1 # SPDX-License-Identifier: GPL-2.0-only
4 bool "Hardware crypto devices"
7 Say Y here to get to see options for hardware crypto devices and
8 processors. This option alone does not add any kernel code.
10 If you say N, all options in this submenu will be skipped and disabled.
14 config CRYPTO_DEV_PADLOCK
15 tristate "Support for VIA PadLock ACE"
16 depends on X86 && !UML
18 Some VIA processors come with an integrated crypto engine
19 (so called VIA PadLock ACE, Advanced Cryptography Engine)
20 that provides instructions for very fast cryptographic
21 operations with supported algorithms.
23 The instructions are used only when the CPU supports them.
24 Otherwise software encryption is used.
26 config CRYPTO_DEV_PADLOCK_AES
27 tristate "PadLock driver for AES algorithm"
28 depends on CRYPTO_DEV_PADLOCK
29 select CRYPTO_BLKCIPHER
32 Use VIA PadLock for AES algorithm.
34 Available in VIA C3 and newer CPUs.
36 If unsure say M. The compiled module will be
39 config CRYPTO_DEV_PADLOCK_SHA
40 tristate "PadLock driver for SHA1 and SHA256 algorithms"
41 depends on CRYPTO_DEV_PADLOCK
46 Use VIA PadLock for SHA1/SHA256 algorithms.
48 Available in VIA C7 and newer processors.
50 If unsure say M. The compiled module will be
53 config CRYPTO_DEV_GEODE
54 tristate "Support for the Geode LX AES engine"
55 depends on X86_32 && PCI
57 select CRYPTO_BLKCIPHER
59 Say 'Y' here to use the AMD Geode LX processor on-board AES
60 engine for the CryptoAPI AES algorithm.
62 To compile this driver as a module, choose M here: the module
63 will be called geode-aes.
66 tristate "Support for s390 cryptographic adapters"
70 Select this option if you want to enable support for
71 s390 cryptographic adapters like:
72 + PCI-X Cryptographic Coprocessor (PCIXCC)
73 + Crypto Express 2,3,4 or 5 Coprocessor (CEXxC)
74 + Crypto Express 2,3,4 or 5 Accelerator (CEXxA)
75 + Crypto Express 4 or 5 EP11 Coprocessor (CEXxP)
77 config ZCRYPT_MULTIDEVNODES
78 bool "Support for multiple zcrypt device nodes"
83 With this option enabled the zcrypt device driver can
84 provide multiple devices nodes in /dev. Each device
85 node can get customized to limit access and narrow
86 down the use of the available crypto hardware.
89 tristate "Kernel API for protected key handling"
93 With this option enabled the pkey kernel module provides an API
94 for creation and handling of protected keys. Other parts of the
95 kernel or userspace applications may use these functions.
97 Select this option if you want to enable the kernel and userspace
98 API for proteced key handling.
100 Please note that creation of protected keys from secure keys
101 requires to have at least one CEX card in coprocessor mode
102 available at runtime.
104 config CRYPTO_PAES_S390
105 tristate "PAES cipher algorithms"
110 select CRYPTO_BLKCIPHER
112 This is the s390 hardware accelerated implementation of the
113 AES cipher algorithms for use with protected key.
115 Select this option if you want to use the paes cipher
116 for example to use protected key encrypted devices.
118 config CRYPTO_SHA1_S390
119 tristate "SHA1 digest algorithm"
123 This is the s390 hardware accelerated implementation of the
124 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
126 It is available as of z990.
128 config CRYPTO_SHA256_S390
129 tristate "SHA256 digest algorithm"
133 This is the s390 hardware accelerated implementation of the
134 SHA256 secure hash standard (DFIPS 180-2).
136 It is available as of z9.
138 config CRYPTO_SHA512_S390
139 tristate "SHA384 and SHA512 digest algorithm"
143 This is the s390 hardware accelerated implementation of the
144 SHA512 secure hash standard.
146 It is available as of z10.
148 config CRYPTO_DES_S390
149 tristate "DES and Triple DES cipher algorithms"
152 select CRYPTO_BLKCIPHER
155 This is the s390 hardware accelerated implementation of the
156 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
158 As of z990 the ECB and CBC mode are hardware accelerated.
159 As of z196 the CTR mode is hardware accelerated.
161 config CRYPTO_AES_S390
162 tristate "AES cipher algorithms"
165 select CRYPTO_BLKCIPHER
167 This is the s390 hardware accelerated implementation of the
168 AES cipher algorithms (FIPS-197).
170 As of z9 the ECB and CBC modes are hardware accelerated
172 As of z10 the ECB and CBC modes are hardware accelerated
173 for all AES key sizes.
