1 # SPDX-License-Identifier: GPL-2.0-only
4 bool "Hardware crypto devices"
7 Say Y here to get to see options for hardware crypto devices and
8 processors. This option alone does not add any kernel code.
10 If you say N, all options in this submenu will be skipped and disabled.
14 source "drivers/crypto/allwinner/Kconfig"
16 config CRYPTO_DEV_PADLOCK
17 tristate "Support for VIA PadLock ACE"
18 depends on X86 && !UML
20 Some VIA processors come with an integrated crypto engine
21 (so called VIA PadLock ACE, Advanced Cryptography Engine)
22 that provides instructions for very fast cryptographic
23 operations with supported algorithms.
25 The instructions are used only when the CPU supports them.
26 Otherwise software encryption is used.
28 config CRYPTO_DEV_PADLOCK_AES
29 tristate "PadLock driver for AES algorithm"
30 depends on CRYPTO_DEV_PADLOCK
31 select CRYPTO_SKCIPHER
34 Use VIA PadLock for AES algorithm.
36 Available in VIA C3 and newer CPUs.
38 If unsure say M. The compiled module will be
41 config CRYPTO_DEV_PADLOCK_SHA
42 tristate "PadLock driver for SHA1 and SHA256 algorithms"
43 depends on CRYPTO_DEV_PADLOCK
48 Use VIA PadLock for SHA1/SHA256 algorithms.
50 Available in VIA C7 and newer processors.
52 If unsure say M. The compiled module will be
55 config CRYPTO_DEV_GEODE
56 tristate "Support for the Geode LX AES engine"
57 depends on X86_32 && PCI
59 select CRYPTO_SKCIPHER
61 Say 'Y' here to use the AMD Geode LX processor on-board AES
62 engine for the CryptoAPI AES algorithm.
64 To compile this driver as a module, choose M here: the module
65 will be called geode-aes.
68 tristate "Support for s390 cryptographic adapters"
72 Select this option if you want to enable support for
73 s390 cryptographic adapters like Crypto Express 4 up
74 to 8 in Coprocessor (CEXxC), EP11 Coprocessor (CEXxP)
75 or Accelerator (CEXxA) mode.
78 bool "Enable debug features for s390 cryptographic adapters"
80 depends on DEBUG_KERNEL
83 Say 'Y' here to enable some additional debug features on the
84 s390 cryptographic adapters driver.
86 There will be some more sysfs attributes displayed for ap cards
87 and queues and some flags on crypto requests are interpreted as
88 debugging messages to force error injection.
90 Do not enable on production level kernel build.
95 tristate "Kernel API for protected key handling"
99 With this option enabled the pkey kernel module provides an API
100 for creation and handling of protected keys. Other parts of the
101 kernel or userspace applications may use these functions.
103 Select this option if you want to enable the kernel and userspace
104 API for proteced key handling.
106 Please note that creation of protected keys from secure keys
107 requires to have at least one CEX card in coprocessor mode
108 available at runtime.
110 config CRYPTO_PAES_S390
111 tristate "PAES cipher algorithms"
116 select CRYPTO_SKCIPHER
118 This is the s390 hardware accelerated implementation of the
119 AES cipher algorithms for use with protected key.
121 Select this option if you want to use the paes cipher
122 for example to use protected key encrypted devices.
125 tristate "Pseudo random number generator device driver"
129 Select this option if you want to use the s390 pseudo random number
130 generator. The PRNG is part of the cryptographic processor functions
131 and uses triple-DES to generate secure random numbers like the
132 ANSI X9.17 standard. User-space programs access the
133 pseudo-random-number device through the char device /dev/prandom.
135 It is available as of z9.
137 config CRYPTO_DEV_NIAGARA2
138 tristate "Niagara2 Stream Processing Unit driver"
139 select CRYPTO_LIB_DES
140 select CRYPTO_SKCIPHER
147 Each core of a Niagara2 processor contains a Stream
148 Processing Unit, which itself contains several cryptographic
149 sub-units. One set provides the Modular Arithmetic Unit,
150 used for SSL offload. The other set provides the Cipher
151 Group, which can perform encryption, decryption, hashing,
152 checksumming, and raw copies.
154 config CRYPTO_DEV_SL3516
155 tristate "Storlink SL3516 crypto offloader"
156 depends on ARCH_GEMINI || COMPILE_TEST
157 depends on HAS_IOMEM && PM
158 select CRYPTO_SKCIPHER
164 This option allows you to have support for SL3516 crypto offloader.
166 config CRYPTO_DEV_SL3516_DEBUG
167 bool "Enable SL3516 stats"
168 depends on CRYPTO_DEV_SL3516
171 Say y to enable SL3516 debug stats.
172 This will create /sys/kernel/debug/sl3516/stats for displaying
173 the number of requests per algorithm and other internal stats.
