1 # SPDX-License-Identifier: GPL-2.0-only
4 bool "Hardware crypto devices"
7 Say Y here to get to see options for hardware crypto devices and
8 processors. This option alone does not add any kernel code.
10 If you say N, all options in this submenu will be skipped and disabled.
14 source "drivers/crypto/allwinner/Kconfig"
16 config CRYPTO_DEV_PADLOCK
17 tristate "Support for VIA PadLock ACE"
18 depends on X86 && !UML
20 Some VIA processors come with an integrated crypto engine
21 (so called VIA PadLock ACE, Advanced Cryptography Engine)
22 that provides instructions for very fast cryptographic
23 operations with supported algorithms.
25 The instructions are used only when the CPU supports them.
26 Otherwise software encryption is used.
28 config CRYPTO_DEV_PADLOCK_AES
29 tristate "PadLock driver for AES algorithm"
30 depends on CRYPTO_DEV_PADLOCK
31 select CRYPTO_SKCIPHER
34 Use VIA PadLock for AES algorithm.
36 Available in VIA C3 and newer CPUs.
38 If unsure say M. The compiled module will be
41 config CRYPTO_DEV_PADLOCK_SHA
42 tristate "PadLock driver for SHA1 and SHA256 algorithms"
43 depends on CRYPTO_DEV_PADLOCK
48 Use VIA PadLock for SHA1/SHA256 algorithms.
50 Available in VIA C7 and newer processors.
52 If unsure say M. The compiled module will be
55 config CRYPTO_DEV_GEODE
56 tristate "Support for the Geode LX AES engine"
57 depends on X86_32 && PCI
59 select CRYPTO_SKCIPHER
61 Say 'Y' here to use the AMD Geode LX processor on-board AES
62 engine for the CryptoAPI AES algorithm.
64 To compile this driver as a module, choose M here: the module
65 will be called geode-aes.
68 tristate "Support for s390 cryptographic adapters"
72 Select this option if you want to enable support for
73 s390 cryptographic adapters like Crypto Express 4 up
74 to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP)
75 or Accelerator (CEXxA) mode.
78 bool "Enable debug features for s390 cryptographic adapters"
80 depends on DEBUG_KERNEL
83 Say 'Y' here to enable some additional debug features on the
84 s390 cryptographic adapters driver.
86 There will be some more sysfs attributes displayed for ap cards
87 and queues and some flags on crypto requests are interpreted as
88 debugging messages to force error injection.
90 Do not enable on production level kernel build.
95 tristate "Kernel API for protected key handling"
99 With this option enabled the pkey kernel module provides an API
100 for creation and handling of protected keys. Other parts of the
101 kernel or userspace applications may use these functions.
103 Select this option if you want to enable the kernel and userspace
104 API for proteced key handling.
106 Please note that creation of protected keys from secure keys
107 requires to have at least one CEX card in coprocessor mode
108 available at runtime.
110 config CRYPTO_PAES_S390
111 tristate "PAES cipher algorithms"
116 select CRYPTO_SKCIPHER
118 This is the s390 hardware accelerated implementation of the
119 AES cipher algorithms for use with protected key.
121 Select this option if you want to use the paes cipher
122 for example to use protected key encrypted devices.
125 tristate "Pseudo random number generator device driver"
129 Select this option if you want to use the s390 pseudo random number
130 generator. The PRNG is part of the cryptographic processor functions
131 and uses triple-DES to generate secure random numbers like the
132 ANSI X9.17 standard. User-space programs access the
133 pseudo-random-number device through the char device /dev/prandom.
135 It is available as of z9.
137 config CRYPTO_DEV_NIAGARA2
138 tristate "Niagara2 Stream Processing Unit driver"
139 select CRYPTO_LIB_DES
140 select CRYPTO_SKCIPHER
147 Each core of a Niagara2 processor contains a Stream
148 Processing Unit, which itself contains several cryptographic
149 sub-units. One set provides the Modular Arithmetic Unit,
150 used for SSL offload. The other set provides the Cipher
151 Group, which can perform encryption, decryption, hashing,
152 checksumming, and raw copies.
154 config CRYPTO_DEV_SL3516
155 tristate "Storlink SL3516 crypto offloader"
156 depends on ARCH_GEMINI || COMPILE_TEST
157 depends on HAS_IOMEM && PM
158 select CRYPTO_SKCIPHER
164 This option allows you to have support for SL3516 crypto offloader.
166 config CRYPTO_DEV_SL3516_DEBUG
167 bool "Enable SL3516 stats"
168 depends on CRYPTO_DEV_SL3516
171 Say y to enable SL3516 debug stats.
172 This will create /sys/kernel/debug/sl3516/stats for displaying
173 the number of requests per algorithm and other internal stats.
