1 # SPDX-License-Identifier: GPL-2.0-only
4 bool "Hardware crypto devices"
7 Say Y here to get to see options for hardware crypto devices and
8 processors. This option alone does not add any kernel code.
10 If you say N, all options in this submenu will be skipped and disabled.
14 source "drivers/crypto/allwinner/Kconfig"
16 config CRYPTO_DEV_PADLOCK
17 tristate "Support for VIA PadLock ACE"
18 depends on X86 && !UML
20 Some VIA processors come with an integrated crypto engine
21 (so called VIA PadLock ACE, Advanced Cryptography Engine)
22 that provides instructions for very fast cryptographic
23 operations with supported algorithms.
25 The instructions are used only when the CPU supports them.
26 Otherwise software encryption is used.
28 config CRYPTO_DEV_PADLOCK_AES
29 tristate "PadLock driver for AES algorithm"
30 depends on CRYPTO_DEV_PADLOCK
31 select CRYPTO_SKCIPHER
34 Use VIA PadLock for AES algorithm.
36 Available in VIA C3 and newer CPUs.
38 If unsure say M. The compiled module will be
41 config CRYPTO_DEV_PADLOCK_SHA
42 tristate "PadLock driver for SHA1 and SHA256 algorithms"
43 depends on CRYPTO_DEV_PADLOCK
48 Use VIA PadLock for SHA1/SHA256 algorithms.
50 Available in VIA C7 and newer processors.
52 If unsure say M. The compiled module will be
55 config CRYPTO_DEV_GEODE
56 tristate "Support for the Geode LX AES engine"
57 depends on X86_32 && PCI
59 select CRYPTO_SKCIPHER
61 Say 'Y' here to use the AMD Geode LX processor on-board AES
62 engine for the CryptoAPI AES algorithm.
64 To compile this driver as a module, choose M here: the module
65 will be called geode-aes.
68 tristate "Support for s390 cryptographic adapters"
72 Select this option if you want to enable support for
73 s390 cryptographic adapters like:
74 + PCI-X Cryptographic Coprocessor (PCIXCC)
75 + Crypto Express 2,3,4 or 5 Coprocessor (CEXxC)
76 + Crypto Express 2,3,4 or 5 Accelerator (CEXxA)
77 + Crypto Express 4 or 5 EP11 Coprocessor (CEXxP)
79 config ZCRYPT_MULTIDEVNODES
80 bool "Support for multiple zcrypt device nodes"
85 With this option enabled the zcrypt device driver can
86 provide multiple devices nodes in /dev. Each device
87 node can get customized to limit access and narrow
88 down the use of the available crypto hardware.
91 tristate "Kernel API for protected key handling"
95 With this option enabled the pkey kernel module provides an API
96 for creation and handling of protected keys. Other parts of the
97 kernel or userspace applications may use these functions.
99 Select this option if you want to enable the kernel and userspace
100 API for proteced key handling.
102 Please note that creation of protected keys from secure keys
103 requires to have at least one CEX card in coprocessor mode
104 available at runtime.
106 config CRYPTO_PAES_S390
107 tristate "PAES cipher algorithms"
112 select CRYPTO_SKCIPHER
114 This is the s390 hardware accelerated implementation of the
115 AES cipher algorithms for use with protected key.
117 Select this option if you want to use the paes cipher
118 for example to use protected key encrypted devices.
120 config CRYPTO_SHA1_S390
121 tristate "SHA1 digest algorithm"
125 This is the s390 hardware accelerated implementation of the
126 SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
128 It is available as of z990.
130 config CRYPTO_SHA256_S390
131 tristate "SHA256 digest algorithm"
135 This is the s390 hardware accelerated implementation of the
136 SHA256 secure hash standard (DFIPS 180-2).
138 It is available as of z9.
140 config CRYPTO_SHA512_S390
141 tristate "SHA384 and SHA512 digest algorithm"
