1 # SPDX-License-Identifier: GPL-2.0-only
4 bool "Hardware crypto devices"
7 Say Y here to get to see options for hardware crypto devices and
8 processors. This option alone does not add any kernel code.
10 If you say N, all options in this submenu will be skipped and disabled.
14 config CRYPTO_DEV_PADLOCK
15 tristate "Support for VIA PadLock ACE"
16 depends on X86 && !UML
18 Some VIA processors come with an integrated crypto engine
19 (so called VIA PadLock ACE, Advanced Cryptography Engine)
20 that provides instructions for very fast cryptographic
21 operations with supported algorithms.
23 The instructions are used only when the CPU supports them.
24 Otherwise software encryption is used.
26 config CRYPTO_DEV_PADLOCK_AES
27 tristate "PadLock driver for AES algorithm"
28 depends on CRYPTO_DEV_PADLOCK
29 select CRYPTO_BLKCIPHER
32 Use VIA PadLock for AES algorithm.
34 Available in VIA C3 and newer CPUs.
36 If unsure say M. The compiled module will be
39 config CRYPTO_DEV_PADLOCK_SHA
40 tristate "PadLock driver for SHA1 and SHA256 algorithms"
41 depends on CRYPTO_DEV_PADLOCK
46 Use VIA PadLock for SHA1/SHA256 algorithms.
48 Available in VIA C7 and newer processors.
50 If unsure say M. The compiled module will be
53 config CRYPTO_DEV_GEODE
54 tristate "Support for the Geode LX AES engine"
55 depends on X86_32 && PCI
57 select CRYPTO_BLKCIPHER
59 Say 'Y' here to use the AMD Geode LX processor on-board AES
60 engine for the CryptoAPI AES algorithm.
62 To compile this driver as a module, choose M here: the module
63 will be called geode-aes.
66 tristate "Support for s390 cryptographic adapters"
70 Select this option if you want to enable support for
71 s390 cryptographic adapters like:
72 + PCI-X Cryptographic Coprocessor (PCIXCC)
73 + Crypto Express 2,3,4 or 5 Coprocessor (CEXxC)
74 + Crypto Express 2,3,4 or 5 Accelerator (CEXxA)
75 + Crypto Express 4 or 5 EP11 Coprocessor (CEXxP)
77 config ZCRYPT_MULTIDEVNODES
78 bool "Support for multiple zcrypt device nodes"
83 With this option enabled the zcrypt device driver can
84 provide multiple devices nodes in /dev. Each device
85 node can get customized to limit access and narrow
86 down the use of the available crypto hardware.
89 tristate "Kernel API for protected key handling"
93 With this option enabled the pkey kernel module provides an API
94 for creation and handling of protected keys. Other parts of the
95 kernel or userspace applications may use these functions.
97 Select this option if you want to enable the kernel and userspace
98 API for proteced key handling.
100 Please note that creation of protected keys from secure keys
101 requires to have at least one CEX card in coprocessor mode
102 available at runtime.
104 config CRYPTO_PAES_S390
105 tristate "PAES cipher algorithms"
110 select CRYPTO_BLKCIPHER
112 This is the s390 hardware accelerated implementation of the
113 AES cipher algorithms for use with protected key.
115 Select this option if you want to use the paes cipher
116 for example to use protected key encrypted devices.
118 config CRYPTO_SHA1_S390
119 tristate "SHA1 digest algorithm"
123 This is the s390 hardware accelerated implementation of the
124 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
126 It is available as of z990.
128 config CRYPTO_SHA256_S390
129 tristate "SHA256 digest algorithm"
133 This is the s390 hardware accelerated implementation of the
134 SHA256 secure hash standard (DFIPS 180-2).
136 It is available as of z9.
138 config CRYPTO_SHA512_S390
139 tristate "SHA384 and SHA512 digest algorithm"
143 This is the s390 hardware accelerated implementation of the
144 SHA512 secure hash standard.
146 It is available as of z10.
148 config CRYPTO_SHA3_256_S390
149 tristate "SHA3_224 and SHA3_256 digest algorithm"
153 This is the s390 hardware accelerated implementation of the
154 SHA3_256 secure hash standard.
156 It is available as of z14.
158 config CRYPTO_SHA3_512_S390
159 tristate "SHA3_384 and SHA3_512 digest algorithm"