175 config CRYPTO_DEV_HIFN_795X
176 tristate "Driver HIFN 795x crypto accelerator chips"
177 select CRYPTO_LIB_DES
178 select CRYPTO_SKCIPHER
179 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
181 depends on !ARCH_DMA_ADDR_T_64BIT
183 This option allows you to have support for HIFN 795x crypto adapters.
185 config CRYPTO_DEV_HIFN_795X_RNG
186 bool "HIFN 795x random number generator"
187 depends on CRYPTO_DEV_HIFN_795X
189 Select this option if you want to enable the random number generator
190 on the HIFN 795x crypto adapters.
192 source "drivers/crypto/caam/Kconfig"
194 config CRYPTO_DEV_TALITOS
195 tristate "Talitos Freescale Security Engine (SEC)"
197 select CRYPTO_AUTHENC
198 select CRYPTO_SKCIPHER
200 select CRYPTO_LIB_DES
204 Say 'Y' here to use the Freescale Security Engine (SEC)
205 to offload cryptographic algorithm computation.
207 The Freescale SEC is present on PowerQUICC 'E' processors, such
208 as the MPC8349E and MPC8548E.
210 To compile this driver as a module, choose M here: the module
211 will be called talitos.
213 config CRYPTO_DEV_TALITOS1
214 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
215 depends on CRYPTO_DEV_TALITOS
216 depends on PPC_8xx || PPC_82xx
219 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
220 found on MPC82xx or the Freescale Security Engine (SEC Lite)
221 version 1.2 found on MPC8xx
223 config CRYPTO_DEV_TALITOS2
224 bool "SEC2+ (SEC version 2.0 or upper)"
225 depends on CRYPTO_DEV_TALITOS
226 default y if !PPC_8xx
228 Say 'Y' here to use the Freescale Security Engine (SEC)
229 version 2 and following as found on MPC83xx, MPC85xx, etc ...
231 config CRYPTO_DEV_PPC4XX
232 tristate "Driver AMCC PPC4xx crypto accelerator"
233 depends on PPC && 4xx
237 select CRYPTO_LIB_AES
241 select CRYPTO_SKCIPHER
243 This option allows you to have support for AMCC crypto acceleration.
245 config HW_RANDOM_PPC4XX
246 bool "PowerPC 4xx generic true random number generator support"
247 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y
250 This option provides the kernel-side support for the TRNG hardware
251 found in the security function of some PowerPC 4xx SoCs.
253 config CRYPTO_DEV_OMAP
254 tristate "Support for OMAP crypto HW accelerators"
255 depends on ARCH_OMAP2PLUS
257 OMAP processors have various crypto HW accelerators. Select this if
258 you want to use the OMAP modules for any of the crypto algorithms.
262 config CRYPTO_DEV_OMAP_SHAM
263 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
264 depends on ARCH_OMAP2PLUS
272 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
273 want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
275 config CRYPTO_DEV_OMAP_AES
276 tristate "Support for OMAP AES hw engine"
277 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
279 select CRYPTO_SKCIPHER
286 OMAP processors have AES module accelerator. Select this if you
287 want to use the OMAP module for AES algorithms.
289 config CRYPTO_DEV_OMAP_DES
290 tristate "Support for OMAP DES/3DES hw engine"
291 depends on ARCH_OMAP2PLUS
292 select CRYPTO_LIB_DES
293 select CRYPTO_SKCIPHER
296 OMAP processors have DES/3DES module accelerator. Select this if you
297 want to use the OMAP module for DES and 3DES algorithms. Currently
298 the ECB and CBC modes of operation are supported by the driver. Also
299 accesses made on unaligned boundaries are supported.
301 endif # CRYPTO_DEV_OMAP
303 config CRYPTO_DEV_SAHARA
304 tristate "Support for SAHARA crypto accelerator"
305 depends on ARCH_MXC && OF
306 select CRYPTO_SKCIPHER
311 This option enables support for the SAHARA HW crypto accelerator
312 found in some Freescale i.MX chips.
314 config CRYPTO_DEV_EXYNOS_RNG
315 tristate "Exynos HW pseudo random number generator support"
316 depends on ARCH_EXYNOS || COMPILE_TEST
320 This driver provides kernel-side support through the
321 cryptographic API for the pseudo random number generator hardware
322 found on Exynos SoCs.
