mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
88205c5d99
These changes integrate new file encryption framework to use new V2 encryption policies.
These changes were earlier reverted in 'commit 4211691d298c ("Reverting crypto and incrementalfs changes")',
as part of android-4.14.171 merge from Android common kernel. This patch attempts to bring them back
post validation.
commit a9a5450 ANDROID: dm: prevent default-key from being enabled without needed hooks
commit e1a94e6 ANDROID: dm: add dm-default-key target for metadata encryption
commit commit 232fd35 ANDROID: dm: enable may_passthrough_inline_crypto on some targets
commit 53bc059 ANDROID: dm: add support for passing through inline crypto support
commit aeed6db ANDROID: block: Introduce passthrough keyslot manager
commit 4f27c8b ANDROID: ext4, f2fs: enable direct I/O with inline encryption
commit c91db46 BACKPORT: FROMLIST: scsi: ufs: add program_key() variant op
commit f9a8e4a ANDROID: block: export symbols needed for modules to use inline crypto
commit 75fea5f ANDROID: block: fix some inline crypto bugs
commit 2871f73 ANDROID: fscrypt: add support for hardware-wrapped keys
commit bb5a657 ANDROID: block: add KSM op to derive software secret from wrapped key
commit d42ba87 ANDROID: block: provide key size as input to inline crypto APIs
commit 86646eb ANDROID: ufshcd-crypto: export cap find API
commit 83bc20e ANDROID: scsi: ufs-qcom: Enable BROKEN_CRYPTO quirk flag
commit c266a13 ANDROID: scsi: ufs: Add quirk bit for controllers that don't play well with inline crypto
commit ea09b99 ANDROID: cuttlefish_defconfig: Enable blk-crypto fallback
commit e12563c BACKPORT: FROMLIST: Update Inline Encryption from v5 to v6 of patch series
commit 8e8f55d ANDROID: scsi: ufs: UFS init should not require inline crypto
commit dae9899 ANDROID: scsi: ufs: UFS crypto variant operations API
commit a69516d ANDROID: cuttlefish_defconfig: enable inline encryption
commit b8f7b23 BACKPORT: FROMLIST: ext4: add inline encryption support
commit e64327f BACKPORT: FROMLIST: f2fs: add inline encryption support
commit a0dc8da BACKPORT: FROMLIST: fscrypt: add inline encryption support
commit 19c3c62 BACKPORT: FROMLIST: scsi: ufs: Add inline encryption support to UFS
commit f858a99 BACKPORT: FROMLIST: scsi: ufs: UFS crypto API
commit 011b834 BACKPORT: FROMLIST: scsi: ufs: UFS driver v2.1 spec crypto additions
commit ec0b569 BACKPORT: FROMLIST: block: blk-crypto for Inline Encryption
commit 760b328 ANDROID: block: Fix bio_crypt_should_process WARN_ON
commit 138adbb BACKPORT: FROMLIST: block: Add encryption context to struct bio
commit 66b5609 BACKPORT: FROMLIST: block: Keyslot Manager for Inline Encryption
Git-repo: https://android.googlesource.com/kernel/common/+/refs/heads/android-4.14-stable
Git-commit: a9a545067a93d9821f965989b8eaea6fba7d27f7
Git-commit: e1a94e6b17e2610b56c5740b763df7858dad40f0
Git-commit: 232fd353e45d13576d507a011b5dac17e3c320ab
Git-commit: 53bc059bc6d98631e8936ab9eeb7ac780c9ab2c3
Git-commit: aeed6db424b22148964d9788d4f9abac6e6cd7d8
Git-commit: 4f27c8b90bd223e967c98dc658961e67b9b864ae
Git-commit: c91db466b51479ae761becc233d79c50ca3748a5
Git-commit: f9a8e4a5c5455a6bada70ed6d2f0af8900a872cb
Git-commit: 75fea5f6057df78af1655f2f79a9c66a94bc838f
Git-commit: 2871f731940165ed4042001a36bbe7d58f9d983b
Git-commit: bb5a65771a206ae39086af1a9e78afeaf654cf03
Git-commit: d42ba87e29ab44aac446b5434298d1369c44fe3c
Git-commit: 86646ebb1742a663c4c9c39c06d58dcb3f8f89e5
Git-commit: 83bc20ed4ba7dbf76964fd68905fde591b5de8b2
Git-commit: c266a1311e74b3ae1047a9d6abd6c6044059995c
Git-commit: ea09b9954cc40b3088b8b2778b2daab12820a7e6
Git-commit: e12563c18d484e6379d03105b4565db7bb3a7975
Git-commit: 8e8f55d1a7e865562d2e3e022a7fcf13753a9c8e
Git-commit: dae9899044f320bb119e02b45d816a493b1488ae
Git-commit: a69516d0913e7f2c9bdde17c2ea6a793bb474830
Git-commit: b8f7b236748261bec545b69b39d7fb75e519f4ed
Git-commit: e64327f5719b4a41e0de341ead7d48ed73216a23
Git-commit: a0dc8da519ccf2040af2dbbd6b4f688b50eb1755
