Support for Atmel DES/TDES hw accelerator"
|
2017-02-06 15:32:15 +03:00
|
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2012-07-01 21:19:45 +04:00
|
|
|
help
|
|
|
|
|
Some Atmel processors have DES/TDES hw accelerator.
|
|
|
|
|
Select this if you want to use the Atmel module for
|
|
|
|
|
DES/TDES algorithms.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called atmel-tdes.
|
|
|
|
|
|
2012-07-01 21:19:46 +04:00
|
|
|
config CRYPTO_DEV_ATMEL_SHA
|
2013-02-20 20:10:26 +04:00
|
|
|
tristate "Support for Atmel SHA hw accelerator"
|
2017-02-06 15:32:15 +03:00
|
|
|
depends on ARCH_AT91 || COMPILE_TEST
|
2015-06-17 09:58:24 +03:00
|
|
|
select CRYPTO_HASH
|
2012-07-01 21:19:46 +04:00
|
|
|
help
|
2013-02-20 20:10:26 +04:00
|
|
|
Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
|
|
|
|
|
hw accelerator.
|
2012-07-01 21:19:46 +04:00
|
|
|
Select this if you want to use the Atmel module for
|
2013-02-20 20:10:26 +04:00
|
|
|
SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
|
2012-07-01 21:19:46 +04:00
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called atmel-sha.
|
|
|
|
|
|
2019-05-24 19:26:48 +03:00
|
|
|
config CRYPTO_DEV_ATMEL_I2C
|
|
|
|
|
tristate
|
|
|
|
|
|
2017-07-05 13:07:59 +03:00
|
|
|
config CRYPTO_DEV_ATMEL_ECC
|
|
|
|
|
tristate "Support for Microchip / Atmel ECC hw accelerator"
|
|
|
|
|
depends on I2C
|
2019-05-24 19:26:48 +03:00
|
|
|
select CRYPTO_DEV_ATMEL_I2C
|
2017-07-05 13:07:59 +03:00
|
|
|
select CRYPTO_ECDH
|
|
|
|
|
select CRC16
|
|
|
|
|
help
|
|
|
|
|
Microhip / Atmel ECC hw accelerator.
|
|
|
|
|
Select this if you want to use the Microchip / Atmel module for
|
|
|
|
|
ECDH algorithm.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called atmel-ecc.
|
|
|
|
|
|
2019-05-24 19:26:49 +03:00
|
|
|
config CRYPTO_DEV_ATMEL_SHA204A
|
|
|
|
|
tristate "Support for Microchip / Atmel SHA accelerator and RNG"
|
|
|
|
|
depends on I2C
|
|
|
|
|
select CRYPTO_DEV_ATMEL_I2C
|
|
|
|
|
select HW_RANDOM
|
2019-05-31 15:17:49 +03:00
|
|
|
select CRC16
|
2019-05-24 19:26:49 +03:00
|
|
|
help
|
|
|
|
|
Microhip / Atmel SHA accelerator and RNG.
|
|
|
|
|
Select this if you want to use the Microchip / Atmel SHA204A
|
|
|
|
|
module as a random number generator. (Other functions of the
|
|
|
|
|
chip are currently not exposed by this driver)
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called atmel-sha204a.
|
|
|
|
|
|
2013-11-12 21:46:51 +04:00
|
|
|
config CRYPTO_DEV_CCP
|
2017-07-06 17:59:14 +03:00
|
|
|
bool "Support for AMD Secure Processor"
|
2015-02-03 22:07:29 +03:00
|
|
|
depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
|
2013-11-12 21:46:51 +04:00
|
|
|
help
|
2017-07-06 17:59:14 +03:00
|
|
|
The AMD Secure Processor provides support for the Cryptographic Coprocessor
|
|
|
|
|
(CCP) and the Platform Security Processor (PSP) devices.