163 This is the s390 hardware accelerated implementation of the
164 SHA3_512 secure hash standard.
166 It is available as of z14.
168 config CRYPTO_DES_S390
169 tristate "DES and Triple DES cipher algorithms"
172 select CRYPTO_BLKCIPHER
173 select CRYPTO_LIB_DES
175 This is the s390 hardware accelerated implementation of the
176 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
178 As of z990 the ECB and CBC mode are hardware accelerated.
179 As of z196 the CTR mode is hardware accelerated.
181 config CRYPTO_AES_S390
182 tristate "AES cipher algorithms"
185 select CRYPTO_BLKCIPHER
187 This is the s390 hardware accelerated implementation of the
188 AES cipher algorithms (FIPS-197).
190 As of z9 the ECB and CBC modes are hardware accelerated
192 As of z10 the ECB and CBC modes are hardware accelerated
193 for all AES key sizes.
194 As of z196 the CTR mode is hardware accelerated for all AES
195 key sizes and XTS mode is hardware accelerated for 256 and
199 tristate "Pseudo random number generator device driver"
203 Select this option if you want to use the s390 pseudo random number
204 generator. The PRNG is part of the cryptographic processor functions
205 and uses triple-DES to generate secure random numbers like the
206 ANSI X9.17 standard. User-space programs access the
207 pseudo-random-number device through the char device /dev/prandom.
209 It is available as of z9.
211 config CRYPTO_GHASH_S390
212 tristate "GHASH hash function"
216 This is the s390 hardware accelerated implementation of GHASH,
217 the hash function used in GCM (Galois/Counter mode).
219 It is available as of z196.
221 config CRYPTO_CRC32_S390
222 tristate "CRC-32 algorithms"
227 Select this option if you want to use hardware accelerated
228 implementations of CRC algorithms. With this option, you
229 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
230 and CRC-32C (Castagnoli).
232 It is available with IBM z13 or later.
234 config CRYPTO_DEV_MARVELL_CESA
235 tristate "Marvell's Cryptographic Engine driver"
236 depends on PLAT_ORION || ARCH_MVEBU
237 select CRYPTO_LIB_AES
238 select CRYPTO_LIB_DES
239 select CRYPTO_BLKCIPHER
243 This driver allows you to utilize the Cryptographic Engines and
244 Security Accelerator (CESA) which can be found on MVEBU and ORION
246 This driver supports CPU offload through DMA transfers.
248 config CRYPTO_DEV_NIAGARA2
249 tristate "Niagara2 Stream Processing Unit driver"
250 select CRYPTO_LIB_DES
251 select CRYPTO_BLKCIPHER
258 Each core of a Niagara2 processor contains a Stream
259 Processing Unit, which itself contains several cryptographic
260 sub-units. One set provides the Modular Arithmetic Unit,
261 used for SSL offload. The other set provides the Cipher
262 Group, which can perform encryption, decryption, hashing,
263 checksumming, and raw copies.
265 config CRYPTO_DEV_HIFN_795X
266 tristate "Driver HIFN 795x crypto accelerator chips"
267 select CRYPTO_LIB_DES
268 select CRYPTO_BLKCIPHER
269 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
271 depends on !ARCH_DMA_ADDR_T_64BIT
273 This option allows you to have support for HIFN 795x crypto adapters.
275 config CRYPTO_DEV_HIFN_795X_RNG
276 bool "HIFN 795x random number generator"
277 depends on CRYPTO_DEV_HIFN_795X
279 Select this option if you want to enable the random number generator
280 on the HIFN 795x crypto adapters.
282 source "drivers/crypto/caam/Kconfig"
284 config CRYPTO_DEV_TALITOS
285 tristate "Talitos Freescale Security Engine (SEC)"
287 select CRYPTO_AUTHENC
288 select CRYPTO_BLKCIPHER
290 select CRYPTO_LIB_DES
294 Say 'Y' here to use the Freescale Security Engine (SEC)
295 to offload cryptographic algorithm computation.
297 The Freescale SEC is present on PowerQUICC 'E' processors, such
298 as the MPC8349E and MPC8548E.
300 To compile this driver as a module, choose M here: the module
301 will be called talitos.
303 config CRYPTO_DEV_TALITOS1
304 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
305 depends on CRYPTO_DEV_TALITOS
306 depends on PPC_8xx || PPC_82xx
309 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
310 found on MPC82xx or the Freescale Security Engine (SEC Lite)
311 version 1.2 found on MPC8xx
313 config CRYPTO_DEV_TALITOS2
314 bool "SEC2+ (SEC version 2.0 or upper)"
315 depends on CRYPTO_DEV_TALITOS
316 default y if !PPC_8xx
318 Say 'Y' here to use the Freescale Security Engine (SEC)
319 version 2 and following as found on MPC83xx, MPC85xx, etc ...