Git-commit: 19c3c62836e5dbc9ceb620ecef0aa0c81578ed43
Git-commit: f858a9981a94a4e1d1b77b00bc05ab61b8431bce
Git-commit: 011b8344c36d39255b8057c63d98e593e364ed7f
Git-commit: ec0b569b5cc89391d9d6c90d2f76dc0a4db03e57
Git-commit: 760b3283e8056ffa6382722457c2e0cf08328629
Git-commit: 138adbbe5e4bfb6dee0571261f4d96a98f71d228
Git-commit: 66b5609826d60f80623643f1a7a1d865b5233f19
Change-Id: I171d90de41185824e0c7515f3a3b43ab88f4e058
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
626 lines
21 KiB
Plaintext
626 lines
21 KiB
Plaintext
#
|
|
# Block device driver configuration
|
|
#
|
|
|
|
menuconfig MD
|
|
bool "Multiple devices driver support (RAID and LVM)"
|
|
depends on BLOCK
|
|
select SRCU
|
|
help
|
|
Support multiple physical spindles through a single logical device.
|
|
Required for RAID and logical volume management.
|
|
|
|
if MD
|
|
|
|
config BLK_DEV_MD
|
|
tristate "RAID support"
|
|
---help---
|
|
This driver lets you combine several hard disk partitions into one
|
|
logical block device. This can be used to simply append one
|
|
partition to another one or to combine several redundant hard disks
|
|
into a RAID1/4/5 device so as to provide protection against hard
|
|
disk failures. This is called "Software RAID" since the combining of
|
|
the partitions is done by the kernel. "Hardware RAID" means that the
|
|
combining is done by a dedicated controller; if you have such a
|
|
controller, you do not need to say Y here.
|
|
|
|
More information about Software RAID on Linux is contained in the
|
|
Software RAID mini-HOWTO, available from
|
|
<http://www.tldp.org/docs.html#howto>. There you will also learn
|
|
where to get the supporting user space utilities raidtools.
|
|
|
|
If unsure, say N.
|
|
|
|
config MD_AUTODETECT
|
|
bool "Autodetect RAID arrays during kernel boot"
|
|
depends on BLK_DEV_MD=y
|
|
default y
|
|
---help---
|
|
If you say Y here, then the kernel will try to autodetect raid
|
|
arrays as part of its boot process.
|
|
|
|
If you don't use raid and say Y, this autodetection can cause
|
|
a several-second delay in the boot time due to various
|
|
synchronisation steps that are part of this step.
|
|
|
|
If unsure, say Y.
|
|
|
|
config MD_LINEAR
|
|
tristate "Linear (append) mode"
|
|
depends on BLK_DEV_MD
|
|
---help---
|
|
If you say Y here, then your multiple devices driver will be able to
|
|
use the so-called linear mode, i.e. it will combine the hard disk
|
|
partitions by simply appending one to the other.
|
|
|
|
To compile this as a module, choose M here: the module
|
|
will be called linear.
|
|
|
|
If unsure, say Y.
|
|
|
|
config MD_RAID0
|
|
tristate "RAID-0 (striping) mode"
|
|
depends on BLK_DEV_MD
|
|
---help---
|
|
If you say Y here, then your multiple devices driver will be able to
|
|
use the so-called raid0 mode, i.e. it will combine the hard disk
|
|
partitions into one logical device in such a fashion as to fill them
|
|
up evenly, one chunk here and one chunk there. This will increase
|
|
the throughput rate if the partitions reside on distinct disks.
|
|
|
|
Information about Software RAID on Linux is contained in the
|
|
Software-RAID mini-HOWTO, available from
|
|
<http://www.tldp.org/docs.html#howto>. There you will also
|
|
learn where to get the supporting user space utilities raidtools.
|
|
|
|
To compile this as a module, choose M here: the module
|
|
will be called raid0.
|
|
|
|
If unsure, say Y.
|
|
|
|
config MD_RAID1
|
|
tristate "RAID-1 (mirroring) mode"
|
|
depends on BLK_DEV_MD
|
|
---help---
|
|
A RAID-1 set consists of several disk drives which are exact copies
|
|
of each other. In the event of a mirror failure, the RAID driver
|
|
will continue to use the operational mirrors in the set, providing
|
|
an error free MD (multiple device) to the higher levels of the
|
|
kernel. In a set with N drives, the available space is the capacity
|
|
of a single drive, and the set protects against a failure of (N - 1)
|
|
drives.