175 config CRYPTO_DEV_HIFN_795X
176 tristate "Driver HIFN 795x crypto accelerator chips"
177 select CRYPTO_LIB_DES
178 select CRYPTO_SKCIPHER
179 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
181 depends on !ARCH_DMA_ADDR_T_64BIT
183 This option allows you to have support for HIFN 795x crypto adapters.
185 config CRYPTO_DEV_HIFN_795X_RNG
186 bool "HIFN 795x random number generator"
187 depends on CRYPTO_DEV_HIFN_795X
189 Select this option if you want to enable the random number generator
190 on the HIFN 795x crypto adapters.
192 source "drivers/crypto/caam/Kconfig"
194 config CRYPTO_DEV_TALITOS
195 tristate "Talitos Freescale Security Engine (SEC)"
197 select CRYPTO_AUTHENC
198 select CRYPTO_SKCIPHER
200 select CRYPTO_LIB_DES
204 Say 'Y' here to use the Freescale Security Engine (SEC)
205 to offload cryptographic algorithm computation.
207 The Freescale SEC is present on PowerQUICC 'E' processors, such
208 as the MPC8349E and MPC8548E.
210 To compile this driver as a module, choose M here: the module
211 will be called talitos.
213 config CRYPTO_DEV_TALITOS1
214 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
215 depends on CRYPTO_DEV_TALITOS
216 depends on PPC_8xx || PPC_82xx
219 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
220 found on MPC82xx or the Freescale Security Engine (SEC Lite)
221 version 1.2 found on MPC8xx
223 config CRYPTO_DEV_TALITOS2
224 bool "SEC2+ (SEC version 2.0 or upper)"
225 depends on CRYPTO_DEV_TALITOS
226 default y if !PPC_8xx
228 Say 'Y' here to use the Freescale Security Engine (SEC)
229 version 2 and following as found on MPC83xx, MPC85xx, etc ...
231 config CRYPTO_DEV_PPC4XX
232 tristate "Driver AMCC PPC4xx crypto accelerator"
233 depends on PPC && 4xx
237 select CRYPTO_LIB_AES
241 select CRYPTO_SKCIPHER
243 This option allows you to have support for AMCC crypto acceleration.
245 config HW_RANDOM_PPC4XX
246 bool "PowerPC 4xx generic true random number generator support"
247 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM=y
250 This option provides the kernel-side support for the TRNG hardware
251 found in the security function of some PowerPC 4xx SoCs.
253 config CRYPTO_DEV_OMAP
254 tristate "Support for OMAP crypto HW accelerators"
255 depends on ARCH_OMAP2PLUS
257 OMAP processors have various crypto HW accelerators. Select this if
258 you want to use the OMAP modules for any of the crypto algorithms.
262 config CRYPTO_DEV_OMAP_SHAM
263 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
264 depends on ARCH_OMAP2PLUS
272 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
273 want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
275 config CRYPTO_DEV_OMAP_AES
276 tristate "Support for OMAP AES hw engine"
277 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
279 select CRYPTO_SKCIPHER
286 OMAP processors have AES module accelerator. Select this if you
287 want to use the OMAP module for AES algorithms.
289 config CRYPTO_DEV_OMAP_DES
290 tristate "Support for OMAP DES/3DES hw engine"
291 depends on ARCH_OMAP2PLUS
292 select CRYPTO_LIB_DES
293 select CRYPTO_SKCIPHER
296 OMAP processors have DES/3DES module accelerator. Select this if you
297 want to use the OMAP module for DES and 3DES algorithms. Currently
298 the ECB and CBC modes of operation are supported by the driver. Also
299 accesses made on unaligned boundaries are supported.
301 endif # CRYPTO_DEV_OMAP
303 config CRYPTO_DEV_SAHARA
304 tristate "Support for SAHARA crypto accelerator"
305 depends on ARCH_MXC && OF
306 select CRYPTO_SKCIPHER
310 This option enables support for the SAHARA HW crypto accelerator
311 found in some Freescale i.MX chips.
313 config CRYPTO_DEV_EXYNOS_RNG
314 tristate "Exynos HW pseudo random number generator support"
315 depends on ARCH_EXYNOS || COMPILE_TEST
319 This driver provides kernel-side support through the
320 cryptographic API for the pseudo random number generator hardware
321 found on Exynos SoCs.