321 config CRYPTO_DEV_IXP4XX
322 tristate "Driver for IXP4xx crypto hardware acceleration"
323 depends on ARCH_IXP4XX && IXP4XX_QMGR && IXP4XX_NPE
324 select CRYPTO_LIB_DES
326 select CRYPTO_AUTHENC
327 select CRYPTO_BLKCIPHER
329 Driver for the IXP4xx NPE crypto engine.
331 config CRYPTO_DEV_PPC4XX
332 tristate "Driver AMCC PPC4xx crypto accelerator"
333 depends on PPC && 4xx
337 select CRYPTO_LIB_AES
341 select CRYPTO_BLKCIPHER
343 This option allows you to have support for AMCC crypto acceleration.
345 config HW_RANDOM_PPC4XX
346 bool "PowerPC 4xx generic true random number generator support"
347 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM
350 This option provides the kernel-side support for the TRNG hardware
351 found in the security function of some PowerPC 4xx SoCs.
353 config CRYPTO_DEV_OMAP
354 tristate "Support for OMAP crypto HW accelerators"
355 depends on ARCH_OMAP2PLUS
357 OMAP processors have various crypto HW accelerators. Select this if
358 you want to use the OMAP modules for any of the crypto algorithms.
362 config CRYPTO_DEV_OMAP_SHAM
363 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
364 depends on ARCH_OMAP2PLUS
371 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
372 want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
374 config CRYPTO_DEV_OMAP_AES
375 tristate "Support for OMAP AES hw engine"
376 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
378 select CRYPTO_BLKCIPHER
385 OMAP processors have AES module accelerator. Select this if you
386 want to use the OMAP module for AES algorithms.
388 config CRYPTO_DEV_OMAP_DES
389 tristate "Support for OMAP DES/3DES hw engine"
390 depends on ARCH_OMAP2PLUS
391 select CRYPTO_LIB_DES
392 select CRYPTO_BLKCIPHER
395 OMAP processors have DES/3DES module accelerator. Select this if you
396 want to use the OMAP module for DES and 3DES algorithms. Currently
397 the ECB and CBC modes of operation are supported by the driver. Also
398 accesses made on unaligned boundaries are supported.
400 endif # CRYPTO_DEV_OMAP
402 config CRYPTO_DEV_PICOXCELL
403 tristate "Support for picoXcell IPSEC and Layer2 crypto engines"
404 depends on (ARCH_PICOXCELL || COMPILE_TEST) && HAVE_CLK
407 select CRYPTO_AUTHENC
408 select CRYPTO_BLKCIPHER
409 select CRYPTO_LIB_DES
414 This option enables support for the hardware offload engines in the
415 Picochip picoXcell SoC devices. Select this for IPSEC ESP offload
416 and for 3gpp Layer 2 ciphering support.
418 Saying m here will build a module named picoxcell_crypto.
420 config CRYPTO_DEV_SAHARA
421 tristate "Support for SAHARA crypto accelerator"
422 depends on ARCH_MXC && OF
423 select CRYPTO_BLKCIPHER
427 This option enables support for the SAHARA HW crypto accelerator
428 found in some Freescale i.MX chips.
430 config CRYPTO_DEV_EXYNOS_RNG
431 tristate "EXYNOS HW pseudo random number generator support"
432 depends on ARCH_EXYNOS || COMPILE_TEST
436 This driver provides kernel-side support through the
437 cryptographic API for the pseudo random number generator hardware
438 found on Exynos SoCs.
440 To compile this driver as a module, choose M here: the
441 module will be called exynos-rng.
445 config CRYPTO_DEV_S5P
446 tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
447 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
450 select CRYPTO_BLKCIPHER
452 This option allows you to have support for S5P crypto acceleration.
453 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
454 algorithms execution.
456 config CRYPTO_DEV_EXYNOS_HASH
457 bool "Support for Samsung Exynos HASH accelerator"
458 depends on CRYPTO_DEV_S5P
459 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
464 Select this to offload Exynos from HASH MD5/SHA1/SHA256.
465 This will select software SHA1, MD5 and SHA256 as they are
466 needed for small and zero-size messages.
467 HASH algorithms will be disabled if EXYNOS_RNG
468 is enabled due to hw conflict.
471 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
474 This enables support for the NX hardware cryptographic accelerator
475 coprocessor that is in IBM PowerPC P7+ or later processors. This
476 does not actually enable any drivers, it only allows you to select
477 which acceleration type (encryption and/or compression) to enable.