324 To compile this driver as a module, choose M here: the
325 module will be called exynos-rng.
329 config CRYPTO_DEV_S5P
330 tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
331 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
334 select CRYPTO_SKCIPHER
336 This option allows you to have support for S5P crypto acceleration.
337 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
338 algorithms execution.
340 config CRYPTO_DEV_EXYNOS_HASH
341 bool "Support for Samsung Exynos HASH accelerator"
342 depends on CRYPTO_DEV_S5P
343 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
348 Select this to offload Exynos from HASH MD5/SHA1/SHA256.
349 This will select software SHA1, MD5 and SHA256 as they are
350 needed for small and zero-size messages.
351 HASH algorithms will be disabled if EXYNOS_RNG
352 is enabled due to hw conflict.
355 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
358 This enables support for the NX hardware cryptographic accelerator
359 coprocessor that is in IBM PowerPC P7+ or later processors. This
360 does not actually enable any drivers, it only allows you to select
361 which acceleration type (encryption and/or compression) to enable.
364 source "drivers/crypto/nx/Kconfig"
367 config CRYPTO_DEV_ATMEL_AUTHENC
368 bool "Support for Atmel IPSEC/SSL hw accelerator"
369 depends on ARCH_AT91 || COMPILE_TEST
370 depends on CRYPTO_DEV_ATMEL_AES
372 Some Atmel processors can combine the AES and SHA hw accelerators
373 to enhance support of IPSEC/SSL.
374 Select this if you want to use the Atmel modules for
375 authenc(hmac(shaX),Y(cbc)) algorithms.
377 config CRYPTO_DEV_ATMEL_AES
378 tristate "Support for Atmel AES hw accelerator"
379 depends on ARCH_AT91 || COMPILE_TEST
382 select CRYPTO_SKCIPHER
383 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
384 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
386 Some Atmel processors have AES hw accelerator.
387 Select this if you want to use the Atmel module for
390 To compile this driver as a module, choose M here: the module
391 will be called atmel-aes.
393 config CRYPTO_DEV_ATMEL_TDES
394 tristate "Support for Atmel DES/TDES hw accelerator"
395 depends on ARCH_AT91 || COMPILE_TEST
396 select CRYPTO_LIB_DES
397 select CRYPTO_SKCIPHER
399 Some Atmel processors have DES/TDES hw accelerator.
400 Select this if you want to use the Atmel module for
403 To compile this driver as a module, choose M here: the module
404 will be called atmel-tdes.
406 config CRYPTO_DEV_ATMEL_SHA
407 tristate "Support for Atmel SHA hw accelerator"
408 depends on ARCH_AT91 || COMPILE_TEST
411 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
413 Select this if you want to use the Atmel module for
414 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
416 To compile this driver as a module, choose M here: the module
417 will be called atmel-sha.
419 config CRYPTO_DEV_ATMEL_I2C
423 config CRYPTO_DEV_ATMEL_ECC
424 tristate "Support for Microchip / Atmel ECC hw accelerator"
426 select CRYPTO_DEV_ATMEL_I2C
430 Microhip / Atmel ECC hw accelerator.
431 Select this if you want to use the Microchip / Atmel module for
434 To compile this driver as a module, choose M here: the module
435 will be called atmel-ecc.
437 config CRYPTO_DEV_ATMEL_SHA204A
438 tristate "Support for Microchip / Atmel SHA accelerator and RNG"
440 select CRYPTO_DEV_ATMEL_I2C
444 Microhip / Atmel SHA accelerator and RNG.
445 Select this if you want to use the Microchip / Atmel SHA204A
446 module as a random number generator. (Other functions of the
447 chip are currently not exposed by this driver)
449 To compile this driver as a module, choose M here: the module
450 will be called atmel-sha204a.
452 config CRYPTO_DEV_CCP
453 bool "Support for AMD Secure Processor"
454 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
456 The AMD Secure Processor provides support for the Cryptographic Coprocessor
457 (CCP) and the Platform Security Processor (PSP) devices.
460 source "drivers/crypto/ccp/Kconfig"
463 config CRYPTO_DEV_MXS_DCP
464 tristate "Support for Freescale MXS DCP"
465 depends on (ARCH_MXS || ARCH_MXC)
470 select CRYPTO_SKCIPHER
473 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
474 co-processor on the die.
