Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
9098c24f AD |
2 | config SUNRPC |
3 | tristate | |
2813893f | 4 | depends on MULTIUSER |
9098c24f AD |
5 | |
6 | config SUNRPC_GSS | |
7 | tristate | |
f783288f | 8 | select OID_REGISTRY |
2813893f | 9 | depends on MULTIUSER |
9098c24f | 10 | |
9e00abc3 TM |
11 | config SUNRPC_BACKCHANNEL |
12 | bool | |
13 | depends on SUNRPC | |
14 | ||
a564b8f0 MG |
15 | config SUNRPC_SWAP |
16 | bool | |
17 | depends on SUNRPC | |
a564b8f0 | 18 | |
9098c24f | 19 | config RPCSEC_GSS_KRB5 |
e3b2854f | 20 | tristate "Secure RPC: Kerberos V mechanism" |
df486a25 | 21 | depends on SUNRPC && CRYPTO |
df486a25 | 22 | default y |
9098c24f | 23 | select SUNRPC_GSS |
dfe9a123 CL |
24 | select CRYPTO_SKCIPHER |
25 | select CRYPTO_HASH | |
9098c24f AD |
26 | help |
27 | Choose Y here to enable Secure RPC using the Kerberos version 5 | |
28 | GSS-API mechanism (RFC 1964). | |
29 | ||
30 | Secure RPC calls with Kerberos require an auxiliary user-space | |
31 | daemon which may be found in the Linux nfs-utils package | |
32 | available from http://linux-nfs.org/. In addition, user-space | |
33 | Kerberos support should be installed. | |
34 | ||
df486a25 | 35 | If unsure, say Y. |
e27d359e | 36 | |
dfe9a123 CL |
37 | config RPCSEC_GSS_KRB5_SIMPLIFIED |
38 | bool | |
39 | depends on RPCSEC_GSS_KRB5 | |
40 | ||
41 | config RPCSEC_GSS_KRB5_CRYPTOSYSTEM | |
42 | bool | |
43 | depends on RPCSEC_GSS_KRB5 | |
44 | ||
45 | config RPCSEC_GSS_KRB5_ENCTYPES_DES | |
46 | bool "Enable Kerberos enctypes based on DES (deprecated)" | |
fe9a2705 | 47 | depends on RPCSEC_GSS_KRB5 |
dfe9a123 CL |
48 | depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB |
49 | depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1 | |
50 | depends on CRYPTO_DES | |
fe9a2705 | 51 | default n |
dfe9a123 CL |
52 | select RPCSEC_GSS_KRB5_SIMPLIFIED |
53 | help | |
54 | Choose Y to enable the use of deprecated Kerberos 5 | |
55 | encryption types that utilize Data Encryption Standard | |
56 | (DES) based ciphers. These include des-cbc-md5, | |
57 | des-cbc-crc, and des-cbc-md4, which were deprecated by | |
58 | RFC 6649, and des3-cbc-sha1, which was deprecated by RFC | |
59 | 8429. | |
60 | ||
61 | These encryption types are known to be insecure, therefore | |
62 | the default setting of this option is N. Support for these | |
63 | encryption types is available only for compatibility with | |
64 | legacy NFS client and server implementations. | |
65 | ||
66 | Removal of support is planned for a subsequent kernel | |
67 | release. | |
68 | ||
69 | config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1 | |
70 | bool "Enable Kerberos enctypes based on AES and SHA-1" | |
71 | depends on RPCSEC_GSS_KRB5 | |
72 | depends on CRYPTO_CBC && CRYPTO_CTS | |
73 | depends on CRYPTO_HMAC && CRYPTO_SHA1 | |
74 | depends on CRYPTO_AES | |
75 | default y | |
76 | select RPCSEC_GSS_KRB5_CRYPTOSYSTEM | |
fe9a2705 | 77 | help |
dfe9a123 CL |
78 | Choose Y to enable the use of Kerberos 5 encryption types |
79 | that utilize Advanced Encryption Standard (AES) ciphers and | |
80 | SHA-1 digests. These include aes128-cts-hmac-sha1-96 and | |
81 | aes256-cts-hmac-sha1-96. | |
fe9a2705 | 82 | |
3394682f CL |