174 As of z196 the CTR mode is hardware accelerated for all AES
175 key sizes and XTS mode is hardware accelerated for 256 and
179 tristate "Pseudo random number generator device driver"
183 Select this option if you want to use the s390 pseudo random number
184 generator. The PRNG is part of the cryptographic processor functions
185 and uses triple-DES to generate secure random numbers like the
186 ANSI X9.17 standard. User-space programs access the
187 pseudo-random-number device through the char device /dev/prandom.
189 It is available as of z9.
191 config CRYPTO_GHASH_S390
192 tristate "GHASH digest algorithm"
196 This is the s390 hardware accelerated implementation of the
197 GHASH message digest algorithm for GCM (Galois/Counter Mode).
199 It is available as of z196.
201 config CRYPTO_CRC32_S390
202 tristate "CRC-32 algorithms"
207 Select this option if you want to use hardware accelerated
208 implementations of CRC algorithms. With this option, you
209 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
210 and CRC-32C (Castagnoli).
212 It is available with IBM z13 or later.
214 config CRYPTO_DEV_MARVELL_CESA
215 tristate "Marvell's Cryptographic Engine driver"
216 depends on PLAT_ORION || ARCH_MVEBU
219 select CRYPTO_BLKCIPHER
223 This driver allows you to utilize the Cryptographic Engines and
224 Security Accelerator (CESA) which can be found on MVEBU and ORION
226 This driver supports CPU offload through DMA transfers.
228 config CRYPTO_DEV_NIAGARA2
229 tristate "Niagara2 Stream Processing Unit driver"
231 select CRYPTO_BLKCIPHER
238 Each core of a Niagara2 processor contains a Stream
239 Processing Unit, which itself contains several cryptographic
240 sub-units. One set provides the Modular Arithmetic Unit,
241 used for SSL offload. The other set provides the Cipher
242 Group, which can perform encryption, decryption, hashing,
243 checksumming, and raw copies.
245 config CRYPTO_DEV_HIFN_795X
246 tristate "Driver HIFN 795x crypto accelerator chips"
248 select CRYPTO_BLKCIPHER
249 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
251 depends on !ARCH_DMA_ADDR_T_64BIT
253 This option allows you to have support for HIFN 795x crypto adapters.
255 config CRYPTO_DEV_HIFN_795X_RNG
256 bool "HIFN 795x random number generator"
257 depends on CRYPTO_DEV_HIFN_795X
259 Select this option if you want to enable the random number generator
260 on the HIFN 795x crypto adapters.
262 source "drivers/crypto/caam/Kconfig"
264 config CRYPTO_DEV_TALITOS
265 tristate "Talitos Freescale Security Engine (SEC)"
267 select CRYPTO_AUTHENC
268 select CRYPTO_BLKCIPHER
273 Say 'Y' here to use the Freescale Security Engine (SEC)
274 to offload cryptographic algorithm computation.
276 The Freescale SEC is present on PowerQUICC 'E' processors, such
277 as the MPC8349E and MPC8548E.
279 To compile this driver as a module, choose M here: the module
280 will be called talitos.
282 config CRYPTO_DEV_TALITOS1
283 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
284 depends on CRYPTO_DEV_TALITOS
285 depends on PPC_8xx || PPC_82xx
288 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
289 found on MPC82xx or the Freescale Security Engine (SEC Lite)
290 version 1.2 found on MPC8xx
292 config CRYPTO_DEV_TALITOS2
293 bool "SEC2+ (SEC version 2.0 or upper)"
294 depends on CRYPTO_DEV_TALITOS
295 default y if !PPC_8xx
297 Say 'Y' here to use the Freescale Security Engine (SEC)
298 version 2 and following as found on MPC83xx, MPC85xx, etc ...