476 To compile this driver as a module, choose M here: the module
477 will be called mxs-dcp.
479 source "drivers/crypto/cavium/cpt/Kconfig"
480 source "drivers/crypto/cavium/nitrox/Kconfig"
481 source "drivers/crypto/marvell/Kconfig"
482 source "drivers/crypto/intel/Kconfig"
484 config CRYPTO_DEV_CAVIUM_ZIP
485 tristate "Cavium ZIP driver"
486 depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
488 Select this option if you want to enable compression/decompression
489 acceleration on Cavium's ARM based SoCs
491 config CRYPTO_DEV_QCE
492 tristate "Qualcomm crypto engine accelerator"
493 depends on ARCH_QCOM || COMPILE_TEST
496 This driver supports Qualcomm crypto engine accelerator
497 hardware. To compile this driver as a module, choose M here. The
498 module will be called qcrypto.
500 config CRYPTO_DEV_QCE_SKCIPHER
502 depends on CRYPTO_DEV_QCE
504 select CRYPTO_LIB_DES
509 select CRYPTO_SKCIPHER
511 config CRYPTO_DEV_QCE_SHA
513 depends on CRYPTO_DEV_QCE
517 config CRYPTO_DEV_QCE_AEAD
519 depends on CRYPTO_DEV_QCE
520 select CRYPTO_AUTHENC
521 select CRYPTO_LIB_DES
524 prompt "Algorithms enabled for QCE acceleration"
525 default CRYPTO_DEV_QCE_ENABLE_ALL
526 depends on CRYPTO_DEV_QCE
528 This option allows to choose whether to build support for all algorithms
529 (default), hashes-only, or skciphers-only.
531 The QCE engine does not appear to scale as well as the CPU to handle
532 multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the
533 QCE handles only 2 requests in parallel.
535 Ipsec throughput seems to improve when disabling either family of
536 algorithms, sharing the load with the CPU. Enabling skciphers-only
537 appears to work best.
539 config CRYPTO_DEV_QCE_ENABLE_ALL
540 bool "All supported algorithms"
541 select CRYPTO_DEV_QCE_SKCIPHER
542 select CRYPTO_DEV_QCE_SHA
543 select CRYPTO_DEV_QCE_AEAD
545 Enable all supported algorithms:
546 - AES (CBC, CTR, ECB, XTS)
550 - SHA256, HMAC-SHA256
552 config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
553 bool "Symmetric-key ciphers only"
554 select CRYPTO_DEV_QCE_SKCIPHER
556 Enable symmetric-key ciphers only:
557 - AES (CBC, CTR, ECB, XTS)
561 config CRYPTO_DEV_QCE_ENABLE_SHA
562 bool "Hash/HMAC only"
563 select CRYPTO_DEV_QCE_SHA
565 Enable hashes/HMAC algorithms only:
567 - SHA256, HMAC-SHA256
569 config CRYPTO_DEV_QCE_ENABLE_AEAD
570 bool "AEAD algorithms only"
571 select CRYPTO_DEV_QCE_AEAD
573 Enable AEAD algorithms only:
579 config CRYPTO_DEV_QCE_SW_MAX_LEN
580 int "Default maximum request size to use software for AES"
581 depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
584 This sets the default maximum request size to perform AES requests
585 using software instead of the crypto engine. It can be changed by
586 setting the aes_sw_max_len parameter.
588 Small blocks are processed faster in software than hardware.
589 Considering the 256-bit ciphers, software is 2-3 times faster than
590 qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
591 With 128-bit keys, the break-even point would be around 1024-bytes.
593 The default is set a little lower, to 512 bytes, to balance the
594 cost in CPU usage. The minimum recommended setting is 16-bytes
595 (1 AES block), since AES-GCM will fail if you set it lower.
596 Setting this to zero will send all requests to the hardware.
598 Note that 192-bit keys are not supported by the hardware and are
599 always processed by the software fallback, and all DES requests
600 are done by the hardware.
602 config CRYPTO_DEV_QCOM_RNG
603 tristate "Qualcomm Random Number Generator Driver"
604 depends on ARCH_QCOM || COMPILE_TEST
608 This driver provides support for the Random Number
609 Generator hardware found on Qualcomm SoCs.
611 To compile this driver as a module, choose M here. The
612 module will be called qcom-rng. If unsure, say N.