145 This is the s390 hardware accelerated implementation of the
146 SHA512 secure hash standard.
148 It is available as of z10.
150 config CRYPTO_SHA3_256_S390
151 tristate "SHA3_224 and SHA3_256 digest algorithm"
155 This is the s390 hardware accelerated implementation of the
156 SHA3_256 secure hash standard.
158 It is available as of z14.
160 config CRYPTO_SHA3_512_S390
161 tristate "SHA3_384 and SHA3_512 digest algorithm"
165 This is the s390 hardware accelerated implementation of the
166 SHA3_512 secure hash standard.
168 It is available as of z14.
170 config CRYPTO_DES_S390
171 tristate "DES and Triple DES cipher algorithms"
174 select CRYPTO_SKCIPHER
175 select CRYPTO_LIB_DES
177 This is the s390 hardware accelerated implementation of the
178 DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
180 As of z990 the ECB and CBC mode are hardware accelerated.
181 As of z196 the CTR mode is hardware accelerated.
183 config CRYPTO_AES_S390
184 tristate "AES cipher algorithms"
187 select CRYPTO_SKCIPHER
189 This is the s390 hardware accelerated implementation of the
190 AES cipher algorithms (FIPS-197).
192 As of z9 the ECB and CBC modes are hardware accelerated
194 As of z10 the ECB and CBC modes are hardware accelerated
195 for all AES key sizes.
196 As of z196 the CTR mode is hardware accelerated for all AES
197 key sizes and XTS mode is hardware accelerated for 256 and
201 tristate "Pseudo random number generator device driver"
205 Select this option if you want to use the s390 pseudo random number
206 generator. The PRNG is part of the cryptographic processor functions
207 and uses triple-DES to generate secure random numbers like the
208 ANSI X9.17 standard. User-space programs access the
209 pseudo-random-number device through the char device /dev/prandom.
211 It is available as of z9.
213 config CRYPTO_GHASH_S390
214 tristate "GHASH hash function"
218 This is the s390 hardware accelerated implementation of GHASH,
219 the hash function used in GCM (Galois/Counter mode).
221 It is available as of z196.
223 config CRYPTO_CRC32_S390
224 tristate "CRC-32 algorithms"
229 Select this option if you want to use hardware accelerated
230 implementations of CRC algorithms. With this option, you
231 can optimize the computation of CRC-32 (IEEE 802.3 Ethernet)
232 and CRC-32C (Castagnoli).
234 It is available with IBM z13 or later.
236 config CRYPTO_DEV_MARVELL_CESA
237 tristate "Marvell's Cryptographic Engine driver"
238 depends on PLAT_ORION || ARCH_MVEBU
239 select CRYPTO_LIB_AES
240 select CRYPTO_LIB_DES
241 select CRYPTO_SKCIPHER
245 This driver allows you to utilize the Cryptographic Engines and
246 Security Accelerator (CESA) which can be found on MVEBU and ORION
248 This driver supports CPU offload through DMA transfers.
250 config CRYPTO_DEV_NIAGARA2
251 tristate "Niagara2 Stream Processing Unit driver"
252 select CRYPTO_LIB_DES
253 select CRYPTO_SKCIPHER
260 Each core of a Niagara2 processor contains a Stream
261 Processing Unit, which itself contains several cryptographic
262 sub-units. One set provides the Modular Arithmetic Unit,
263 used for SSL offload. The other set provides the Cipher
264 Group, which can perform encryption, decryption, hashing,
265 checksumming, and raw copies.
267 config CRYPTO_DEV_HIFN_795X
268 tristate "Driver HIFN 795x crypto accelerator chips"
269 select CRYPTO_LIB_DES
270 select CRYPTO_SKCIPHER
271 select HW_RANDOM if CRYPTO_DEV_HIFN_795X_RNG
273 depends on !ARCH_DMA_ADDR_T_64BIT
275 This option allows you to have support for HIFN 795x crypto adapters.
277 config CRYPTO_DEV_HIFN_795X_RNG
278 bool "HIFN 795x random number generator"
279 depends on CRYPTO_DEV_HIFN_795X
281 Select this option if you want to enable the random number generator
282 on the HIFN 795x crypto adapters.