323 To compile this driver as a module, choose M here: the
324 module will be called exynos-rng.
328 config CRYPTO_DEV_S5P
329 tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
330 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
333 select CRYPTO_SKCIPHER
335 This option allows you to have support for S5P crypto acceleration.
336 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
337 algorithms execution.
339 config CRYPTO_DEV_EXYNOS_HASH
340 bool "Support for Samsung Exynos HASH accelerator"
341 depends on CRYPTO_DEV_S5P
342 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
347 Select this to offload Exynos from HASH MD5/SHA1/SHA256.
348 This will select software SHA1, MD5 and SHA256 as they are
349 needed for small and zero-size messages.
350 HASH algorithms will be disabled if EXYNOS_RNG
351 is enabled due to hw conflict.
354 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
357 This enables support for the NX hardware cryptographic accelerator
358 coprocessor that is in IBM PowerPC P7+ or later processors. This
359 does not actually enable any drivers, it only allows you to select
360 which acceleration type (encryption and/or compression) to enable.
363 source "drivers/crypto/nx/Kconfig"
366 config CRYPTO_DEV_ATMEL_AUTHENC
367 bool "Support for Atmel IPSEC/SSL hw accelerator"
368 depends on ARCH_AT91 || COMPILE_TEST
369 depends on CRYPTO_DEV_ATMEL_AES
371 Some Atmel processors can combine the AES and SHA hw accelerators
372 to enhance support of IPSEC/SSL.
373 Select this if you want to use the Atmel modules for
374 authenc(hmac(shaX),Y(cbc)) algorithms.
376 config CRYPTO_DEV_ATMEL_AES
377 tristate "Support for Atmel AES hw accelerator"
378 depends on ARCH_AT91 || COMPILE_TEST
381 select CRYPTO_SKCIPHER
382 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
383 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
385 Some Atmel processors have AES hw accelerator.
386 Select this if you want to use the Atmel module for
389 To compile this driver as a module, choose M here: the module
390 will be called atmel-aes.
392 config CRYPTO_DEV_ATMEL_TDES
393 tristate "Support for Atmel DES/TDES hw accelerator"
394 depends on ARCH_AT91 || COMPILE_TEST
395 select CRYPTO_LIB_DES
396 select CRYPTO_SKCIPHER
398 Some Atmel processors have DES/TDES hw accelerator.
399 Select this if you want to use the Atmel module for
402 To compile this driver as a module, choose M here: the module
403 will be called atmel-tdes.
405 config CRYPTO_DEV_ATMEL_SHA
406 tristate "Support for Atmel SHA hw accelerator"
407 depends on ARCH_AT91 || COMPILE_TEST
410 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
412 Select this if you want to use the Atmel module for
413 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
415 To compile this driver as a module, choose M here: the module
416 will be called atmel-sha.
418 config CRYPTO_DEV_ATMEL_I2C
422 config CRYPTO_DEV_ATMEL_ECC
423 tristate "Support for Microchip / Atmel ECC hw accelerator"
425 select CRYPTO_DEV_ATMEL_I2C
429 Microhip / Atmel ECC hw accelerator.
430 Select this if you want to use the Microchip / Atmel module for
433 To compile this driver as a module, choose M here: the module
434 will be called atmel-ecc.
436 config CRYPTO_DEV_ATMEL_SHA204A
437 tristate "Support for Microchip / Atmel SHA accelerator and RNG"
439 select CRYPTO_DEV_ATMEL_I2C
443 Microhip / Atmel SHA accelerator and RNG.
444 Select this if you want to use the Microchip / Atmel SHA204A
445 module as a random number generator. (Other functions of the
446 chip are currently not exposed by this driver)
448 To compile this driver as a module, choose M here: the module
449 will be called atmel-sha204a.
451 config CRYPTO_DEV_CCP
452 bool "Support for AMD Secure Processor"
453 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
455 The AMD Secure Processor provides support for the Cryptographic Coprocessor
456 (CCP) and the Platform Security Processor (PSP) devices.
459 source "drivers/crypto/ccp/Kconfig"
462 config CRYPTO_DEV_MXS_DCP
463 tristate "Support for Freescale MXS DCP"
464 depends on (ARCH_MXS || ARCH_MXC)
469 select CRYPTO_SKCIPHER
472 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
473 co-processor on the die.
475 To compile this driver as a module, choose M here: the module
476 will be called mxs-dcp.