300 config CRYPTO_DEV_IXP4XX
301 tristate "Driver for IXP4xx crypto hardware acceleration"
302 depends on ARCH_IXP4XX && IXP4XX_QMGR && IXP4XX_NPE
305 select CRYPTO_AUTHENC
306 select CRYPTO_BLKCIPHER
308 Driver for the IXP4xx NPE crypto engine.
310 config CRYPTO_DEV_PPC4XX
311 tristate "Driver AMCC PPC4xx crypto accelerator"
312 depends on PPC && 4xx
319 select CRYPTO_BLKCIPHER
321 This option allows you to have support for AMCC crypto acceleration.
323 config HW_RANDOM_PPC4XX
324 bool "PowerPC 4xx generic true random number generator support"
325 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM
328 This option provides the kernel-side support for the TRNG hardware
329 found in the security function of some PowerPC 4xx SoCs.
331 config CRYPTO_DEV_OMAP
332 tristate "Support for OMAP crypto HW accelerators"
333 depends on ARCH_OMAP2PLUS
335 OMAP processors have various crypto HW accelerators. Select this if
336 you want to use the OMAP modules for any of the crypto algorithms.
340 config CRYPTO_DEV_OMAP_SHAM
341 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
342 depends on ARCH_OMAP2PLUS
349 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
350 want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
352 config CRYPTO_DEV_OMAP_AES
353 tristate "Support for OMAP AES hw engine"
354 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
356 select CRYPTO_BLKCIPHER
363 OMAP processors have AES module accelerator. Select this if you
364 want to use the OMAP module for AES algorithms.
366 config CRYPTO_DEV_OMAP_DES
367 tristate "Support for OMAP DES/3DES hw engine"
368 depends on ARCH_OMAP2PLUS
370 select CRYPTO_BLKCIPHER
373 OMAP processors have DES/3DES module accelerator. Select this if you
374 want to use the OMAP module for DES and 3DES algorithms. Currently
375 the ECB and CBC modes of operation are supported by the driver. Also
376 accesses made on unaligned boundaries are supported.
378 endif # CRYPTO_DEV_OMAP
380 config CRYPTO_DEV_PICOXCELL
381 tristate "Support for picoXcell IPSEC and Layer2 crypto engines"
382 depends on (ARCH_PICOXCELL || COMPILE_TEST) && HAVE_CLK
385 select CRYPTO_AUTHENC
386 select CRYPTO_BLKCIPHER
392 This option enables support for the hardware offload engines in the
393 Picochip picoXcell SoC devices. Select this for IPSEC ESP offload
394 and for 3gpp Layer 2 ciphering support.
396 Saying m here will build a module named pipcoxcell_crypto.
398 config CRYPTO_DEV_SAHARA
399 tristate "Support for SAHARA crypto accelerator"
400 depends on ARCH_MXC && OF
401 select CRYPTO_BLKCIPHER
405 This option enables support for the SAHARA HW crypto accelerator
406 found in some Freescale i.MX chips.
408 config CRYPTO_DEV_EXYNOS_RNG
409 tristate "EXYNOS HW pseudo random number generator support"
410 depends on ARCH_EXYNOS || COMPILE_TEST
414 This driver provides kernel-side support through the
415 cryptographic API for the pseudo random number generator hardware
416 found on Exynos SoCs.
418 To compile this driver as a module, choose M here: the
419 module will be called exynos-rng.
423 config CRYPTO_DEV_S5P
424 tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
425 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
428 select CRYPTO_BLKCIPHER
430 This option allows you to have support for S5P crypto acceleration.
431 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
432 algorithms execution.
434 config CRYPTO_DEV_EXYNOS_HASH
435 bool "Support for Samsung Exynos HASH accelerator"
436 depends on CRYPTO_DEV_S5P
437 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
442 Select this to offload Exynos from HASH MD5/SHA1/SHA256.
443 This will select software SHA1, MD5 and SHA256 as they are
444 needed for small and zero-size messages.
445 HASH algorithms will be disabled if EXYNOS_RNG
446 is enabled due to hw conflict.
449 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
452 This enables support for the NX hardware cryptographic accelerator
453 coprocessor that is in IBM PowerPC P7+ or later processors. This
454 does not actually enable any drivers, it only allows you to select
455 which acceleration type (encryption and/or compression) to enable.
