1 # SPDX-License-Identifier: GPL-2.0-only
4 bool "Hardware crypto devices"
7 Say Y here to get to see options for hardware crypto devices and
8 processors. This option alone does not add any kernel code.
10 If you say N, all options in this submenu will be skipped and disabled.
14 source "drivers/crypto/allwinner/Kconfig"
16 config CRYPTO_DEV_PADLOCK
17 tristate "Support for VIA PadLock ACE"
18 depends on X86 && !UML
20 Some VIA processors come with an integrated crypto engine
21 (so called VIA PadLock ACE, Advanced Cryptography Engine)
22 that provides instructions for very fast cryptographic
23 operations with supported algorithms.
25 The instructions are used only when the CPU supports them.
26 Otherwise software encryption is used.
28 config CRYPTO_DEV_PADLOCK_AES
29 tristate "PadLock driver for AES algorithm"
30 depends on CRYPTO_DEV_PADLOCK
31 select CRYPTO_SKCIPHER
34 Use VIA PadLock for AES algorithm.
36 Available in VIA C3 and newer CPUs.
38 If unsure say M. The compiled module will be
41 config CRYPTO_DEV_PADLOCK_SHA
42 tristate "PadLock driver for SHA1 and SHA256 algorithms"
43 depends on CRYPTO_DEV_PADLOCK
48 Use VIA PadLock for SHA1/SHA256 algorithms.
50 Available in VIA C7 and newer processors.
52 If unsure say M. The compiled module will be
55 config CRYPTO_DEV_GEODE
56 tristate "Support for the Geode LX AES engine"
57 depends on X86_32 && PCI
59 select CRYPTO_SKCIPHER
61 Say 'Y' here to use the AMD Geode LX processor on-board AES
62 engine for the CryptoAPI AES algorithm.
64 To compile this driver as a module, choose M here: the module
65 will be called geode-aes.
68 tristate "Support for s390 cryptographic adapters"
72 Select this option if you want to enable support for
73 s390 cryptographic adapters like:
74 + PCI-X Cryptographic Coprocessor (PCIXCC)
75 + Crypto Express 2,3,4 or 5 Coprocessor (CEXxC)
76 + Crypto Express 2,3,4 or 5 Accelerator (CEXxA)
77 + Crypto Express 4 or 5 EP11 Coprocessor (CEXxP)
79 config ZCRYPT_MULTIDEVNODES
80 bool "Support for multiple zcrypt device nodes"
85 With this option enabled the zcrypt device driver can
86 provide multiple devices nodes in /dev. Each device
87 node can get customized to limit access and narrow
88 down the use of the available crypto hardware.
91 tristate "Kernel API for protected key handling"
95 With this option enabled the pkey kernel module provides an API
96 for creation and handling of protected keys. Other parts of the
97 kernel or userspace applications may use these functions.
99 Select this option if you want to enable the kernel and userspace
100 API for proteced key handling.
102 Please note that creation of protected keys from secure keys
103 requires to have at least one CEX card in coprocessor mode
104 available at runtime.
106 config CRYPTO_PAES_S390
107 tristate "PAES cipher algorithms"
112 select CRYPTO_SKCIPHER
114 This is the s390 hardware accelerated implementation of the
115 AES cipher algorithms for use with protected key.
117 Select this option if you want to use the paes cipher
118 for example to use protected key encrypted devices.
120 config CRYPTO_SHA1_S390
121 tristate "SHA1 digest algorithm"
125 This is the s390 hardware accelerated implementation of the
126 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
128 It is available as of z990.
130 config CRYPTO_SHA256_S390
131 tristate "SHA256 digest algorithm"
135 This is the s390 hardware accelerated implementation of the
136 SHA256 secure hash standard (DFIPS 180-2).
138 It is available as of z9.
140 config CRYPTO_SHA512_S390
141 tristate "SHA384 and SHA512 digest algorithm"
145 This is the s390 hardware accelerated implementation of the
146 SHA512 secure hash standard.
148 It is available as of z10.
150 config CRYPTO_SHA3_256_S390
151 tristate "SHA3_224 and SHA3_256 digest algorithm"
155 This is the s390 hardware accelerated implementation of the
156 SHA3_256 secure hash standard.
158 It is available as of z14.
160 config CRYPTO_SHA3_512_S390
161 tristate "SHA3_384 and SHA3_512 digest algorithm"