|
2013-11-12 21:46:51 +04:00
|
|
|
|
|
|
|
|
if CRYPTO_DEV_CCP
|
|
|
|
|
source "drivers/crypto/ccp/Kconfig"
|
|
|
|
|
endif
|
|
|
|
|
|
2013-12-10 23:26:21 +04:00
|
|
|
config CRYPTO_DEV_MXS_DCP
|
|
|
|
|
tristate "Support for Freescale MXS DCP"
|
2015-09-02 18:05:18 +03:00
|
|
|
depends on (ARCH_MXS || ARCH_MXC)
|
2015-10-12 16:52:34 +03:00
|
|
|
select STMP_DEVICE
|
2013-12-10 23:26:21 +04:00
|
|
|
select CRYPTO_CBC
|
|
|
|
|
select CRYPTO_ECB
|
|
|
|
|
select CRYPTO_AES
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2015-06-17 09:58:24 +03:00
|
|
|
select CRYPTO_HASH
|
2013-12-10 23:26:21 +04:00
|
|
|
help
|
|
|
|
|
The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
|
|
|
|
|
co-processor on the die.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the module
|
|
|
|
|
will be called mxs-dcp.
|
|
|
|
|
|
2014-06-06 00:44:39 +04:00
|
|
|
source "drivers/crypto/qat/Kconfig"
|
2017-02-07 17:51:15 +03:00
|
|
|
source "drivers/crypto/cavium/cpt/Kconfig"
|
2017-05-30 14:58:01 +03:00
|
|
|
source "drivers/crypto/cavium/nitrox/Kconfig"
|
2020-03-13 14:47:05 +03:00
|
|
|
source "drivers/crypto/marvell/Kconfig"
|
2014-06-25 20:28:58 +04:00
|
|
|
|
2017-02-15 08:15:08 +03:00
|
|
|
config CRYPTO_DEV_CAVIUM_ZIP
|
|
|
|
|
tristate "Cavium ZIP driver"
|
|
|
|
|
depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
|
2020-06-13 19:50:22 +03:00
|
|
|
help
|
2017-02-15 08:15:08 +03:00
|
|
|
Select this option if you want to enable compression/decompression
|
|
|
|
|
acceleration on Cavium's ARM based SoCs
|
|
|
|
|
|
2014-06-25 20:28:58 +04:00
|
|
|
config CRYPTO_DEV_QCE
|
|
|
|
|
tristate "Qualcomm crypto engine accelerator"
|
2018-04-17 20:49:03 +03:00
|
|
|
depends on ARCH_QCOM || COMPILE_TEST
|
|
|
|
|
depends on HAS_IOMEM
|
2019-12-20 22:02:18 +03:00
|
|
|
help
|
|
|
|
|
This driver supports Qualcomm crypto engine accelerator
|
|
|
|
|
hardware. To compile this driver as a module, choose M here. The
|
|
|
|
|
module will be called qcrypto.
|
|
|
|
|
|
|
|
|
|
config CRYPTO_DEV_QCE_SKCIPHER
|
|
|
|
|
bool
|
|
|
|
|
depends on CRYPTO_DEV_QCE
|
2014-06-25 20:28:58 +04:00
|
|
|
select CRYPTO_AES
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2014-06-25 20:28:58 +04:00
|
|
|
select CRYPTO_ECB
|
|
|
|
|
select CRYPTO_CBC
|
|
|
|
|
select CRYPTO_XTS
|
|
|
|
|
select CRYPTO_CTR
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2019-12-20 22:02:18 +03:00
|
|
|
|
|
|
|
|
config CRYPTO_DEV_QCE_SHA
|
|
|
|
|
bool
|
|
|
|
|
depends on CRYPTO_DEV_QCE
|
2020-06-22 09:15:04 +03:00
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
2019-12-20 22:02:18 +03:00
|
|
|
|
|
|
|
|
choice
|
|
|
|
|
prompt "Algorithms enabled for QCE acceleration"
|
|
|
|
|
default CRYPTO_DEV_QCE_ENABLE_ALL
|
|
|
|
|
depends on CRYPTO_DEV_QCE
|
|
|
|
|
help
|
|
|
|
|
This option allows to choose whether to build support for all algorihtms
|
|
|
|
|
(default), hashes-only, or skciphers-only.