478 source "drivers/crypto/cavium/cpt/Kconfig"
479 source "drivers/crypto/cavium/nitrox/Kconfig"
480 source "drivers/crypto/marvell/Kconfig"
481 source "drivers/crypto/intel/Kconfig"
483 config CRYPTO_DEV_CAVIUM_ZIP
484 tristate "Cavium ZIP driver"
485 depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
487 Select this option if you want to enable compression/decompression
488 acceleration on Cavium's ARM based SoCs
490 config CRYPTO_DEV_QCE
491 tristate "Qualcomm crypto engine accelerator"
492 depends on ARCH_QCOM || COMPILE_TEST
495 This driver supports Qualcomm crypto engine accelerator
496 hardware. To compile this driver as a module, choose M here. The
497 module will be called qcrypto.
499 config CRYPTO_DEV_QCE_SKCIPHER
501 depends on CRYPTO_DEV_QCE
503 select CRYPTO_LIB_DES
508 select CRYPTO_SKCIPHER
510 config CRYPTO_DEV_QCE_SHA
512 depends on CRYPTO_DEV_QCE
516 config CRYPTO_DEV_QCE_AEAD
518 depends on CRYPTO_DEV_QCE
519 select CRYPTO_AUTHENC
520 select CRYPTO_LIB_DES
523 prompt "Algorithms enabled for QCE acceleration"
524 default CRYPTO_DEV_QCE_ENABLE_ALL
525 depends on CRYPTO_DEV_QCE
527 This option allows to choose whether to build support for all algorithms
528 (default), hashes-only, or skciphers-only.
530 The QCE engine does not appear to scale as well as the CPU to handle
531 multiple crypto requests. While the ipq40xx chips have 4-core CPUs, the
532 QCE handles only 2 requests in parallel.
534 Ipsec throughput seems to improve when disabling either family of
535 algorithms, sharing the load with the CPU. Enabling skciphers-only
536 appears to work best.
538 config CRYPTO_DEV_QCE_ENABLE_ALL
539 bool "All supported algorithms"
540 select CRYPTO_DEV_QCE_SKCIPHER
541 select CRYPTO_DEV_QCE_SHA
542 select CRYPTO_DEV_QCE_AEAD
544 Enable all supported algorithms:
545 - AES (CBC, CTR, ECB, XTS)
549 - SHA256, HMAC-SHA256
551 config CRYPTO_DEV_QCE_ENABLE_SKCIPHER
552 bool "Symmetric-key ciphers only"
553 select CRYPTO_DEV_QCE_SKCIPHER
555 Enable symmetric-key ciphers only:
556 - AES (CBC, CTR, ECB, XTS)
560 config CRYPTO_DEV_QCE_ENABLE_SHA
561 bool "Hash/HMAC only"
562 select CRYPTO_DEV_QCE_SHA
564 Enable hashes/HMAC algorithms only:
566 - SHA256, HMAC-SHA256
568 config CRYPTO_DEV_QCE_ENABLE_AEAD
569 bool "AEAD algorithms only"
570 select CRYPTO_DEV_QCE_AEAD
572 Enable AEAD algorithms only:
578 config CRYPTO_DEV_QCE_SW_MAX_LEN
579 int "Default maximum request size to use software for AES"
580 depends on CRYPTO_DEV_QCE && CRYPTO_DEV_QCE_SKCIPHER
583 This sets the default maximum request size to perform AES requests
584 using software instead of the crypto engine. It can be changed by
585 setting the aes_sw_max_len parameter.
587 Small blocks are processed faster in software than hardware.
588 Considering the 256-bit ciphers, software is 2-3 times faster than
589 qce at 256-bytes, 30% faster at 512, and about even at 768-bytes.
590 With 128-bit keys, the break-even point would be around 1024-bytes.
592 The default is set a little lower, to 512 bytes, to balance the
593 cost in CPU usage. The minimum recommended setting is 16-bytes
594 (1 AES block), since AES-GCM will fail if you set it lower.
595 Setting this to zero will send all requests to the hardware.
597 Note that 192-bit keys are not supported by the hardware and are
598 always processed by the software fallback, and all DES requests
599 are done by the hardware.
601 config CRYPTO_DEV_QCOM_RNG
602 tristate "Qualcomm Random Number Generator Driver"
603 depends on ARCH_QCOM || COMPILE_TEST
607 This driver provides support for the Random Number
608 Generator hardware found on Qualcomm SoCs.
610 To compile this driver as a module, choose M here. The
611 module will be called qcom-rng. If unsure, say N.
