diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-06-20 21:15:05 +0300 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2019-06-27 20:29:33 +0300 |
| commit | adbd9b4dee70c36eaa30ce93ffcd968533044efc (patch) | |
| tree | b8b36e39ba4b6cd44fc490efe373f17190cc9caf /fs/crypto/Kconfig | |
| parent | 0bb06cac060dd033153277a0d9dab9fd8aa455a2 (diff) | |
| download | linux-adbd9b4dee70c36eaa30ce93ffcd968533044efc.tar.xz | |
fscrypt: remove selection of CONFIG_CRYPTO_SHA256
fscrypt only uses SHA-256 for AES-128-CBC-ESSIV, which isn't the default
and is only recommended on platforms that have hardware accelerated
AES-CBC but not AES-XTS. There's no link-time dependency, since SHA-256
is requested via the crypto API on first use.
To reduce bloat, we should limit FS_ENCRYPTION to selecting the default
algorithms only. SHA-256 by itself isn't that much bloat, but it's
being discussed to move ESSIV into a crypto API template, which would
incidentally bring in other things like "authenc" support, which would
all end up being built-in since FS_ENCRYPTION is now a bool.
For Adiantum encryption we already just document that users who want to
use it have to enable CONFIG_CRYPTO_ADIANTUM themselves. So, let's do
the same for AES-128-CBC-ESSIV and CONFIG_CRYPTO_SHA256.
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Diffstat (limited to 'fs/crypto/Kconfig')
| -rw-r--r-- | fs/crypto/Kconfig | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig index 24ed99e2eca0..5fdf24877c17 100644 --- a/fs/crypto/Kconfig +++ b/fs/crypto/Kconfig @@ -7,7 +7,6 @@ config FS_ENCRYPTION select CRYPTO_ECB select CRYPTO_XTS select CRYPTO_CTS - select CRYPTO_SHA256 select KEYS help Enable encryption of files and directories. This |