|
|
|
|
|
|
|
|
|
|
The QCE engine does not appear to scale as well as the CPU to handle
|
|
|
|
|
multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the
|
|
|
|
|
QCE handles only 2 requests in parallel.
|
|
|
|
|
|
|
|
|
|
Ipsec throughput seems to improve when disabling either family of
|
|
|
|
|
algorithms, sharing the load with the CPU. Enabling skciphers-only
|
|
|
|
|
appears to work best.
|
|
|
|
|
|
|
|
|
|
config CRYPTO_DEV_QCE_ENABLE_ALL
|
|
|
|
|
bool "All supported algorithms"
|
|
|
|
|
select CRYPTO_DEV_QCE_SKCIPHER
|
|
|
|
|
select CRYPTO_DEV_QCE_SHA
|
|
|
|
|
help
|
|
|
|
|
Enable all supported algorithms:
|
|
|
|
|
- AES (CBC, CTR, ECB, XTS)
|
|
|
|
|
- 3DES (CBC, ECB)
|
|
|
|
|
- DES (CBC, ECB)
|
|
|
|
|
- SHA1, HMAC-SHA1
|
|
|
|
|
- SHA256, HMAC-SHA256
|
|
|
|
|
|
|
|
|
|
config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
|
|
|
|
|
bool "Symmetric-key ciphers only"
|
|
|
|
|
select CRYPTO_DEV_QCE_SKCIPHER
|
|
|
|
|
help
|
|
|
|
|
Enable symmetric-key ciphers only:
|
|
|
|
|
- AES (CBC, CTR, ECB, XTS)
|
|
|
|
|
- 3DES (ECB, CBC)
|
|
|
|
|
- DES (ECB, CBC)
|
|
|
|
|
|
|
|
|
|
config CRYPTO_DEV_QCE_ENABLE_SHA
|
|
|
|
|
bool "Hash/HMAC only"
|
|
|
|
|
select CRYPTO_DEV_QCE_SHA
|
|
|
|
|
help
|
|
|
|
|
Enable hashes/HMAC algorithms only:
|
|
|
|
|
- SHA1, HMAC-SHA1
|
|
|
|
|
- SHA256, HMAC-SHA256
|
|
|
|
|
|
|
|
|
|
endchoice
|
2014-06-25 20:28:58 +04:00
|
|
|
|
crypto: qce - use AES fallback for small requests
Process small blocks using the fallback cipher, as a workaround for an
observed failure (DMA-related, apparently) when computing the GCM ghash
key. This brings a speed gain as well, since it avoids the latency of
using the hardware engine to process small blocks.
Using software for all 16-byte requests would be enough to make GCM
work, but to increase performance, a larger threshold would be better.
Measuring the performance of supported ciphers with openssl speed,
software matches hardware at around 768-1024 bytes.
Considering the 256-bit ciphers, software is 2-3 times faster than qce
at 256-bytes, 30% faster at 512, and about even at 768-bytes. With
128-bit keys, the break-even point would be around 1024-bytes.
This adds the 'aes_sw_max_len' parameter, to set the largest request
length processed by the software fallback. Its default is being set to
512 bytes, a little lower than the break-even point, to balance the cost
in CPU usage.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-02-07 18:02:26 +03:00
|
|
|
config CRYPTO_DEV_QCE_SW_MAX_LEN
|
|
|
|
|
int "Default maximum request size to use software for AES"
|
|
|
|
|
depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
|
|
|
|
|
default 512
|
|
|
|
|
help
|
|
|
|
|
This sets the default maximum request size to perform AES requests
|
|
|
|
|
using software instead of the crypto engine. It can be changed by
|
|
|
|
|
setting the aes_sw_max_len parameter.
|
|
|
|
|
|
|
|
|
|
Small blocks are processed faster in software than hardware.
|
|
|
|
|
Considering the 256-bit ciphers, software is 2-3 times faster than
|
|
|
|
|
qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
|
|
|
|
|
With 128-bit keys, the break-even point would be around 1024-bytes.