458 source "drivers/crypto/nx/Kconfig"
461 config CRYPTO_DEV_UX500
462 tristate "Driver for ST-Ericsson UX500 crypto hardware acceleration"
463 depends on ARCH_U8500
465 Driver for ST-Ericsson UX500 crypto engine.
468 source "drivers/crypto/ux500/Kconfig"
469 endif # if CRYPTO_DEV_UX500
471 config CRYPTO_DEV_ATMEL_AUTHENC
472 tristate "Support for Atmel IPSEC/SSL hw accelerator"
473 depends on ARCH_AT91 || COMPILE_TEST
474 select CRYPTO_AUTHENC
475 select CRYPTO_DEV_ATMEL_AES
476 select CRYPTO_DEV_ATMEL_SHA
478 Some Atmel processors can combine the AES and SHA hw accelerators
479 to enhance support of IPSEC/SSL.
480 Select this if you want to use the Atmel modules for
481 authenc(hmac(shaX),Y(cbc)) algorithms.
483 config CRYPTO_DEV_ATMEL_AES
484 tristate "Support for Atmel AES hw accelerator"
485 depends on ARCH_AT91 || COMPILE_TEST
488 select CRYPTO_BLKCIPHER
490 Some Atmel processors have AES hw accelerator.
491 Select this if you want to use the Atmel module for
494 To compile this driver as a module, choose M here: the module
495 will be called atmel-aes.
497 config CRYPTO_DEV_ATMEL_TDES
498 tristate "Support for Atmel DES/TDES hw accelerator"
499 depends on ARCH_AT91 || COMPILE_TEST
501 select CRYPTO_BLKCIPHER
503 Some Atmel processors have DES/TDES hw accelerator.
504 Select this if you want to use the Atmel module for
507 To compile this driver as a module, choose M here: the module
508 will be called atmel-tdes.
510 config CRYPTO_DEV_ATMEL_SHA
511 tristate "Support for Atmel SHA hw accelerator"
512 depends on ARCH_AT91 || COMPILE_TEST
515 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
517 Select this if you want to use the Atmel module for
518 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
520 To compile this driver as a module, choose M here: the module
521 will be called atmel-sha.
523 config CRYPTO_DEV_ATMEL_I2C
526 config CRYPTO_DEV_ATMEL_ECC
527 tristate "Support for Microchip / Atmel ECC hw accelerator"
529 select CRYPTO_DEV_ATMEL_I2C
533 Microhip / Atmel ECC hw accelerator.
534 Select this if you want to use the Microchip / Atmel module for
537 To compile this driver as a module, choose M here: the module
538 will be called atmel-ecc.
540 config CRYPTO_DEV_ATMEL_SHA204A
541 tristate "Support for Microchip / Atmel SHA accelerator and RNG"
543 select CRYPTO_DEV_ATMEL_I2C
547 Microhip / Atmel SHA accelerator and RNG.
548 Select this if you want to use the Microchip / Atmel SHA204A
549 module as a random number generator. (Other functions of the
550 chip are currently not exposed by this driver)
552 To compile this driver as a module, choose M here: the module
553 will be called atmel-sha204a.
555 config CRYPTO_DEV_CCP
556 bool "Support for AMD Secure Processor"
557 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
559 The AMD Secure Processor provides support for the Cryptographic Coprocessor
560 (CCP) and the Platform Security Processor (PSP) devices.
563 source "drivers/crypto/ccp/Kconfig"
566 config CRYPTO_DEV_MXS_DCP
567 tristate "Support for Freescale MXS DCP"
568 depends on (ARCH_MXS || ARCH_MXC)
573 select CRYPTO_BLKCIPHER
576 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
577 co-processor on the die.
579 To compile this driver as a module, choose M here: the module
580 will be called mxs-dcp.
582 source "drivers/crypto/qat/Kconfig"
583 source "drivers/crypto/cavium/cpt/Kconfig"
584 source "drivers/crypto/cavium/nitrox/Kconfig"
586 config CRYPTO_DEV_CAVIUM_ZIP
587 tristate "Cavium ZIP driver"
588 depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
590 Select this option if you want to enable compression/decompression
591 acceleration on Cavium's ARM based SoCs
593 config CRYPTO_DEV_QCE
594 tristate "Qualcomm crypto engine accelerator"
595 depends on ARCH_QCOM || COMPILE_TEST
603 select CRYPTO_BLKCIPHER
605 This driver supports Qualcomm crypto engine accelerator
606 hardware. To compile this driver as a module, choose M here. The
607 module will be called qcrypto.