613 config CRYPTO_DEV_VMX
614 bool "Support for VMX cryptographic acceleration instructions"
615 depends on PPC64 && VSX
617 Support for VMX cryptographic acceleration instructions.
619 source "drivers/crypto/vmx/Kconfig"
621 config CRYPTO_DEV_IMGTEC_HASH
622 tristate "Imagination Technologies hardware hash accelerator"
623 depends on MIPS || COMPILE_TEST
629 This driver interfaces with the Imagination Technologies
630 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
633 config CRYPTO_DEV_ROCKCHIP
634 tristate "Rockchip's Cryptographic Engine driver"
635 depends on OF && ARCH_ROCKCHIP
642 select CRYPTO_LIB_DES
647 select CRYPTO_SKCIPHER
650 This driver interfaces with the hardware crypto accelerator.
651 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
653 config CRYPTO_DEV_ROCKCHIP_DEBUG
654 bool "Enable Rockchip crypto stats"
655 depends on CRYPTO_DEV_ROCKCHIP
658 Say y to enable Rockchip crypto debug stats.
659 This will create /sys/kernel/debug/rk3288_crypto/stats for displaying
660 the number of requests per algorithm and other internal stats.
663 config CRYPTO_DEV_ZYNQMP_AES
664 tristate "Support for Xilinx ZynqMP AES hw accelerator"
665 depends on ZYNQMP_FIRMWARE || COMPILE_TEST
670 Xilinx ZynqMP has AES-GCM engine used for symmetric key
671 encryption and decryption. This driver interfaces with AES hw
672 accelerator. Select this if you want to use the ZynqMP module
675 config CRYPTO_DEV_ZYNQMP_SHA3
676 tristate "Support for Xilinx ZynqMP SHA3 hardware accelerator"
677 depends on ZYNQMP_FIRMWARE || COMPILE_TEST
680 Xilinx ZynqMP has SHA3 engine used for secure hash calculation.
681 This driver interfaces with SHA3 hardware engine.
682 Select this if you want to use the ZynqMP module
683 for SHA3 hash computation.
685 source "drivers/crypto/chelsio/Kconfig"
687 source "drivers/crypto/virtio/Kconfig"
689 config CRYPTO_DEV_BCM_SPU
690 tristate "Broadcom symmetric crypto/hash acceleration support"
691 depends on ARCH_BCM_IPROC
694 select CRYPTO_AUTHENC
695 select CRYPTO_LIB_DES
701 This driver provides support for Broadcom crypto acceleration using the
702 Secure Processing Unit (SPU). The SPU driver registers skcipher,
703 ahash, and aead algorithms with the kernel cryptographic API.
705 source "drivers/crypto/stm32/Kconfig"
707 config CRYPTO_DEV_SAFEXCEL
708 tristate "Inside Secure's SafeXcel cryptographic engine driver"
709 depends on (OF || PCI || COMPILE_TEST) && HAS_IOMEM
710 select CRYPTO_LIB_AES
711 select CRYPTO_AUTHENC
712 select CRYPTO_SKCIPHER
713 select CRYPTO_LIB_DES
720 select CRYPTO_CHACHA20POLY1305
723 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
724 engines designed by Inside Secure. It currently accelerates DES, 3DES and
725 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
726 SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
727 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
729 config CRYPTO_DEV_ARTPEC6
730 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
731 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
736 select CRYPTO_SKCIPHER
743 Enables the driver for the on-chip crypto accelerator
746 To compile this driver as a module, choose M here.
748 config CRYPTO_DEV_CCREE
749 tristate "Support for ARM TrustZone CryptoCell family of security processors"
750 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
753 select CRYPTO_SKCIPHER
754 select CRYPTO_LIB_DES
756 select CRYPTO_AUTHENC
767 select CRYPTO_SM4_GENERIC
768 select CRYPTO_SM3_GENERIC
770 Say 'Y' to enable a driver for the REE interface of the Arm
771 TrustZone CryptoCell family of processors. Currently the
772 CryptoCell 713, 703, 712, 710 and 630 are supported.
773 Choose this if you wish to use hardware acceleration of
774 cryptographic operations on the system REE.
777 source "drivers/crypto/hisilicon/Kconfig"
779 source "drivers/crypto/amlogic/Kconfig"
781 config CRYPTO_DEV_SA2UL
782 tristate "Support for TI security accelerator"
783 depends on ARCH_K3 || COMPILE_TEST
786 select CRYPTO_AUTHENC
794 K3 devices include a security accelerator engine that may be
795 used for crypto offload. Select this if you want to use hardware
796 acceleration for cryptographic algorithms on these devices.
798 source "drivers/crypto/aspeed/Kconfig"
799 source "drivers/crypto/starfive/Kconfig"