|
|
|
|
|
|
|
|
|
|
The default is set a little lower, to 512 bytes, to balance the
|
|
|
|
|
cost in CPU usage. The minimum recommended setting is 16-bytes
|
|
|
|
|
(1 AES block), since AES-GCM will fail if you set it lower.
|
|
|
|
|
Setting this to zero will send all requests to the hardware.
|
|
|
|
|
|
|
|
|
|
Note that 192-bit keys are not supported by the hardware and are
|
|
|
|
|
always processed by the software fallback, and all DES requests
|
|
|
|
|
are done by the hardware.
|
|
|
|
|
|
2018-07-16 08:50:24 +03:00
|
|
|
config CRYPTO_DEV_QCOM_RNG
|
|
|
|
|
tristate "Qualcomm Random Number Generator Driver"
|
|
|
|
|
depends on ARCH_QCOM || COMPILE_TEST
|
|
|
|
|
select CRYPTO_RNG
|
|
|
|
|
help
|
|
|
|
|
This driver provides support for the Random Number
|
|
|
|
|
Generator hardware found on Qualcomm SoCs.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here. The
|
2019-11-21 06:20:48 +03:00
|
|
|
module will be called qcom-rng. If unsure, say N.
|
2018-07-16 08:50:24 +03:00
|
|
|
|
2015-02-06 19:59:48 +03:00
|
|
|
config CRYPTO_DEV_VMX
|
|
|
|
|
bool "Support for VMX cryptographic acceleration instructions"
|
2015-09-09 11:22:35 +03:00
|
|
|
depends on PPC64 && VSX
|
2015-02-06 19:59:48 +03:00
|
|
|
help
|
|
|
|
|
Support for VMX cryptographic acceleration instructions.
|
|
|
|
|
|
|
|
|
|
source "drivers/crypto/vmx/Kconfig"
|
|
|
|
|
|
2015-03-13 02:17:26 +03:00
|
|
|
config CRYPTO_DEV_IMGTEC_HASH
|
|
|
|
|
tristate "Imagination Technologies hardware hash accelerator"
|
2015-04-23 21:03:58 +03:00
|
|
|
depends on MIPS || COMPILE_TEST
|
2015-03-13 02:17:26 +03:00
|
|
|
select CRYPTO_MD5
|
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_HASH
|
|
|
|
|
help
|
|
|
|
|
This driver interfaces with the Imagination Technologies
|
|
|
|
|
hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
|
|
|
|
|
hashing algorithms.
|
|
|
|
|
|
2015-11-25 08:43:32 +03:00
|
|
|
config CRYPTO_DEV_ROCKCHIP
|
|
|
|
|
tristate "Rockchip's Cryptographic Engine driver"
|
|
|
|
|
depends on OF && ARCH_ROCKCHIP
|
|
|
|
|
select CRYPTO_AES
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2016-02-16 05:15:01 +03:00
|
|
|
select CRYPTO_MD5
|
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_HASH
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2015-11-25 08:43:32 +03:00
|
|
|
|
|
|
|
|
help
|
|
|
|
|
This driver interfaces with the hardware crypto accelerator.
|
|
|
|
|
Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
|
|
|
|
|
|
2020-02-17 13:26:43 +03:00
|
|
|
config CRYPTO_DEV_ZYNQMP_AES
|
|
|
|
|
tristate "Support for Xilinx ZynqMP AES hw accelerator"
|
|
|
|
|
depends on ZYNQMP_FIRMWARE || COMPILE_TEST
|
|
|
|
|
select CRYPTO_AES
|
|
|
|
|
select CRYPTO_ENGINE
|
|
|
|
|
select CRYPTO_AEAD
|
|
|
|
|
help
|
|
|
|
|
Xilinx ZynqMP has AES-GCM engine used for symmetric key
|
|
|
|
|
encryption and decryption. This driver interfaces with AES hw
|
|
|
|
|
accelerator. Select this if you want to use the ZynqMP module
|
|
|
|
|
for AES algorithms.