165 This is the s390 hardware accelerated implementation of the
166 SHA3_512 secure hash standard.
168 It is available as of z14.
170 config CRYPTO_DES_S390
171 tristate "DES and Triple DES cipher algorithms"
174 select CRYPTO_SKCIPHER
175 select CRYPTO_LIB_DES
177 This is the s390 hardware accelerated implementation of the
178 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
180 As of z990 the ECB and CBC mode are hardware accelerated.
181 As of z196 the CTR mode is hardware accelerated.
183 config CRYPTO_AES_S390
184 tristate "AES cipher algorithms"
187 select CRYPTO_SKCIPHER
189 This is the s390 hardware accelerated implementation of the
190 AES cipher algorithms (FIPS-197).
192 As of z9 the ECB and CBC modes are hardware accelerated
194 As of z10 the ECB and CBC modes are hardware accelerated
195 for all AES key sizes.
196 As of z196 the CTR mode is hardware accelerated for all AES
197 key sizes and XTS mode is hardware accelerated for 256 and
201 tristate "Pseudo random number generator device driver"
205 Select this option if you want to use the s390 pseudo random number
206 generator. The PRNG is part of the cryptographic processor functions
207 and uses triple-DES to generate secure random numbers like the
208 ANSI X9.17 standard. User-space programs access the
209 pseudo-random-number device through the char device /dev/prandom.
211 It is available as of z9.
213 config CRYPTO_GHASH_S390
214 tristate "GHASH hash function"
218 This is the s390 hardware accelerated implementation of GHASH,
219 the hash function used in GCM (Galois/Counter mode).
221 It is available as of z196.
223 config CRYPTO_CRC32_S390
224 tristate "CRC-32 algorithms"
229 Select this option if you want to use hardware accelerated
230 implementations of CRC algorithms. With this option, you
231 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
232 and CRC-32C (Castagnoli).
234 It is available with IBM z13 or later.
236 config CRYPTO_DEV_MARVELL_CESA
237 tristate "Marvell's Cryptographic Engine driver"
238 depends on PLAT_ORION || ARCH_MVEBU
239 select CRYPTO_LIB_AES
240 select CRYPTO_LIB_DES
241 select CRYPTO_SKCIPHER
245 This driver allows you to utilize the Cryptographic Engines and
246 Security Accelerator (CESA) which can be found on MVEBU and ORION
248 This driver supports CPU offload through DMA transfers.
250 config CRYPTO_DEV_NIAGARA2
251 tristate "Niagara2 Stream Processing Unit driver"
252 select CRYPTO_LIB_DES
253 select CRYPTO_SKCIPHER
260 Each core of a Niagara2 processor contains a Stream
261 Processing Unit, which itself contains several cryptographic
262 sub-units. One set provides the Modular Arithmetic Unit,
263 used for SSL offload. The other set provides the Cipher
264 Group, which can perform encryption, decryption, hashing,
265 checksumming, and raw copies.
267 config CRYPTO_DEV_HIFN_795X
268 tristate "Driver HIFN 795x crypto accelerator chips"
269 select CRYPTO_LIB_DES
270 select CRYPTO_SKCIPHER
271 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
273 depends on !ARCH_DMA_ADDR_T_64BIT
275 This option allows you to have support for HIFN 795x crypto adapters.
277 config CRYPTO_DEV_HIFN_795X_RNG
278 bool "HIFN 795x random number generator"
279 depends on CRYPTO_DEV_HIFN_795X
281 Select this option if you want to enable the random number generator
282 on the HIFN 795x crypto adapters.
284 source "drivers/crypto/caam/Kconfig"
286 config CRYPTO_DEV_TALITOS
287 tristate "Talitos Freescale Security Engine (SEC)"
289 select CRYPTO_AUTHENC
290 select CRYPTO_SKCIPHER
292 select CRYPTO_LIB_DES
296 Say 'Y' here to use the Freescale Security Engine (SEC)
297 to offload cryptographic algorithm computation.
299 The Freescale SEC is present on PowerQUICC 'E' processors, such
300 as the MPC8349E and MPC8548E.
302 To compile this driver as a module, choose M here: the module
303 will be called talitos.