614 config CRYPTO_DEV_VMX
615 bool "Support for VMX cryptographic acceleration instructions"
616 depends on PPC64 && VSX
618 Support for VMX cryptographic acceleration instructions.
620 source "drivers/crypto/vmx/Kconfig"
622 config CRYPTO_DEV_IMGTEC_HASH
623 tristate "Imagination Technologies hardware hash accelerator"
624 depends on MIPS || COMPILE_TEST
630 This driver interfaces with the Imagination Technologies
631 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
634 config CRYPTO_DEV_ROCKCHIP
635 tristate "Rockchip's Cryptographic Engine driver"
636 depends on OF && ARCH_ROCKCHIP
643 select CRYPTO_LIB_DES
648 select CRYPTO_SKCIPHER
651 This driver interfaces with the hardware crypto accelerator.
652 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
654 config CRYPTO_DEV_ROCKCHIP_DEBUG
655 bool "Enable Rockchip crypto stats"
656 depends on CRYPTO_DEV_ROCKCHIP
659 Say y to enable Rockchip crypto debug stats.
660 This will create /sys/kernel/debug/rk3288_crypto/stats for displaying
661 the number of requests per algorithm and other internal stats.
664 config CRYPTO_DEV_ZYNQMP_AES
665 tristate "Support for Xilinx ZynqMP AES hw accelerator"
666 depends on ZYNQMP_FIRMWARE || COMPILE_TEST
671 Xilinx ZynqMP has AES-GCM engine used for symmetric key
672 encryption and decryption. This driver interfaces with AES hw
673 accelerator. Select this if you want to use the ZynqMP module
676 config CRYPTO_DEV_ZYNQMP_SHA3
677 tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator"
678 depends on ZYNQMP_FIRMWARE || COMPILE_TEST
681 Xilinx ZynqMP has SHA3 engine used for secure hash calculation.
682 This driver interfaces with SHA3 hardware engine.
683 Select this if you want to use the ZynqMP module
684 for SHA3 hash computation.
686 source "drivers/crypto/chelsio/Kconfig"
688 source "drivers/crypto/virtio/Kconfig"
690 config CRYPTO_DEV_BCM_SPU
691 tristate "Broadcom symmetric crypto/hash acceleration support"
692 depends on ARCH_BCM_IPROC
695 select CRYPTO_AUTHENC
696 select CRYPTO_LIB_DES
702 This driver provides support for Broadcom crypto acceleration using the
703 Secure Processing Unit (SPU). The SPU driver registers skcipher,
704 ahash, and aead algorithms with the kernel cryptographic API.
706 source "drivers/crypto/stm32/Kconfig"
708 config CRYPTO_DEV_SAFEXCEL
709 tristate "Inside Secure's SafeXcel cryptographic engine driver"
710 depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
711 select CRYPTO_LIB_AES
712 select CRYPTO_AUTHENC
713 select CRYPTO_SKCIPHER
714 select CRYPTO_LIB_DES
721 select CRYPTO_CHACHA20POLY1305
724 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
725 engines designed by Inside Secure. It currently accelerates DES, 3DES and
726 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
727 SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
728 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
730 config CRYPTO_DEV_ARTPEC6
731 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
732 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
737 select CRYPTO_SKCIPHER
744 Enables the driver for the on-chip crypto accelerator
747 To compile this driver as a module, choose M here.
749 config CRYPTO_DEV_CCREE
750 tristate "Support for ARM TrustZone CryptoCell family of security processors"
751 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
754 select CRYPTO_SKCIPHER
755 select CRYPTO_LIB_DES
757 select CRYPTO_AUTHENC
768 select CRYPTO_SM4_GENERIC
769 select CRYPTO_SM3_GENERIC
771 Say 'Y' to enable a driver for the REE interface of the Arm
772 TrustZone CryptoCell family of processors. Currently the
773 CryptoCell 713, 703, 712, 710 and 630 are supported.
774 Choose this if you wish to use hardware acceleration of
775 cryptographic operations on the system REE.
778 source "drivers/crypto/hisilicon/Kconfig"
780 source "drivers/crypto/amlogic/Kconfig"
782 config CRYPTO_DEV_SA2UL
783 tristate "Support for TI security accelerator"
784 depends on ARCH_K3 || COMPILE_TEST
787 select CRYPTO_AUTHENC
795 K3 devices include a security accelerator engine that may be
796 used for crypto offload. Select this if you want to use hardware
797 acceleration for cryptographic algorithms on these devices.
799 source "drivers/crypto/aspeed/Kconfig"
800 source "drivers/crypto/starfive/Kconfig"