|
|
|
|
|
|
2016-12-19 05:20:44 +03:00
|
|
|
config CRYPTO_DEV_MEDIATEK
|
|
|
|
|
tristate "MediaTek's EIP97 Cryptographic Engine driver"
|
2017-01-11 16:50:19 +03:00
|
|
|
depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST
|
2020-07-07 09:32:03 +03:00
|
|
|
select CRYPTO_LIB_AES
|
2017-01-20 08:41:15 +03:00
|
|
|
select CRYPTO_AEAD
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2017-01-11 16:50:19 +03:00
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_SHA512
|
2016-12-19 05:20:44 +03:00
|
|
|
select CRYPTO_HMAC
|
|
|
|
|
help
|
|
|
|
|
This driver allows you to utilize the hardware crypto accelerator
|
|
|
|
|
EIP97 which can be found on the MT7623 MT2701, MT8521p, etc ....
|
|
|
|
|
Select this if you want to use it for AES/SHA1/SHA2 algorithms.
|
|
|
|
|
|
2016-08-17 10:03:06 +03:00
|
|
|
source "drivers/crypto/chelsio/Kconfig"
|
|
|
|
|
|
2016-12-15 05:03:16 +03:00
|
|
|
source "drivers/crypto/virtio/Kconfig"
|
|
|
|
|
|
2017-02-03 20:55:33 +03:00
|
|
|
config CRYPTO_DEV_BCM_SPU
|
|
|
|
|
tristate "Broadcom symmetric crypto/hash acceleration support"
|
|
|
|
|
depends on ARCH_BCM_IPROC
|
2017-07-11 13:20:06 +03:00
|
|
|
depends on MAILBOX
|
2017-02-03 20:55:33 +03:00
|
|
|
default m
|
2018-12-17 10:23:23 +03:00
|
|
|
select CRYPTO_AUTHENC
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2017-02-03 20:55:33 +03:00
|
|
|
select CRYPTO_MD5
|
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_SHA512
|
|
|
|
|
help
|
|
|
|
|
This driver provides support for Broadcom crypto acceleration using the
|
2019-11-09 20:09:35 +03:00
|
|
|
Secure Processing Unit (SPU). The SPU driver registers skcipher,
|
2017-02-03 20:55:33 +03:00
|
|
|
ahash, and aead algorithms with the kernel cryptographic API.
|
|
|
|
|
|
2017-03-21 18:13:28 +03:00
|
|
|
source "drivers/crypto/stm32/Kconfig"
|
|
|
|
|
|
2017-05-24 17:10:34 +03:00
|
|
|
config CRYPTO_DEV_SAFEXCEL
|
|
|
|
|
tristate "Inside Secure's SafeXcel cryptographic engine driver"
|
2019-12-11 22:27:39 +03:00
|
|
|
depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
|
2019-07-02 22:41:27 +03:00
|
|
|
select CRYPTO_LIB_AES
|
2018-05-14 16:11:02 +03:00
|
|
|
select CRYPTO_AUTHENC
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2017-05-24 17:10:34 +03:00
|
|
|
select CRYPTO_HASH
|
|
|
|
|
select CRYPTO_HMAC
|
2018-06-28 18:21:53 +03:00
|
|
|
select CRYPTO_MD5
|
2017-05-24 17:10:34 +03:00
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_SHA512
|
2019-09-19 00:25:58 +03:00
|
|
|
select CRYPTO_CHACHA20POLY1305
|
2019-09-13 21:56:49 +03:00
|
|
|
select CRYPTO_SHA3
|
2017-05-24 17:10:34 +03:00
|
|
|
help
|
2019-08-19 17:40:23 +03:00
|
|
|
This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
|
|
|
|
|
engines designed by Inside Secure. It currently accelerates DES, 3DES and
|
|
|
|
|
AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
|
|
|
|
|
SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
|
|
|
|
|
Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
|
2017-05-24 17:10:34 +03:00
|
|
|
|
2017-08-10 15:53:53 +03:00
|
|
|
config CRYPTO_DEV_ARTPEC6
|
|
|
|
|
tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
|
|
|
|
|
depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
|
|
|
|
|
depends on OF
|
|
|
|
|
select CRYPTO_AEAD
|
|
|
|
|
select CRYPTO_AES
|
|
|
|
|
select CRYPTO_ALGAPI
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2017-08-10 15:53:53 +03:00
|
|
|
select CRYPTO_CTR
|
|
|
|
|
select CRYPTO_HASH
|
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_SHA512
|
|
|
|
|
help
|
|
|
|
|
Enables the driver for the on-chip crypto accelerator
|
|
|
|
|
of Axis ARTPEC SoCs.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here.