|
|
|
|
Information about Software RAID on Linux is contained in the
|
|
Software-RAID mini-HOWTO, available from
|
|
<http://www.tldp.org/docs.html#howto>. There you will also
|
|
learn where to get the supporting user space utilities raidtools.
|
|
|
|
If you want to use such a RAID-1 set, say Y. To compile this code
|
|
as a module, choose M here: the module will be called raid1.
|
|
|
|
If unsure, say Y.
|
|
|
|
config MD_RAID10
|
|
tristate "RAID-10 (mirrored striping) mode"
|
|
depends on BLK_DEV_MD
|
|
---help---
|
|
RAID-10 provides a combination of striping (RAID-0) and
|
|
mirroring (RAID-1) with easier configuration and more flexible
|
|
layout.
|
|
Unlike RAID-0, but like RAID-1, RAID-10 requires all devices to
|
|
be the same size (or at least, only as much as the smallest device
|
|
will be used).
|
|
RAID-10 provides a variety of layouts that provide different levels
|
|
of redundancy and performance.
|
|
|
|
RAID-10 requires mdadm-1.7.0 or later, available at:
|
|
|
|
https://www.kernel.org/pub/linux/utils/raid/mdadm/
|
|
|
|
If unsure, say Y.
|
|
|
|
config MD_RAID456
|
|
tristate "RAID-4/RAID-5/RAID-6 mode"
|
|
depends on BLK_DEV_MD
|
|
select RAID6_PQ
|
|
select LIBCRC32C
|
|
select ASYNC_MEMCPY
|
|
select ASYNC_XOR
|
|
select ASYNC_PQ
|
|
select ASYNC_RAID6_RECOV
|
|
---help---
|
|
A RAID-5 set of N drives with a capacity of C MB per drive provides
|
|
the capacity of C * (N - 1) MB, and protects against a failure
|
|
of a single drive. For a given sector (row) number, (N - 1) drives
|
|
contain data sectors, and one drive contains the parity protection.
|
|
For a RAID-4 set, the parity blocks are present on a single drive,
|
|
while a RAID-5 set distributes the parity across the drives in one
|
|
of the available parity distribution methods.
|
|
|
|
A RAID-6 set of N drives with a capacity of C MB per drive
|
|
provides the capacity of C * (N - 2) MB, and protects
|
|
against a failure of any two drives. For a given sector
|
|
(row) number, (N - 2) drives contain data sectors, and two
|
|
drives contains two independent redundancy syndromes. Like
|
|
RAID-5, RAID-6 distributes the syndromes across the drives
|
|
in one of the available parity distribution methods.
|
|
|
|
Information about Software RAID on Linux is contained in the
|
|
Software-RAID mini-HOWTO, available from
|
|
<http://www.tldp.org/docs.html#howto>. There you will also
|
|
learn where to get the supporting user space utilities raidtools.
|
|
|
|
If you want to use such a RAID-4/RAID-5/RAID-6 set, say Y. To
|
|
compile this code as a module, choose M here: the module
|
|
will be called raid456.
|
|
|
|
If unsure, say Y.
|
|
|
|
config MD_MULTIPATH
|
|
tristate "Multipath I/O support"
|
|
depends on BLK_DEV_MD
|
|
help
|
|
MD_MULTIPATH provides a simple multi-path personality for use
|
|
the MD framework. It is not under active development. New
|
|
projects should consider using DM_MULTIPATH which has more
|
|
features and more testing.
|
|
|
|
If unsure, say N.
|
|
|
|
config MD_FAULTY
|
|
tristate "Faulty test module for MD"
|
|
depends on BLK_DEV_MD
|
|
help
|
|
The "faulty" module allows for a block device that occasionally returns
|
|
read or write errors. It is useful for testing.
|
|
|
|
In unsure, say N.
|
|
|
|
|
|
config MD_CLUSTER
|
|
tristate "Cluster Support for MD (EXPERIMENTAL)"
|
|
depends on BLK_DEV_MD
|
|
depends on DLM
|
|
default n
|
|
---help---
|
|
Clustering support for MD devices. This enables locking and
|
|
synchronization across multiple systems on the cluster, so all
|
|
nodes in the cluster can access the MD devices simultaneously.
|
|
|
|
This brings the redundancy (and uptime) of RAID levels across the
|
|
nodes of the cluster.
|
|
|
|
If unsure, say N.
