tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux

Pull fscrypt updates from Eric Biggers:
"A fix for an issue where CONFIG_FS_ENCRYPTION could be enabled without
some of its dependencies, and a small documentation update"

* tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/linux:
fscrypt: mention init_on_free instead of page poisoning
fscrypt: drop obsolete recommendation to enable optimized ChaCha20
Revert "fscrypt: relax Kconfig dependencies for crypto API algorithms"

Linus Torvalds a86c6d0b bdab2977

+10 -18
+2 -6
Documentation/filesystems/fscrypt.rst
··· 137 137 - In general, decrypted contents and filenames in the kernel VFS 138 138 caches are freed but not wiped. Therefore, portions thereof may be 139 139 recoverable from freed memory, even after the corresponding key(s) 140 - were wiped. To partially solve this, you can set 141 - CONFIG_PAGE_POISONING=y in your kernel config and add page_poison=1 142 - to your kernel command line. However, this has a performance cost. 140 + were wiped. To partially solve this, you can add init_on_free=1 to 141 + your kernel command line. However, this has a performance cost. 143 142 144 143 - Secret keys might still exist in CPU registers, in crypto 145 144 accelerator hardware (if used by the crypto API to implement any of ··· 427 428 - Mandatory: 428 429 - CONFIG_CRYPTO_ADIANTUM 429 430 - Recommended: 430 - - arm32: CONFIG_CRYPTO_CHACHA20_NEON 431 431 - arm32: CONFIG_CRYPTO_NHPOLY1305_NEON 432 - - arm64: CONFIG_CRYPTO_CHACHA20_NEON 433 432 - arm64: CONFIG_CRYPTO_NHPOLY1305_NEON 434 - - x86: CONFIG_CRYPTO_CHACHA20_X86_64 435 433 - x86: CONFIG_CRYPTO_NHPOLY1305_SSE2 436 434 - x86: CONFIG_CRYPTO_NHPOLY1305_AVX2 437 435
+8 -12
fs/crypto/Kconfig
··· 24 24 # 25 25 # Also note that this option only pulls in the generic implementations of the 26 26 # algorithms, not any per-architecture optimized implementations. It is 27 - # strongly recommended to enable optimized implementations too. It is safe to 28 - # disable these generic implementations if corresponding optimized 29 - # implementations will always be available too; for this reason, these are soft 30 - # dependencies ('imply' rather than 'select'). Only disable these generic 31 - # implementations if you're sure they will never be needed, though. 27 + # strongly recommended to enable optimized implementations too. 32 28 config FS_ENCRYPTION_ALGS 33 29 tristate 34 - imply CRYPTO_AES 35 - imply CRYPTO_CBC 36 - imply CRYPTO_CTS 37 - imply CRYPTO_ECB 38 - imply CRYPTO_HMAC 39 - imply CRYPTO_SHA512 40 - imply CRYPTO_XTS 30 + select CRYPTO_AES 31 + select CRYPTO_CBC 32 + select CRYPTO_CTS 33 + select CRYPTO_ECB 34 + select CRYPTO_HMAC 35 + select CRYPTO_SHA512 36 + select CRYPTO_XTS 41 37 42 38 config FS_ENCRYPTION_INLINE_CRYPT 43 39 bool "Enable fscrypt to use inline crypto"