summaryrefslogtreecommitdiff
path: root/block/Kconfig
diff options
context:
space:
mode:
authorSatya Tangirala <satyat@google.com>2020-05-14 00:37:20 +0000
committerJens Axboe <axboe@kernel.dk>2020-05-14 09:48:03 -0600
commit488f6682c832e9549d28b30075f00c76328eb1be (patch)
treeda8aeb7ca2c295811a9b3cc209470064cec5fe75 /block/Kconfig
parentd145dc23030bbf2de3a8ca5e0c29c2e568f69737 (diff)
block: blk-crypto-fallback for Inline Encryption
Blk-crypto delegates crypto operations to inline encryption hardware when available. The separately configurable blk-crypto-fallback contains a software fallback to the kernel crypto API - when enabled, blk-crypto will use this fallback for en/decryption when inline encryption hardware is not available. This lets upper layers not have to worry about whether or not the underlying device has support for inline encryption before deciding to specify an encryption context for a bio. It also allows for testing without actual inline encryption hardware - in particular, it makes it possible to test the inline encryption code in ext4 and f2fs simply by running xfstests with the inlinecrypt mount option, which in turn allows for things like the regular upstream regression testing of ext4 to cover the inline encryption code paths. For more details, refer to Documentation/block/inline-encryption.rst. Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'block/Kconfig')
-rw-r--r--block/Kconfig10
1 files changed, 10 insertions, 0 deletions
diff --git a/block/Kconfig b/block/Kconfig
index f8870c316a03..9382a4acefc3 100644
--- a/block/Kconfig
+++ b/block/Kconfig
@@ -193,6 +193,16 @@ config BLK_INLINE_ENCRYPTION
block layer handle encryption, so users can take
advantage of inline encryption hardware if present.
+config BLK_INLINE_ENCRYPTION_FALLBACK
+ bool "Enable crypto API fallback for blk-crypto"
+ depends on BLK_INLINE_ENCRYPTION
+ select CRYPTO
+ select CRYPTO_SKCIPHER
+ help
+ Enabling this lets the block layer handle inline encryption
+ by falling back to the kernel crypto API when inline
+ encryption hardware is not present.
+
menu "Partition Types"
source "block/partitions/Kconfig"