305 config CRYPTO_DEV_TALITOS1
306 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
307 depends on CRYPTO_DEV_TALITOS
308 depends on PPC_8xx || PPC_82xx
311 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
312 found on MPC82xx or the Freescale Security Engine (SEC Lite)
313 version 1.2 found on MPC8xx
315 config CRYPTO_DEV_TALITOS2
316 bool "SEC2+ (SEC version 2.0 or upper)"
317 depends on CRYPTO_DEV_TALITOS
318 default y if !PPC_8xx
320 Say 'Y' here to use the Freescale Security Engine (SEC)
321 version 2 and following as found on MPC83xx, MPC85xx, etc ...
323 config CRYPTO_DEV_IXP4XX
324 tristate "Driver for IXP4xx crypto hardware acceleration"
325 depends on ARCH_IXP4XX && IXP4XX_QMGR && IXP4XX_NPE
326 select CRYPTO_LIB_DES
328 select CRYPTO_AUTHENC
329 select CRYPTO_SKCIPHER
331 Driver for the IXP4xx NPE crypto engine.
333 config CRYPTO_DEV_PPC4XX
334 tristate "Driver AMCC PPC4xx crypto accelerator"
335 depends on PPC && 4xx
339 select CRYPTO_LIB_AES
343 select CRYPTO_SKCIPHER
345 This option allows you to have support for AMCC crypto acceleration.
347 config HW_RANDOM_PPC4XX
348 bool "PowerPC 4xx generic true random number generator support"
349 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM
352 This option provides the kernel-side support for the TRNG hardware
353 found in the security function of some PowerPC 4xx SoCs.
355 config CRYPTO_DEV_OMAP
356 tristate "Support for OMAP crypto HW accelerators"
357 depends on ARCH_OMAP2PLUS
359 OMAP processors have various crypto HW accelerators. Select this if
360 you want to use the OMAP modules for any of the crypto algorithms.
364 config CRYPTO_DEV_OMAP_SHAM
365 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
366 depends on ARCH_OMAP2PLUS
373 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
374 want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
376 config CRYPTO_DEV_OMAP_AES
377 tristate "Support for OMAP AES hw engine"
378 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
380 select CRYPTO_SKCIPHER
387 OMAP processors have AES module accelerator. Select this if you
388 want to use the OMAP module for AES algorithms.
390 config CRYPTO_DEV_OMAP_DES
391 tristate "Support for OMAP DES/3DES hw engine"
392 depends on ARCH_OMAP2PLUS
393 select CRYPTO_LIB_DES
394 select CRYPTO_SKCIPHER
397 OMAP processors have DES/3DES module accelerator. Select this if you
398 want to use the OMAP module for DES and 3DES algorithms. Currently
399 the ECB and CBC modes of operation are supported by the driver. Also
400 accesses made on unaligned boundaries are supported.
402 endif # CRYPTO_DEV_OMAP
404 config CRYPTO_DEV_PICOXCELL
405 tristate "Support for picoXcell IPSEC and Layer2 crypto engines"
406 depends on (ARCH_PICOXCELL || COMPILE_TEST) && HAVE_CLK
409 select CRYPTO_AUTHENC
410 select CRYPTO_SKCIPHER
411 select CRYPTO_LIB_DES
416 This option enables support for the hardware offload engines in the
417 Picochip picoXcell SoC devices. Select this for IPSEC ESP offload
418 and for 3gpp Layer 2 ciphering support.
420 Saying m here will build a module named picoxcell_crypto.
422 config CRYPTO_DEV_SAHARA
423 tristate "Support for SAHARA crypto accelerator"
424 depends on ARCH_MXC && OF
425 select CRYPTO_SKCIPHER
429 This option enables support for the SAHARA HW crypto accelerator
430 found in some Freescale i.MX chips.
432 config CRYPTO_DEV_EXYNOS_RNG
433 tristate "EXYNOS HW pseudo random number generator support"
434 depends on ARCH_EXYNOS || COMPILE_TEST
438 This driver provides kernel-side support through the
439 cryptographic API for the pseudo random number generator hardware
440 found on Exynos SoCs.
442 To compile this driver as a module, choose M here: the
443 module will be called exynos-rng.
447 config CRYPTO_DEV_S5P
448 tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
449 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
452 select CRYPTO_SKCIPHER
454 This option allows you to have support for S5P crypto acceleration.
455 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
456 algorithms execution.
458 config CRYPTO_DEV_EXYNOS_HASH
459 bool "Support for Samsung Exynos HASH accelerator"
460 depends on CRYPTO_DEV_S5P
461 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
466 Select this to offload Exynos from HASH MD5/SHA1/SHA256.
467 This will select software SHA1, MD5 and SHA256 as they are
468 needed for small and zero-size messages.