609 config CRYPTO_DEV_QCOM_RNG
610 tristate "Qualcomm Random Number Generator Driver"
611 depends on ARCH_QCOM || COMPILE_TEST
614 This driver provides support for the Random Number
615 Generator hardware found on Qualcomm SoCs.
617 To compile this driver as a module, choose M here. The
618 module will be called qcom-rng. If unsure, say N.
620 config CRYPTO_DEV_VMX
621 bool "Support for VMX cryptographic acceleration instructions"
622 depends on PPC64 && VSX
624 Support for VMX cryptographic acceleration instructions.
626 source "drivers/crypto/vmx/Kconfig"
628 config CRYPTO_DEV_IMGTEC_HASH
629 tristate "Imagination Technologies hardware hash accelerator"
630 depends on MIPS || COMPILE_TEST
636 This driver interfaces with the Imagination Technologies
637 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
640 config CRYPTO_DEV_SUN4I_SS
641 tristate "Support for Allwinner Security System cryptographic accelerator"
642 depends on ARCH_SUNXI && !64BIT
647 select CRYPTO_BLKCIPHER
649 Some Allwinner SoC have a crypto accelerator named
650 Security System. Select this if you want to use it.
651 The Security System handle AES/DES/3DES ciphers in CBC mode
652 and SHA1 and MD5 hash algorithms.
654 To compile this driver as a module, choose M here: the module
655 will be called sun4i-ss.
657 config CRYPTO_DEV_SUN4I_SS_PRNG
658 bool "Support for Allwinner Security System PRNG"
659 depends on CRYPTO_DEV_SUN4I_SS
662 Select this option if you want to provide kernel-side support for
663 the Pseudo-Random Number Generator found in the Security System.
665 config CRYPTO_DEV_ROCKCHIP
666 tristate "Rockchip's Cryptographic Engine driver"
667 depends on OF && ARCH_ROCKCHIP
674 select CRYPTO_BLKCIPHER
677 This driver interfaces with the hardware crypto accelerator.
678 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
680 config CRYPTO_DEV_MEDIATEK
681 tristate "MediaTek's EIP97 Cryptographic Engine driver"
682 depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST
685 select CRYPTO_BLKCIPHER
692 This driver allows you to utilize the hardware crypto accelerator
693 EIP97 which can be found on the MT7623 MT2701, MT8521p, etc ....
694 Select this if you want to use it for AES/SHA1/SHA2 algorithms.
696 source "drivers/crypto/chelsio/Kconfig"
698 source "drivers/crypto/virtio/Kconfig"
700 config CRYPTO_DEV_BCM_SPU
701 tristate "Broadcom symmetric crypto/hash acceleration support"
702 depends on ARCH_BCM_IPROC
705 select CRYPTO_AUTHENC
712 This driver provides support for Broadcom crypto acceleration using the
713 Secure Processing Unit (SPU). The SPU driver registers ablkcipher,
714 ahash, and aead algorithms with the kernel cryptographic API.
716 source "drivers/crypto/stm32/Kconfig"
718 config CRYPTO_DEV_SAFEXCEL
719 tristate "Inside Secure's SafeXcel cryptographic engine driver"
721 depends on (ARM64 && ARCH_MVEBU) || (COMPILE_TEST && 64BIT)
723 select CRYPTO_AUTHENC
724 select CRYPTO_BLKCIPHER
733 This driver interfaces with the SafeXcel EIP-197 cryptographic engine
734 designed by Inside Secure. Select this if you want to use CBC/ECB
735 chain mode, AES cipher mode and SHA1/SHA224/SHA256/SHA512 hash
738 config CRYPTO_DEV_ARTPEC6
739 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
740 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
745 select CRYPTO_BLKCIPHER
752 Enables the driver for the on-chip crypto accelerator
755 To compile this driver as a module, choose M here.
757 config CRYPTO_DEV_CCREE
758 tristate "Support for ARM TrustZone CryptoCell family of security processors"
759 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
762 select CRYPTO_BLKCIPHER
765 select CRYPTO_AUTHENC
779 Say 'Y' to enable a driver for the REE interface of the Arm
780 TrustZone CryptoCell family of processors. Currently the
781 CryptoCell 713, 703, 712, 710 and 630 are supported.
782 Choose this if you wish to use hardware acceleration of
783 cryptographic operations on the system REE.
786 source "drivers/crypto/hisilicon/Kconfig"