284 source "drivers/crypto/caam/Kconfig"
286 config CRYPTO_DEV_TALITOS
287 tristate "Talitos Freescale Security Engine (SEC)"
289 select CRYPTO_AUTHENC
290 select CRYPTO_SKCIPHER
295 Say 'Y' here to use the Freescale Security Engine (SEC)
296 to offload cryptographic algorithm computation.
298 The Freescale SEC is present on PowerQUICC 'E' processors, such
299 as the MPC8349E and MPC8548E.
301 To compile this driver as a module, choose M here: the module
302 will be called talitos.
304 config CRYPTO_DEV_TALITOS1
305 bool "SEC1 (SEC 1.0 and SEC Lite 1.2)"
306 depends on CRYPTO_DEV_TALITOS
307 depends on PPC_8xx || PPC_82xx
310 Say 'Y' here to use the Freescale Security Engine (SEC) version 1.0
311 found on MPC82xx or the Freescale Security Engine (SEC Lite)
312 version 1.2 found on MPC8xx
314 config CRYPTO_DEV_TALITOS2
315 bool "SEC2+ (SEC version 2.0 or upper)"
316 depends on CRYPTO_DEV_TALITOS
317 default y if !PPC_8xx
319 Say 'Y' here to use the Freescale Security Engine (SEC)
320 version 2 and following as found on MPC83xx, MPC85xx, etc ...
322 config CRYPTO_DEV_IXP4XX
323 tristate "Driver for IXP4xx crypto hardware acceleration"
324 depends on ARCH_IXP4XX && IXP4XX_QMGR && IXP4XX_NPE
325 select CRYPTO_LIB_DES
327 select CRYPTO_AUTHENC
328 select CRYPTO_SKCIPHER
330 Driver for the IXP4xx NPE crypto engine.
332 config CRYPTO_DEV_PPC4XX
333 tristate "Driver AMCC PPC4xx crypto accelerator"
334 depends on PPC && 4xx
338 select CRYPTO_LIB_AES
342 select CRYPTO_SKCIPHER
344 This option allows you to have support for AMCC crypto acceleration.
346 config HW_RANDOM_PPC4XX
347 bool "PowerPC 4xx generic true random number generator support"
348 depends on CRYPTO_DEV_PPC4XX && HW_RANDOM
351 This option provides the kernel-side support for the TRNG hardware
352 found in the security function of some PowerPC 4xx SoCs.
354 config CRYPTO_DEV_OMAP
355 tristate "Support for OMAP crypto HW accelerators"
356 depends on ARCH_OMAP2PLUS
358 OMAP processors have various crypto HW accelerators. Select this if
359 you want to use the OMAP modules for any of the crypto algorithms.
363 config CRYPTO_DEV_OMAP_SHAM
364 tristate "Support for OMAP MD5/SHA1/SHA2 hw accelerator"
365 depends on ARCH_OMAP2PLUS
372 OMAP processors have MD5/SHA1/SHA2 hw accelerator. Select this if you
373 want to use the OMAP module for MD5/SHA1/SHA2 algorithms.
375 config CRYPTO_DEV_OMAP_AES
376 tristate "Support for OMAP AES hw engine"
377 depends on ARCH_OMAP2 || ARCH_OMAP3 || ARCH_OMAP2PLUS
379 select CRYPTO_SKCIPHER
386 OMAP processors have AES module accelerator. Select this if you
387 want to use the OMAP module for AES algorithms.
389 config CRYPTO_DEV_OMAP_DES
390 tristate "Support for OMAP DES/3DES hw engine"
391 depends on ARCH_OMAP2PLUS
392 select CRYPTO_LIB_DES
393 select CRYPTO_SKCIPHER
396 OMAP processors have DES/3DES module accelerator. Select this if you
397 want to use the OMAP module for DES and 3DES algorithms. Currently
398 the ECB and CBC modes of operation are supported by the driver. Also
399 accesses made on unaligned boundaries are supported.