|
|
|
|
|
|
2018-01-22 12:27:00 +03:00
|
|
|
config CRYPTO_DEV_CCREE
|
|
|
|
|
tristate "Support for ARM TrustZone CryptoCell family of security processors"
|
|
|
|
|
depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
|
|
|
|
|
default n
|
|
|
|
|
select CRYPTO_HASH
|
2019-10-25 22:41:13 +03:00
|
|
|
select CRYPTO_SKCIPHER
|
2019-08-15 12:01:09 +03:00
|
|
|
select CRYPTO_LIB_DES
|
2018-01-22 12:27:00 +03:00
|
|
|
select CRYPTO_AEAD
|
|
|
|
|
select CRYPTO_AUTHENC
|
|
|
|
|
select CRYPTO_SHA1
|
|
|
|
|
select CRYPTO_MD5
|
|
|
|
|
select CRYPTO_SHA256
|
|
|
|
|
select CRYPTO_SHA512
|
|
|
|
|
select CRYPTO_HMAC
|
|
|
|
|
select CRYPTO_AES
|
|
|
|
|
select CRYPTO_CBC
|
|
|
|
|
select CRYPTO_ECB
|
|
|
|
|
select CRYPTO_CTR
|
|
|
|
|
select CRYPTO_XTS
|
2018-10-29 12:50:14 +03:00
|
|
|
select CRYPTO_SM4
|
2018-10-18 15:59:59 +03:00
|
|
|
select CRYPTO_SM3
|
2018-01-22 12:27:00 +03:00
|
|
|
help
|
2018-02-19 17:51:23 +03:00
|
|
|
Say 'Y' to enable a driver for the REE interface of the Arm
|
|
|
|
|
TrustZone CryptoCell family of processors. Currently the
|
2018-11-13 12:40:35 +03:00
|
|
|
CryptoCell 713, 703, 712, 710 and 630 are supported.
|
2018-01-22 12:27:00 +03:00
|
|
|
Choose this if you wish to use hardware acceleration of
|
|
|
|
|
cryptographic operations on the system REE.
|
|
|
|
|
If unsure say Y.
|
|
|
|
|
|
2018-07-23 18:49:54 +03:00
|
|
|
source "drivers/crypto/hisilicon/Kconfig"
|
|
|
|
|
|
2019-10-17 08:06:25 +03:00
|
|
|
source "drivers/crypto/amlogic/Kconfig"
|
|
|
|
|
|
2020-07-13 11:34:22 +03:00
|
|
|
config CRYPTO_DEV_SA2UL
|
|
|
|
|
tristate "Support for TI security accelerator"
|
|
|
|
|
depends on ARCH_K3 || COMPILE_TEST
|
|
|
|
|
select ARM64_CRYPTO
|
|
|
|
|
select CRYPTO_AES
|
|
|
|
|
select CRYPTO_AES_ARM64
|
|
|
|
|
select CRYPTO_ALGAPI
|
|
|
|
|
select HW_RANDOM
|
|
|
|
|
select SG_SPLIT
|
|
|
|
|
help
|
|
|
|
|
K3 devices include a security accelerator engine that may be
|
|
|
|
|
used for crypto offload. Select this if you want to use hardware
|
|
|
|
|
acceleration for cryptographic algorithms on these devices.
|
|
|
|
|
|
2007-07-16 10:39:36 +04:00
|
|
|
endif # CRYPTO_HW
|