480 source "drivers/crypto/nx/Kconfig"
483 config CRYPTO_DEV_UX500
484 tristate "Driver for ST-Ericsson UX500 crypto hardware acceleration"
485 depends on ARCH_U8500
487 Driver for ST-Ericsson UX500 crypto engine.
490 source "drivers/crypto/ux500/Kconfig"
491 endif # if CRYPTO_DEV_UX500
493 config CRYPTO_DEV_ATMEL_AUTHENC
494 bool "Support for Atmel IPSEC/SSL hw accelerator"
495 depends on ARCH_AT91 || COMPILE_TEST
496 depends on CRYPTO_DEV_ATMEL_AES
498 Some Atmel processors can combine the AES and SHA hw accelerators
499 to enhance support of IPSEC/SSL.
500 Select this if you want to use the Atmel modules for
501 authenc(hmac(shaX),Y(cbc)) algorithms.
503 config CRYPTO_DEV_ATMEL_AES
504 tristate "Support for Atmel AES hw accelerator"
505 depends on ARCH_AT91 || COMPILE_TEST
508 select CRYPTO_BLKCIPHER
509 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
510 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
512 Some Atmel processors have AES hw accelerator.
513 Select this if you want to use the Atmel module for
516 To compile this driver as a module, choose M here: the module
517 will be called atmel-aes.
519 config CRYPTO_DEV_ATMEL_TDES
520 tristate "Support for Atmel DES/TDES hw accelerator"
521 depends on ARCH_AT91 || COMPILE_TEST
522 select CRYPTO_LIB_DES
523 select CRYPTO_BLKCIPHER
525 Some Atmel processors have DES/TDES hw accelerator.
526 Select this if you want to use the Atmel module for
529 To compile this driver as a module, choose M here: the module
530 will be called atmel-tdes.
532 config CRYPTO_DEV_ATMEL_SHA
533 tristate "Support for Atmel SHA hw accelerator"
534 depends on ARCH_AT91 || COMPILE_TEST
537 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
539 Select this if you want to use the Atmel module for
540 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
542 To compile this driver as a module, choose M here: the module
543 will be called atmel-sha.
545 config CRYPTO_DEV_ATMEL_I2C
549 config CRYPTO_DEV_ATMEL_ECC
550 tristate "Support for Microchip / Atmel ECC hw accelerator"
552 select CRYPTO_DEV_ATMEL_I2C
556 Microhip / Atmel ECC hw accelerator.
557 Select this if you want to use the Microchip / Atmel module for
560 To compile this driver as a module, choose M here: the module
561 will be called atmel-ecc.
563 config CRYPTO_DEV_ATMEL_SHA204A
564 tristate "Support for Microchip / Atmel SHA accelerator and RNG"
566 select CRYPTO_DEV_ATMEL_I2C
570 Microhip / Atmel SHA accelerator and RNG.
571 Select this if you want to use the Microchip / Atmel SHA204A
572 module as a random number generator. (Other functions of the
573 chip are currently not exposed by this driver)
575 To compile this driver as a module, choose M here: the module
576 will be called atmel-sha204a.
578 config CRYPTO_DEV_CCP
579 bool "Support for AMD Secure Processor"
580 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
582 The AMD Secure Processor provides support for the Cryptographic Coprocessor
583 (CCP) and the Platform Security Processor (PSP) devices.
586 source "drivers/crypto/ccp/Kconfig"
589 config CRYPTO_DEV_MXS_DCP
590 tristate "Support for Freescale MXS DCP"
591 depends on (ARCH_MXS || ARCH_MXC)
596 select CRYPTO_BLKCIPHER
599 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
600 co-processor on the die.
602 To compile this driver as a module, choose M here: the module
603 will be called mxs-dcp.
605 source "drivers/crypto/qat/Kconfig"
606 source "drivers/crypto/cavium/cpt/Kconfig"
607 source "drivers/crypto/cavium/nitrox/Kconfig"
609 config CRYPTO_DEV_CAVIUM_ZIP
610 tristate "Cavium ZIP driver"
611 depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
613 Select this option if you want to enable compression/decompression
614 acceleration on Cavium's ARM based SoCs
616 config CRYPTO_DEV_QCE
617 tristate "Qualcomm crypto engine accelerator"
618 depends on ARCH_QCOM || COMPILE_TEST
621 select CRYPTO_LIB_DES
626 select CRYPTO_BLKCIPHER
628 This driver supports Qualcomm crypto engine accelerator
629 hardware. To compile this driver as a module, choose M here. The
630 module will be called qcrypto.
