On Mon, 17 Feb 2025 at 19:53, Eric Biggers <ebigg...@kernel.org> wrote:
>
> From: Eric Biggers <ebigg...@google.com>
>
> This mostly reverts commit a0fc20333ee4bac1147c4cf75dea098c26671a2f.
> Keep the relevant parts of the comment added by that commit.
>
> The problem with that commit is that it allowed people to create broken
> configurations that enabled FS_ENCRYPTION but not the mandatory
> algorithms. An example of this can be found here:
> https://lore.kernel.org/r/1207325.1737387...@warthog.procyon.org.uk/
>
> The commit did allow people to disable specific generic algorithm
> implementations that aren't needed. But that at best allowed saving a
> bit of code. In the real world people are unlikely to intentionally and
> correctly make such a tweak anyway, as they tend to just be confused by
> what all the different crypto kconfig options mean.
>
> Of course we really need the crypto API to enable the correct
> implementations automatically, but that's for a later fix.
>
> Cc: Ard Biesheuvel <a...@kernel.org>
> Cc: David Howells <dhowe...@redhat.com>
> Cc: Herbert Xu <herb...@gondor.apana.org.au>
> Signed-off-by: Eric Biggers <ebigg...@google.com>
> ---
> fs/crypto/Kconfig | 20 ++++++++------------
> 1 file changed, 8 insertions(+), 12 deletions(-)
>
Acked-by: Ard Biesheuvel <a...@kernel.org>
> diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig
> index 5aff5934baa12..332d828fe6fa5 100644
> --- a/fs/crypto/Kconfig
> +++ b/fs/crypto/Kconfig
> @@ -22,24 +22,20 @@ config FS_ENCRYPTION
> # as Adiantum encryption, then those other modes need to be explicitly
> enabled
> # in the crypto API; see Documentation/filesystems/fscrypt.rst for details.
> #
> # Also note that this option only pulls in the generic implementations of the
> # algorithms, not any per-architecture optimized implementations. It is
> -# strongly recommended to enable optimized implementations too. It is safe
> to
> -# disable these generic implementations if corresponding optimized
> -# implementations will always be available too; for this reason, these are
> soft
> -# dependencies ('imply' rather than 'select'). Only disable these generic
> -# implementations if you're sure they will never be needed, though.
> +# strongly recommended to enable optimized implementations too.
> config FS_ENCRYPTION_ALGS
> tristate
> - imply CRYPTO_AES
> - imply CRYPTO_CBC
> - imply CRYPTO_CTS
> - imply CRYPTO_ECB
> - imply CRYPTO_HMAC
> - imply CRYPTO_SHA512
> - imply CRYPTO_XTS
> + select CRYPTO_AES
> + select CRYPTO_CBC
> + select CRYPTO_CTS
> + select CRYPTO_ECB
> + select CRYPTO_HMAC
> + select CRYPTO_SHA512
> + select CRYPTO_XTS
>
> config FS_ENCRYPTION_INLINE_CRYPT
> bool "Enable fscrypt to use inline crypto"
> depends on FS_ENCRYPTION && BLK_INLINE_ENCRYPTION
> help
>
> base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319
> --
> 2.48.1
>
>
