[PATCH 06/10] fs crypto: add Makefile and Kconfig
From: Jaegeuk Kim
Date: Thu Feb 25 2016 - 14:27:11 EST
This patch adds a facility to enable per-file encryption.
Arnd fixes a missing CONFIG_BLOCK check in the original patch.
"The newly added generic crypto abstraction for file systems operates
on 'struct bio' objects, which do not exist when CONFIG_BLOCK is
disabled:
fs/crypto/crypto.c: In function 'fscrypt_zeroout_range':
fs/crypto/crypto.c:308:9: error: implicit declaration of function 'bio_alloc' [-Werror=implicit-function-declaration]
This adds a Kconfig dependency that prevents FS_ENCRYPTION from being
enabled without BLOCK."
Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
---
fs/Kconfig | 2 ++
fs/Makefile | 1 +
fs/crypto/Kconfig | 17 +++++++++++++++++
fs/crypto/Makefile | 2 ++
4 files changed, 22 insertions(+)
create mode 100644 fs/crypto/Kconfig
create mode 100644 fs/crypto/Makefile
diff --git a/fs/Kconfig b/fs/Kconfig
index 9adee0d..9d75767 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -84,6 +84,8 @@ config MANDATORY_FILE_LOCKING
To the best of my knowledge this is dead code that no one cares about.
+source "fs/crypto/Kconfig"
+
source "fs/notify/Kconfig"
source "fs/quota/Kconfig"
diff --git a/fs/Makefile b/fs/Makefile
index 79f5225..47571e2 100644
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -30,6 +30,7 @@ obj-$(CONFIG_EVENTFD) += eventfd.o
obj-$(CONFIG_USERFAULTFD) += userfaultfd.o
obj-$(CONFIG_AIO) += aio.o
obj-$(CONFIG_FS_DAX) += dax.o
+obj-y += crypto/
obj-$(CONFIG_FILE_LOCKING) += locks.o
obj-$(CONFIG_COMPAT) += compat.o compat_ioctl.o
obj-$(CONFIG_BINFMT_AOUT) += binfmt_aout.o
diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig
new file mode 100644
index 0000000..9bea124e
--- /dev/null
+++ b/fs/crypto/Kconfig
@@ -0,0 +1,17 @@
+config FS_ENCRYPTION
+ bool "FS Encryption (Per-file encryption)"
+ depends on BLOCK
+ select CRYPTO_AES
+ select CRYPTO_CBC
+ select CRYPTO_ECB
+ select CRYPTO_XTS
+ select CRYPTO_CTS
+ select CRYPTO_CTR
+ select CRYPTO_SHA256
+ select KEYS
+ select ENCRYPTED_KEYS
+ help
+ Enable encryption of files and directories. This
+ feature is similar to ecryptfs, but it is more memory
+ efficient since it avoids caching the encrypted and
+ decrypted pages in the page cache.
diff --git a/fs/crypto/Makefile b/fs/crypto/Makefile
new file mode 100644
index 0000000..f9f68cd
--- /dev/null
+++ b/fs/crypto/Makefile
@@ -0,0 +1,2 @@
+obj-y += fname.o
+obj-$(CONFIG_FS_ENCRYPTION) += crypto.o policy.o keyinfo.o
--
2.6.3