[linux-block.git] / net / sunrpc / Kconfig

# SPDX-License-Identifier: GPL-2.0-only
config SUNRPC
	tristate
	depends on MULTIUSER

config SUNRPC_GSS
	tristate
	select OID_REGISTRY
	depends on MULTIUSER

config SUNRPC_BACKCHANNEL
	bool
	depends on SUNRPC

config SUNRPC_SWAP
	bool
	depends on SUNRPC

config RPCSEC_GSS_KRB5
	tristate "Secure RPC: Kerberos V mechanism"
	depends on SUNRPC && CRYPTO
	default y
	select SUNRPC_GSS
	select CRYPTO_SKCIPHER
	select CRYPTO_HASH
	help
	  Choose Y here to enable Secure RPC using the Kerberos version 5
	  GSS-API mechanism (RFC 1964).

	  Secure RPC calls with Kerberos require an auxiliary user-space
	  daemon which may be found in the Linux nfs-utils package
	  available from http://linux-nfs.org/.  In addition, user-space
	  Kerberos support should be installed.

	  If unsure, say Y.

config RPCSEC_GSS_KRB5_SIMPLIFIED
	bool
	depends on RPCSEC_GSS_KRB5

config RPCSEC_GSS_KRB5_CRYPTOSYSTEM
	bool
	depends on RPCSEC_GSS_KRB5

config RPCSEC_GSS_KRB5_ENCTYPES_DES
	bool "Enable Kerberos enctypes based on DES (deprecated)"
	depends on RPCSEC_GSS_KRB5
	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB
	depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1
	depends on CRYPTO_DES
	default n
	select RPCSEC_GSS_KRB5_SIMPLIFIED
	help
	  Choose Y to enable the use of deprecated Kerberos 5
	  encryption types that utilize Data Encryption Standard
	  (DES) based ciphers. These include des-cbc-md5,
	  des-cbc-crc, and des-cbc-md4, which were deprecated by
	  RFC 6649, and des3-cbc-sha1, which was deprecated by RFC
	  8429.

	  These encryption types are known to be insecure, therefore
	  the default setting of this option is N. Support for these
	  encryption types is available only for compatibility with
	  legacy NFS client and server implementations.

	  Removal of support is planned for a subsequent kernel
	  release.

config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
	bool "Enable Kerberos enctypes based on AES and SHA-1"
	depends on RPCSEC_GSS_KRB5
	depends on CRYPTO_CBC && CRYPTO_CTS
	depends on CRYPTO_HMAC && CRYPTO_SHA1
	depends on CRYPTO_AES
	default y
	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
	help
	  Choose Y to enable the use of Kerberos 5 encryption types
	  that utilize Advanced Encryption Standard (AES) ciphers and
	  SHA-1 digests. These include aes128-cts-hmac-sha1-96 and
	  aes256-cts-hmac-sha1-96.

config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA
	bool "Enable Kerberos encryption types based on Camellia and CMAC"
	depends on RPCSEC_GSS_KRB5
	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA
	depends on CRYPTO_CMAC
	default n
	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
	help
	  Choose Y to enable the use of Kerberos 5 encryption types
	  that utilize Camellia ciphers (RFC 3713) and CMAC digests
	  (NIST Special Publication 800-38B). These include
	  camellia128-cts-cmac and camellia256-cts-cmac.

config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
	bool "Enable Kerberos enctypes based on AES and SHA-2"
	depends on RPCSEC_GSS_KRB5
	depends on CRYPTO_CBC && CRYPTO_CTS
	depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
	depends on CRYPTO_AES
	default n
	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
	help
	  Choose Y to enable the use of Kerberos 5 encryption types
	  that utilize Advanced Encryption Standard (AES) ciphers and
	  SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
	  aes256-cts-hmac-sha384-192.

config RPCSEC_GSS_KRB5_KUNIT_TEST
	tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS
	depends on RPCSEC_GSS_KRB5 && KUNIT
	default KUNIT_ALL_TESTS
	help
	  This builds the KUnit tests for RPCSEC GSS Kerberos 5.