401 endif # CRYPTO_DEV_OMAP
403 config CRYPTO_DEV_PICOXCELL
404 tristate "Support for picoXcell IPSEC and Layer2 crypto engines"
405 depends on (ARCH_PICOXCELL || COMPILE_TEST) && HAVE_CLK
408 select CRYPTO_AUTHENC
409 select CRYPTO_SKCIPHER
410 select CRYPTO_LIB_DES
415 This option enables support for the hardware offload engines in the
416 Picochip picoXcell SoC devices. Select this for IPSEC ESP offload
417 and for 3gpp Layer 2 ciphering support.
419 Saying m here will build a module named picoxcell_crypto.
421 config CRYPTO_DEV_SAHARA
422 tristate "Support for SAHARA crypto accelerator"
423 depends on ARCH_MXC && OF
424 select CRYPTO_SKCIPHER
428 This option enables support for the SAHARA HW crypto accelerator
429 found in some Freescale i.MX chips.
431 config CRYPTO_DEV_EXYNOS_RNG
432 tristate "EXYNOS HW pseudo random number generator support"
433 depends on ARCH_EXYNOS || COMPILE_TEST
437 This driver provides kernel-side support through the
438 cryptographic API for the pseudo random number generator hardware
439 found on Exynos SoCs.
441 To compile this driver as a module, choose M here: the
442 module will be called exynos-rng.
446 config CRYPTO_DEV_S5P
447 tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
448 depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
451 select CRYPTO_SKCIPHER
453 This option allows you to have support for S5P crypto acceleration.
454 Select this to offload Samsung S5PV210 or S5PC110, Exynos from AES
455 algorithms execution.
457 config CRYPTO_DEV_EXYNOS_HASH
458 bool "Support for Samsung Exynos HASH accelerator"
459 depends on CRYPTO_DEV_S5P
460 depends on !CRYPTO_DEV_EXYNOS_RNG && CRYPTO_DEV_EXYNOS_RNG!=m
465 Select this to offload Exynos from HASH MD5/SHA1/SHA256.
466 This will select software SHA1, MD5 and SHA256 as they are
467 needed for small and zero-size messages.
468 HASH algorithms will be disabled if EXYNOS_RNG
469 is enabled due to hw conflict.
472 bool "Support for IBM PowerPC Nest (NX) cryptographic acceleration"
475 This enables support for the NX hardware cryptographic accelerator
476 coprocessor that is in IBM PowerPC P7+ or later processors. This
477 does not actually enable any drivers, it only allows you to select
478 which acceleration type (encryption and/or compression) to enable.
481 source "drivers/crypto/nx/Kconfig"
484 config CRYPTO_DEV_UX500
485 tristate "Driver for ST-Ericsson UX500 crypto hardware acceleration"
486 depends on ARCH_U8500
488 Driver for ST-Ericsson UX500 crypto engine.
491 source "drivers/crypto/ux500/Kconfig"
492 endif # if CRYPTO_DEV_UX500
494 config CRYPTO_DEV_ATMEL_AUTHENC
495 bool "Support for Atmel IPSEC/SSL hw accelerator"
496 depends on ARCH_AT91 || COMPILE_TEST
497 depends on CRYPTO_DEV_ATMEL_AES
499 Some Atmel processors can combine the AES and SHA hw accelerators
500 to enhance support of IPSEC/SSL.
501 Select this if you want to use the Atmel modules for
502 authenc(hmac(shaX),Y(cbc)) algorithms.
504 config CRYPTO_DEV_ATMEL_AES
505 tristate "Support for Atmel AES hw accelerator"
506 depends on ARCH_AT91 || COMPILE_TEST
509 select CRYPTO_SKCIPHER
510 select CRYPTO_AUTHENC if CRYPTO_DEV_ATMEL_AUTHENC
511 select CRYPTO_DEV_ATMEL_SHA if CRYPTO_DEV_ATMEL_AUTHENC
513 Some Atmel processors have AES hw accelerator.
514 Select this if you want to use the Atmel module for
517 To compile this driver as a module, choose M here: the module
518 will be called atmel-aes.