469 HASH algorithms will be disabled if EXYNOS_RNG
470 is enabled due to hw conflict.
473 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
476 This enables support for the NX hardware cryptographic accelerator
477 coprocessor that is in IBM PowerPC P7+ or later processors. This
478 does not actually enable any drivers, it only allows you to select
479 which acceleration type (encryption and/or compression) to enable.
482 source "drivers/crypto/nx/Kconfig"
485 config CRYPTO_DEV_UX500
486 tristate "Driver for ST-Ericsson UX500 crypto hardware acceleration"
487 depends on ARCH_U8500
489 Driver for ST-Ericsson UX500 crypto engine.
492 source "drivers/crypto/ux500/Kconfig"
493 endif # if CRYPTO_DEV_UX500
495 config CRYPTO_DEV_ATMEL_AUTHENC
496 bool "Support for Atmel IPSEC/SSL hw accelerator"
497 depends on ARCH_AT91 || COMPILE_TEST
498 depends on CRYPTO_DEV_ATMEL_AES
500 Some Atmel processors can combine the AES and SHA hw accelerators
501 to enhance support of IPSEC/SSL.
502 Select this if you want to use the Atmel modules for
503 authenc(hmac(shaX),Y(cbc)) algorithms.
505 config CRYPTO_DEV_ATMEL_AES
506 tristate "Support for Atmel AES hw accelerator"
507 depends on ARCH_AT91 || COMPILE_TEST
510 select CRYPTO_SKCIPHER
511 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
512 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
514 Some Atmel processors have AES hw accelerator.
515 Select this if you want to use the Atmel module for
518 To compile this driver as a module, choose M here: the module
519 will be called atmel-aes.
521 config CRYPTO_DEV_ATMEL_TDES
522 tristate "Support for Atmel DES/TDES hw accelerator"
523 depends on ARCH_AT91 || COMPILE_TEST
524 select CRYPTO_LIB_DES
525 select CRYPTO_SKCIPHER
527 Some Atmel processors have DES/TDES hw accelerator.
528 Select this if you want to use the Atmel module for
531 To compile this driver as a module, choose M here: the module
532 will be called atmel-tdes.
534 config CRYPTO_DEV_ATMEL_SHA
535 tristate "Support for Atmel SHA hw accelerator"
536 depends on ARCH_AT91 || COMPILE_TEST
539 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
541 Select this if you want to use the Atmel module for
542 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
544 To compile this driver as a module, choose M here: the module
545 will be called atmel-sha.
547 config CRYPTO_DEV_ATMEL_I2C
550 config CRYPTO_DEV_ATMEL_ECC
551 tristate "Support for Microchip / Atmel ECC hw accelerator"
553 select CRYPTO_DEV_ATMEL_I2C
557 Microhip / Atmel ECC hw accelerator.
558 Select this if you want to use the Microchip / Atmel module for
561 To compile this driver as a module, choose M here: the module
562 will be called atmel-ecc.
564 config CRYPTO_DEV_ATMEL_SHA204A
565 tristate "Support for Microchip / Atmel SHA accelerator and RNG"
567 select CRYPTO_DEV_ATMEL_I2C
571 Microhip / Atmel SHA accelerator and RNG.
572 Select this if you want to use the Microchip / Atmel SHA204A
573 module as a random number generator. (Other functions of the
574 chip are currently not exposed by this driver)
576 To compile this driver as a module, choose M here: the module
577 will be called atmel-sha204a.
579 config CRYPTO_DEV_CCP
580 bool "Support for AMD Secure Processor"
581 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
583 The AMD Secure Processor provides support for the Cryptographic Coprocessor
584 (CCP) and the Platform Security Processor (PSP) devices.
587 source "drivers/crypto/ccp/Kconfig"
590 config CRYPTO_DEV_MXS_DCP
591 tristate "Support for Freescale MXS DCP"
592 depends on (ARCH_MXS || ARCH_MXC)
597 select CRYPTO_SKCIPHER
600 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
601 co-processor on the die.
603 To compile this driver as a module, choose M here: the module
604 will be called mxs-dcp.