	  KUnit tests run during boot and output the results to the debug
	  log in TAP format (https://testanything.org/). Only useful for
	  kernel devs running KUnit test harness and are not for inclusion
	  into a production build.

	  For more information on KUnit and unit tests in general, refer
	  to the KUnit documentation in Documentation/dev-tools/kunit/.

config SUNRPC_DEBUG
	bool "RPC: Enable dprintk debugging"
	depends on SUNRPC && SYSCTL
	select DEBUG_FS
	help
	  This option enables a sysctl-based debugging interface
	  that is be used by the 'rpcdebug' utility to turn on or off
	  logging of different aspects of the kernel RPC activity.

	  Disabling this option will make your kernel slightly smaller,
	  but makes troubleshooting NFS issues significantly harder.

	  If unsure, say Y.

config SUNRPC_XPRT_RDMA
	tristate "RPC-over-RDMA transport"
	depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
	default SUNRPC && INFINIBAND
	select SG_POOL
	help
	  This option allows the NFS client and server to use RDMA
	  transports (InfiniBand, iWARP, or RoCE).

	  To compile this support as a module, choose M. The module
	  will be called rpcrdma.ko.

	  If unsure, or you know there is no RDMA capability on your
	  hardware platform, say N.
Commit	Line	Data
ec8f24b7	1	# SPDX-License-Identifier: GPL-2.0-only
9098c24f AD	2	config SUNRPC
9098c24f AD	3	tristate
2813893f	4	depends on MULTIUSER
9098c24f AD	5
	6	config SUNRPC_GSS
	7	tristate
f783288f	8	select OID_REGISTRY
2813893f	9	depends on MULTIUSER
9098c24f	10
9e00abc3 TM	11	config SUNRPC_BACKCHANNEL
	12	bool
	13	depends on SUNRPC
	14
a564b8f0 MG	15	config SUNRPC_SWAP
	16	bool
	17	depends on SUNRPC
a564b8f0	18
9098c24f	19	config RPCSEC_GSS_KRB5
e3b2854f	20	tristate "Secure RPC: Kerberos V mechanism"
df486a25	21	depends on SUNRPC && CRYPTO
df486a25	22	default y
9098c24f	23	select SUNRPC_GSS
dfe9a123 CL	24	select CRYPTO_SKCIPHER
dfe9a123 CL	25	select CRYPTO_HASH
9098c24f AD	26	help
	27	Choose Y here to enable Secure RPC using the Kerberos version 5
	28	GSS-API mechanism (RFC 1964).
	29
	30	Secure RPC calls with Kerberos require an auxiliary user-space
	31	daemon which may be found in the Linux nfs-utils package
	32	available from http://linux-nfs.org/. In addition, user-space
	33	Kerberos support should be installed.
	34
df486a25	35	If unsure, say Y.
e27d359e	36
dfe9a123 CL	37	config RPCSEC_GSS_KRB5_SIMPLIFIED
	38	bool
	39	depends on RPCSEC_GSS_KRB5
	40
	41	config RPCSEC_GSS_KRB5_CRYPTOSYSTEM
	42	bool
	43	depends on RPCSEC_GSS_KRB5
	44
	45	config RPCSEC_GSS_KRB5_ENCTYPES_DES
	46	bool "Enable Kerberos enctypes based on DES (deprecated)"
fe9a2705	47	depends on RPCSEC_GSS_KRB5
dfe9a123 CL	48	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB
	49	depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1
	50	depends on CRYPTO_DES
fe9a2705	51	default n
dfe9a123 CL	52	select RPCSEC_GSS_KRB5_SIMPLIFIED
	53	help
	54	Choose Y to enable the use of deprecated Kerberos 5
	55	encryption types that utilize Data Encryption Standard
	56	(DES) based ciphers. These include des-cbc-md5,
	57	des-cbc-crc, and des-cbc-md4, which were deprecated by
	58	RFC 6649, and des3-cbc-sha1, which was deprecated by RFC
	59	8429.
	60
	61	These encryption types are known to be insecure, therefore
	62	the default setting of this option is N. Support for these
	63	encryption types is available only for compatibility with
	64	legacy NFS client and server implementations.
	65
	66	Removal of support is planned for a subsequent kernel
	67	release.
	68