520 config CRYPTO_DEV_ATMEL_TDES
521 tristate "Support for Atmel DES/TDES hw accelerator"
522 depends on ARCH_AT91 || COMPILE_TEST
523 select CRYPTO_LIB_DES
524 select CRYPTO_SKCIPHER
526 Some Atmel processors have DES/TDES hw accelerator.
527 Select this if you want to use the Atmel module for
530 To compile this driver as a module, choose M here: the module
531 will be called atmel-tdes.
533 config CRYPTO_DEV_ATMEL_SHA
534 tristate "Support for Atmel SHA hw accelerator"
535 depends on ARCH_AT91 || COMPILE_TEST
538 Some Atmel processors have SHA1/SHA224/SHA256/SHA384/SHA512
540 Select this if you want to use the Atmel module for
541 SHA1/SHA224/SHA256/SHA384/SHA512 algorithms.
543 To compile this driver as a module, choose M here: the module
544 will be called atmel-sha.
546 config CRYPTO_DEV_ATMEL_I2C
549 config CRYPTO_DEV_ATMEL_ECC
550 tristate "Support for Microchip / Atmel ECC hw accelerator"
552 select CRYPTO_DEV_ATMEL_I2C
556 Microhip / Atmel ECC hw accelerator.
557 Select this if you want to use the Microchip / Atmel module for
560 To compile this driver as a module, choose M here: the module
561 will be called atmel-ecc.
563 config CRYPTO_DEV_ATMEL_SHA204A
564 tristate "Support for Microchip / Atmel SHA accelerator and RNG"
566 select CRYPTO_DEV_ATMEL_I2C
570 Microhip / Atmel SHA accelerator and RNG.
571 Select this if you want to use the Microchip / Atmel SHA204A
572 module as a random number generator. (Other functions of the
573 chip are currently not exposed by this driver)
575 To compile this driver as a module, choose M here: the module
576 will be called atmel-sha204a.
578 config CRYPTO_DEV_CCP
579 bool "Support for AMD Secure Processor"
580 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM
582 The AMD Secure Processor provides support for the Cryptographic Coprocessor
583 (CCP) and the Platform Security Processor (PSP) devices.
586 source "drivers/crypto/ccp/Kconfig"
589 config CRYPTO_DEV_MXS_DCP
590 tristate "Support for Freescale MXS DCP"
591 depends on (ARCH_MXS || ARCH_MXC)
596 select CRYPTO_SKCIPHER
599 The Freescale i.MX23/i.MX28 has SHA1/SHA256 and AES128 CBC/ECB
600 co-processor on the die.
602 To compile this driver as a module, choose M here: the module
603 will be called mxs-dcp.
605 source "drivers/crypto/qat/Kconfig"
606 source "drivers/crypto/cavium/cpt/Kconfig"
607 source "drivers/crypto/cavium/nitrox/Kconfig"
609 config CRYPTO_DEV_CAVIUM_ZIP
610 tristate "Cavium ZIP driver"
611 depends on PCI && 64BIT && (ARM64 || COMPILE_TEST)
613 Select this option if you want to enable compression/decompression
614 acceleration on Cavium's ARM based SoCs
616 config CRYPTO_DEV_QCE
617 tristate "Qualcomm crypto engine accelerator"
618 depends on ARCH_QCOM || COMPILE_TEST
621 select CRYPTO_LIB_DES
626 select CRYPTO_SKCIPHER
628 This driver supports Qualcomm crypto engine accelerator
629 hardware. To compile this driver as a module, choose M here. The
630 module will be called qcrypto.
632 config CRYPTO_DEV_QCOM_RNG
633 tristate "Qualcomm Random Number Generator Driver"
634 depends on ARCH_QCOM || COMPILE_TEST
637 This driver provides support for the Random Number
638 Generator hardware found on Qualcomm SoCs.
640 To compile this driver as a module, choose M here. The
641 module will be called qcom-rng. If unsure, say N.