606 source "drivers/crypto/qat/Kconfig"
607 source "drivers/crypto/cavium/cpt/Kconfig"
608 source "drivers/crypto/cavium/nitrox/Kconfig"
610 config CRYPTO_DEV_CAVIUM_ZIP
611 tristate "Cavium ZIP driver"
612 depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
614 Select this option if you want to enable compression/decompression
615 acceleration on Cavium's ARM based SoCs
617 config CRYPTO_DEV_QCE
618 tristate "Qualcomm crypto engine accelerator"
619 depends on ARCH_QCOM || COMPILE_TEST
622 select CRYPTO_LIB_DES
627 select CRYPTO_SKCIPHER
629 This driver supports Qualcomm crypto engine accelerator
630 hardware. To compile this driver as a module, choose M here. The
631 module will be called qcrypto.
633 config CRYPTO_DEV_QCOM_RNG
634 tristate "Qualcomm Random Number Generator Driver"
635 depends on ARCH_QCOM || COMPILE_TEST
638 This driver provides support for the Random Number
639 Generator hardware found on Qualcomm SoCs.
641 To compile this driver as a module, choose M here. The
642 module will be called qcom-rng. If unsure, say N.
644 config CRYPTO_DEV_VMX
645 bool "Support for VMX cryptographic acceleration instructions"
646 depends on PPC64 && VSX
648 Support for VMX cryptographic acceleration instructions.
650 source "drivers/crypto/vmx/Kconfig"
652 config CRYPTO_DEV_IMGTEC_HASH
653 tristate "Imagination Technologies hardware hash accelerator"
654 depends on MIPS || COMPILE_TEST
660 This driver interfaces with the Imagination Technologies
661 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
664 config CRYPTO_DEV_ROCKCHIP
665 tristate "Rockchip's Cryptographic Engine driver"
666 depends on OF && ARCH_ROCKCHIP
668 select CRYPTO_LIB_DES
673 select CRYPTO_SKCIPHER
676 This driver interfaces with the hardware crypto accelerator.
677 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
679 config CRYPTO_DEV_MEDIATEK
680 tristate "MediaTek's EIP97 Cryptographic Engine driver"
681 depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST
684 select CRYPTO_SKCIPHER
691 This driver allows you to utilize the hardware crypto accelerator
692 EIP97 which can be found on the MT7623 MT2701, MT8521p, etc ....
693 Select this if you want to use it for AES/SHA1/SHA2 algorithms.
695 source "drivers/crypto/chelsio/Kconfig"
697 source "drivers/crypto/virtio/Kconfig"
699 config CRYPTO_DEV_BCM_SPU
700 tristate "Broadcom symmetric crypto/hash acceleration support"
701 depends on ARCH_BCM_IPROC
704 select CRYPTO_AUTHENC
705 select CRYPTO_LIB_DES
711 This driver provides support for Broadcom crypto acceleration using the
712 Secure Processing Unit (SPU). The SPU driver registers skcipher,
713 ahash, and aead algorithms with the kernel cryptographic API.
715 source "drivers/crypto/stm32/Kconfig"
717 config CRYPTO_DEV_SAFEXCEL
718 tristate "Inside Secure's SafeXcel cryptographic engine driver"
719 depends on OF || PCI || COMPILE_TEST
720 select CRYPTO_LIB_AES
721 select CRYPTO_AUTHENC
722 select CRYPTO_SKCIPHER
723 select CRYPTO_LIB_DES
730 select CRYPTO_CHACHA20POLY1305
733 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
734 engines designed by Inside Secure. It currently accelerates DES, 3DES and
735 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
736 SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
737 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
739 config CRYPTO_DEV_ARTPEC6
740 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
741 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
746 select CRYPTO_SKCIPHER
753 Enables the driver for the on-chip crypto accelerator
756 To compile this driver as a module, choose M here.
758 config CRYPTO_DEV_CCREE
759 tristate "Support for ARM TrustZone CryptoCell family of security processors"
760 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
763 select CRYPTO_SKCIPHER
764 select CRYPTO_LIB_DES
766 select CRYPTO_AUTHENC
780 Say 'Y' to enable a driver for the REE interface of the Arm
781 TrustZone CryptoCell family of processors. Currently the
782 CryptoCell 713, 703, 712, 710 and 630 are supported.
783 Choose this if you wish to use hardware acceleration of
784 cryptographic operations on the system REE.
787 source "drivers/crypto/hisilicon/Kconfig"
789 source "drivers/crypto/amlogic/Kconfig"