	69	config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
	70	bool "Enable Kerberos enctypes based on AES and SHA-1"
	71	depends on RPCSEC_GSS_KRB5
	72	depends on CRYPTO_CBC && CRYPTO_CTS
	73	depends on CRYPTO_HMAC && CRYPTO_SHA1
	74	depends on CRYPTO_AES
	75	default y
	76	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
fe9a2705	77	help
dfe9a123 CL	78	Choose Y to enable the use of Kerberos 5 encryption types
	79	that utilize Advanced Encryption Standard (AES) ciphers and
	80	SHA-1 digests. These include aes128-cts-hmac-sha1-96 and
	81	aes256-cts-hmac-sha1-96.
fe9a2705	82
3394682f CL	83	config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA
	84	bool "Enable Kerberos encryption types based on Camellia and CMAC"
	85	depends on RPCSEC_GSS_KRB5
	86	depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_CAMELLIA
	87	depends on CRYPTO_CMAC
	88	default n
	89	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
	90	help
	91	Choose Y to enable the use of Kerberos 5 encryption types
	92	that utilize Camellia ciphers (RFC 3713) and CMAC digests
	93	(NIST Special Publication 800-38B). These include
	94	camellia128-cts-cmac and camellia256-cts-cmac.
	95
a40cf753 CL	96	config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
	97	bool "Enable Kerberos enctypes based on AES and SHA-2"
	98	depends on RPCSEC_GSS_KRB5
	99	depends on CRYPTO_CBC && CRYPTO_CTS
	100	depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
	101	depends on CRYPTO_AES
	102	default n
	103	select RPCSEC_GSS_KRB5_CRYPTOSYSTEM
	104	help
	105	Choose Y to enable the use of Kerberos 5 encryption types
	106	that utilize Advanced Encryption Standard (AES) ciphers and
	107	SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
	108	aes256-cts-hmac-sha384-192.
	109
eebd8c2d CL	110	config RPCSEC_GSS_KRB5_KUNIT_TEST
	111	tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS
	112	depends on RPCSEC_GSS_KRB5 && KUNIT
	113	default KUNIT_ALL_TESTS
	114	help
	115	This builds the KUnit tests for RPCSEC GSS Kerberos 5.
	116
	117	KUnit tests run during boot and output the results to the debug
	118	log in TAP format (https://testanything.org/). Only useful for
	119	kernel devs running KUnit test harness and are not for inclusion
	120	into a production build.
	121
	122	For more information on KUnit and unit tests in general, refer
	123	to the KUnit documentation in Documentation/dev-tools/kunit/.
	124
e27d359e TM	125	config SUNRPC_DEBUG
	126	bool "RPC: Enable dprintk debugging"
	127	depends on SUNRPC && SYSCTL
b4b9d2cc	128	select DEBUG_FS
e27d359e TM	129	help
	130	This option enables a sysctl-based debugging interface
	131	that is be used by the 'rpcdebug' utility to turn on or off
	132	logging of different aspects of the kernel RPC activity.
	133
	134	Disabling this option will make your kernel slightly smaller,
	135	but makes troubleshooting NFS issues significantly harder.
	136
	137	If unsure, say Y.
2e8c12e1	138
ffe1f0df CL	139	config SUNRPC_XPRT_RDMA
ffe1f0df CL	140	tristate "RPC-over-RDMA transport"
533d1dae	141	depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
2e8c12e1	142	default SUNRPC && INFINIBAND
f13193f5	143	select SG_POOL
2e8c12e1	144	help
ffe1f0df CL	145	This option allows the NFS client and server to use RDMA
ffe1f0df CL	146	transports (InfiniBand, iWARP, or RoCE).
2e8c12e1	147
ffe1f0df CL	148	To compile this support as a module, choose M. The module
ffe1f0df CL	149	will be called rpcrdma.ko.
2e8c12e1	150
ffe1f0df CL	151	If unsure, or you know there is no RDMA capability on your
ffe1f0df CL	152	hardware platform, say N.