83 | config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA |
84 | bool "Enable Kerberos encryption types based on Camellia and CMAC" | |
85 | depends on RPCSEC_GSS_KRB5 | |
86 | depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA | |
87 | depends on CRYPTO_CMAC | |
88 | default n | |
89 | select RPCSEC_GSS_KRB5_CRYPTOSYSTEM | |
90 | help | |
91 | Choose Y to enable the use of Kerberos 5 encryption types | |
92 | that utilize Camellia ciphers (RFC 3713) and CMAC digests | |
93 | (NIST Special Publication 800-38B). These include | |
94 | camellia128-cts-cmac and camellia256-cts-cmac. | |
95 | ||
a40cf753 CL |
96 | config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 |
97 | bool "Enable Kerberos enctypes based on AES and SHA-2" | |
98 | depends on RPCSEC_GSS_KRB5 | |
99 | depends on CRYPTO_CBC && CRYPTO_CTS | |
100 | depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512 | |
101 | depends on CRYPTO_AES | |
102 | default n | |
103 | select RPCSEC_GSS_KRB5_CRYPTOSYSTEM | |
104 | help | |
105 | Choose Y to enable the use of Kerberos 5 encryption types | |
106 | that utilize Advanced Encryption Standard (AES) ciphers and | |
107 | SHA-2 digests. These include aes128-cts-hmac-sha256-128 and | |
108 | aes256-cts-hmac-sha384-192. | |
109 | ||
eebd8c2d CL |
110 | config RPCSEC_GSS_KRB5_KUNIT_TEST |
111 | tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS | |
112 | depends on RPCSEC_GSS_KRB5 && KUNIT | |
113 | default KUNIT_ALL_TESTS | |
114 | help | |
115 | This builds the KUnit tests for RPCSEC GSS Kerberos 5. | |
116 | ||
117 | KUnit tests run during boot and output the results to the debug | |
118 | log in TAP format (https://testanything.org/). Only useful for | |
119 | kernel devs running KUnit test harness and are not for inclusion | |
120 | into a production build. | |
121 | ||
122 | For more information on KUnit and unit tests in general, refer | |
123 | to the KUnit documentation in Documentation/dev-tools/kunit/. | |
124 | ||
e27d359e TM |
125 | config SUNRPC_DEBUG |
126 | bool "RPC: Enable dprintk debugging" | |
127 | depends on SUNRPC && SYSCTL | |
b4b9d2cc | 128 | select DEBUG_FS |
e27d359e TM |
129 | help |
130 | This option enables a sysctl-based debugging interface | |
131 | that is be used by the 'rpcdebug' utility to turn on or off | |
132 | logging of different aspects of the kernel RPC activity. | |
133 | ||
134 | Disabling this option will make your kernel slightly smaller, | |
135 | but makes troubleshooting NFS issues significantly harder. | |
136 | ||
137 | If unsure, say Y. | |
2e8c12e1 | 138 | |
ffe1f0df CL |
139 | config SUNRPC_XPRT_RDMA |
140 | tristate "RPC-over-RDMA transport" | |
533d1dae | 141 | depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS |
2e8c12e1 | 142 | default SUNRPC && INFINIBAND |
f13193f5 | 143 | select SG_POOL |
2e8c12e1 | 144 | help |
ffe1f0df CL |
145 | This option allows the NFS client and server to use RDMA |
146 | transports (InfiniBand, iWARP, or RoCE). | |
2e8c12e1 | 147 | |
ffe1f0df CL |
148 | To compile this support as a module, choose M. The module |
149 | will be called rpcrdma.ko. | |
2e8c12e1 | 150 | |
ffe1f0df CL |
151 | If unsure, or you know there is no RDMA capability on your |
152 | hardware platform, say N. |