643 config CRYPTO_DEV_VMX
644 bool "Support for VMX cryptographic acceleration instructions"
645 depends on PPC64 && VSX
647 Support for VMX cryptographic acceleration instructions.
649 source "drivers/crypto/vmx/Kconfig"
651 config CRYPTO_DEV_IMGTEC_HASH
652 tristate "Imagination Technologies hardware hash accelerator"
653 depends on MIPS || COMPILE_TEST
659 This driver interfaces with the Imagination Technologies
660 hardware hash accelerator. Supporting MD5/SHA1/SHA224/SHA256
663 config CRYPTO_DEV_ROCKCHIP
664 tristate "Rockchip's Cryptographic Engine driver"
665 depends on OF && ARCH_ROCKCHIP
667 select CRYPTO_LIB_DES
672 select CRYPTO_SKCIPHER
675 This driver interfaces with the hardware crypto accelerator.
676 Supporting cbc/ecb chainmode, and aes/des/des3_ede cipher mode.
678 config CRYPTO_DEV_MEDIATEK
679 tristate "MediaTek's EIP97 Cryptographic Engine driver"
680 depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST
683 select CRYPTO_SKCIPHER
690 This driver allows you to utilize the hardware crypto accelerator
691 EIP97 which can be found on the MT7623 MT2701, MT8521p, etc ....
692 Select this if you want to use it for AES/SHA1/SHA2 algorithms.
694 source "drivers/crypto/chelsio/Kconfig"
696 source "drivers/crypto/virtio/Kconfig"
698 config CRYPTO_DEV_BCM_SPU
699 tristate "Broadcom symmetric crypto/hash acceleration support"
700 depends on ARCH_BCM_IPROC
703 select CRYPTO_AUTHENC
704 select CRYPTO_LIB_DES
710 This driver provides support for Broadcom crypto acceleration using the
711 Secure Processing Unit (SPU). The SPU driver registers skcipher,
712 ahash, and aead algorithms with the kernel cryptographic API.
714 source "drivers/crypto/stm32/Kconfig"
716 config CRYPTO_DEV_SAFEXCEL
717 tristate "Inside Secure's SafeXcel cryptographic engine driver"
718 depends on OF || PCI || COMPILE_TEST
719 select CRYPTO_LIB_AES
720 select CRYPTO_AUTHENC
721 select CRYPTO_SKCIPHER
722 select CRYPTO_LIB_DES
729 select CRYPTO_CHACHA20POLY1305
732 This driver interfaces with the SafeXcel EIP-97 and EIP-197 cryptographic
733 engines designed by Inside Secure. It currently accelerates DES, 3DES and
734 AES block ciphers in ECB and CBC mode, as well as SHA1, SHA224, SHA256,
735 SHA384 and SHA512 hash algorithms for both basic hash and HMAC.
736 Additionally, it accelerates combined AES-CBC/HMAC-SHA AEAD operations.
738 config CRYPTO_DEV_ARTPEC6
739 tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration."
740 depends on ARM && (ARCH_ARTPEC || COMPILE_TEST)
745 select CRYPTO_SKCIPHER
752 Enables the driver for the on-chip crypto accelerator
755 To compile this driver as a module, choose M here.
757 config CRYPTO_DEV_CCREE
758 tristate "Support for ARM TrustZone CryptoCell family of security processors"
759 depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
762 select CRYPTO_SKCIPHER
763 select CRYPTO_LIB_DES
765 select CRYPTO_AUTHENC
779 Say 'Y' to enable a driver for the REE interface of the Arm
780 TrustZone CryptoCell family of processors. Currently the
781 CryptoCell 713, 703, 712, 710 and 630 are supported.
782 Choose this if you wish to use hardware acceleration of
783 cryptographic operations on the system REE.
786 source "drivers/crypto/hisilicon/Kconfig"
788 source "drivers/crypto/amlogic/Kconfig"