632 config CRYPTO_DEV_QCOM_RNG
633 tristate "Qualcomm Random Number Generator Driver"
634 depends on ARCH_QCOM || COMPILE_TEST
637 This driver provides support for the Random Number
638 Generator hardware found on Qualcomm SoCs.
640 To compile this driver as a module, choose M here. The
641 module will be called qcom-rng. If unsure, say N.
643 config CRYPTO_DEV_VMX
644 bool "Support for VMX cryptographic acceleration instructions"
645 depends on PPC64 && VSX
647 Support for VMX cryptographic acceleration instructions.
649 source "drivers/crypto/vmx/Kconfig"
651 config CRYPTO_DEV_IMGTEC_HASH
652 tristate "Imagination Technologies hardware hash accelerator"
653 depends on MIPS || COMPILE_TEST
659 This driver interfaces with the Imagination Technologies
660 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
663 config CRYPTO_DEV_SUN4I_SS
664 tristate "Support for Allwinner Security System cryptographic accelerator"
665 depends on ARCH_SUNXI && !64BIT
669 select CRYPTO_LIB_DES
670 select CRYPTO_BLKCIPHER
672 Some Allwinner SoC have a crypto accelerator named
673 Security System. Select this if you want to use it.
674 The Security System handle AES/DES/3DES ciphers in CBC mode
675 and SHA1 and MD5 hash algorithms.
677 To compile this driver as a module, choose M here: the module
678 will be called sun4i-ss.
680 config CRYPTO_DEV_SUN4I_SS_PRNG
681 bool "Support for Allwinner Security System PRNG"
682 depends on CRYPTO_DEV_SUN4I_SS
685 Select this option if you want to provide kernel-side support for
686 the Pseudo-Random Number Generator found in the Security System.
688 config CRYPTO_DEV_ROCKCHIP
689 tristate "Rockchip's Cryptographic Engine driver"
690 depends on OF && ARCH_ROCKCHIP
692 select CRYPTO_LIB_DES
697 select CRYPTO_BLKCIPHER
700 This driver interfaces with the hardware crypto accelerator.
701 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
703 config CRYPTO_DEV_MEDIATEK
704 tristate "MediaTek's EIP97 Cryptographic Engine driver"
705 depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST
708 select CRYPTO_BLKCIPHER
715 This driver allows you to utilize the hardware crypto accelerator
716 EIP97 which can be found on the MT7623 MT2701, MT8521p, etc ....
717 Select this if you want to use it for AES/SHA1/SHA2 algorithms.
719 source "drivers/crypto/chelsio/Kconfig"
721 source "drivers/crypto/virtio/Kconfig"
723 config CRYPTO_DEV_BCM_SPU
724 tristate "Broadcom symmetric crypto/hash acceleration support"
725 depends on ARCH_BCM_IPROC
728 select CRYPTO_AUTHENC
729 select CRYPTO_LIB_DES
735 This driver provides support for Broadcom crypto acceleration using the
736 Secure Processing Unit (SPU). The SPU driver registers ablkcipher,
737 ahash, and aead algorithms with the kernel cryptographic API.
739 source "drivers/crypto/stm32/Kconfig"
741 config CRYPTO_DEV_SAFEXCEL
742 tristate "Inside Secure's SafeXcel cryptographic engine driver"
743 depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
744 select CRYPTO_LIB_AES
745 select CRYPTO_AUTHENC
746 select CRYPTO_BLKCIPHER
747 select CRYPTO_LIB_DES
755 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
756 engines designed by Inside Secure. It currently accelerates DES, 3DES and
757 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
758 SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
759 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
761 config CRYPTO_DEV_ARTPEC6
762 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
763 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
768 select CRYPTO_BLKCIPHER
775 Enables the driver for the on-chip crypto accelerator
778 To compile this driver as a module, choose M here.
780 config CRYPTO_DEV_CCREE
781 tristate "Support for ARM TrustZone CryptoCell family of security processors"
782 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
785 select CRYPTO_BLKCIPHER
786 select CRYPTO_LIB_DES
788 select CRYPTO_AUTHENC
802 Say 'Y' to enable a driver for the REE interface of the Arm
803 TrustZone CryptoCell family of processors. Currently the
804 CryptoCell 713, 703, 712, 710 and 630 are supported.
805 Choose this if you wish to use hardware acceleration of
806 cryptographic operations on the system REE.
809 source "drivers/crypto/hisilicon/Kconfig"