On Fri, Apr 16, 2021 at 06:06:42PM +0200, Ard Biesheuvel wrote:
> CONFIG_CRYPTO_SHA256 denotes the generic C implementation of the SHA-256
> shash algorithm, which is selected as the default crypto shash provider
> for fsverity. However, fsverity has no strict link time dependency, and
> the same shash could be exposed by an optimized implementation, and arm64
> has a number of those (scalar, NEON-based and one based on special crypto
> instructions). In such cases, it makes little sense to require that the
> generic C implementation is incorporated as well, given that it will never
> be called.
> 
> To address this, relax the 'select' clause to 'imply' so that the generic
> driver can be omitted from the build if desired.
> 
> Signed-off-by: Ard Biesheuvel <a...@kernel.org>
> ---
>  fs/verity/Kconfig | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig
> index 88fb25119899..24d1b54de807 100644
> --- a/fs/verity/Kconfig
> +++ b/fs/verity/Kconfig
> @@ -3,9 +3,13 @@
>  config FS_VERITY
>       bool "FS Verity (read-only file-based authenticity protection)"
>       select CRYPTO
> -     # SHA-256 is selected as it's intended to be the default hash algorithm.
> +     # SHA-256 is implied as it's intended to be the default hash algorithm.
>       # To avoid bloat, other wanted algorithms must be selected explicitly.
> -     select CRYPTO_SHA256
> +     # Note that CRYPTO_SHA256 denotes the generic C implementation, but
> +     # some architectures provided optimized implementations of the same
> +     # algorithm that may be used instead. In this case, CRYPTO_SHA256 may
> +     # be omitted even if SHA-256 is being used.
> +     imply CRYPTO_SHA256
>       help
>         This option enables fs-verity.  fs-verity is the dm-verity
>         mechanism implemented at the file level.  On supported

Looks fine,

Acked-by: Eric Biggers <ebigg...@google.com>

- Eric

Reply via email to