|
|
|
|
source "drivers/md/bcache/Kconfig"
|
|
|
|
config BLK_DEV_DM_BUILTIN
|
|
bool
|
|
|
|
config BLK_DEV_DM
|
|
tristate "Device mapper support"
|
|
select BLK_DEV_DM_BUILTIN
|
|
select DAX
|
|
---help---
|
|
Device-mapper is a low level volume manager. It works by allowing
|
|
people to specify mappings for ranges of logical sectors. Various
|
|
mapping types are available, in addition people may write their own
|
|
modules containing custom mappings if they wish.
|
|
|
|
Higher level volume managers such as LVM2 use this driver.
|
|
|
|
To compile this as a module, choose M here: the module will be
|
|
called dm-mod.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_MQ_DEFAULT
|
|
bool "request-based DM: use blk-mq I/O path by default"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
This option enables the blk-mq based I/O path for request-based
|
|
DM devices by default. With the option the dm_mod.use_blk_mq
|
|
module/boot option defaults to Y, without it to N, but it can
|
|
still be overriden either way.
|
|
|
|
If unsure say N.
|
|
|
|
config DM_DEBUG
|
|
bool "Device mapper debugging support"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
Enable this for messages that may help debug device-mapper problems.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_BUFIO
|
|
tristate
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
This interface allows you to do buffered I/O on a device and acts
|
|
as a cache, holding recently-read blocks in memory and performing
|
|
delayed writes.
|
|
|
|
config DM_DEBUG_BLOCK_MANAGER_LOCKING
|
|
bool "Block manager locking"
|
|
depends on DM_BUFIO
|
|
---help---
|
|
Block manager locking can catch various metadata corruption issues.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_DEBUG_BLOCK_STACK_TRACING
|
|
bool "Keep stack trace of persistent data block lock holders"
|
|
depends on STACKTRACE_SUPPORT && DM_DEBUG_BLOCK_MANAGER_LOCKING
|
|
select STACKTRACE
|
|
---help---
|
|
Enable this for messages that may help debug problems with the
|
|
block manager locking used by thin provisioning and caching.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_BIO_PRISON
|
|
tristate
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
Some bio locking schemes used by other device-mapper targets
|
|
including thin provisioning.
|
|
|
|
source "drivers/md/persistent-data/Kconfig"
|
|
|
|
config DM_CRYPT
|
|
tristate "Crypt target support"
|
|
depends on BLK_DEV_DM
|
|
select CRYPTO
|
|
select CRYPTO_CBC
|
|
---help---
|
|
This device-mapper target allows you to create a device that
|
|
transparently encrypts the data on it. You'll need to activate
|
|
the ciphers you're going to use in the cryptoapi configuration.
|
|
|
|
For further information on dm-crypt and userspace tools see:
|
|
<https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt>
|
|
|
|
To compile this code as a module, choose M here: the module will
|
|
be called dm-crypt.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_DEFAULT_KEY
|
|
tristate "Default-key target support"
|
|
depends on BLK_DEV_DM
|
|
depends on BLK_INLINE_ENCRYPTION
|
|
# dm-default-key doesn't require -o inlinecrypt, but it does currently
|
|
# rely on the inline encryption hooks being built into the kernel.
|
|
depends on FS_ENCRYPTION_INLINE_CRYPT
|
|
help
|
|
This device-mapper target allows you to create a device that
|
|
assigns a default encryption key to bios that aren't for the
|
|
contents of an encrypted file.
|
|
|
|
This ensures that all blocks on-disk will be encrypted with
|
|
some key, without the performance hit of file contents being
|
|
encrypted twice when fscrypt (File-Based Encryption) is used.
|
|
|
|
It is only appropriate to use dm-default-key when key
|
|
configuration is tightly controlled, like it is in Android,
|
|
such that all fscrypt keys are at least as hard to compromise
|
|
as the default key.
|
|
|
|
config DM_SNAPSHOT
|
|
tristate "Snapshot target"
|
|
depends on BLK_DEV_DM
|
|
select DM_BUFIO
|
|
---help---
|
|
Allow volume managers to take writable snapshots of a device.
|
|
|
|
config DM_THIN_PROVISIONING
|
|
tristate "Thin provisioning target"
|
|
depends on BLK_DEV_DM
|
|
select DM_PERSISTENT_DATA
|
|
select DM_BIO_PRISON
|
|
---help---
|
|
Provides thin provisioning and snapshots that share a data store.
|
|
|
|
config DM_CACHE
|
|
tristate "Cache target (EXPERIMENTAL)"
|
|
depends on BLK_DEV_DM
|
|
default n
|
|
select DM_PERSISTENT_DATA
|
|
select DM_BIO_PRISON
|
|
---help---
|
|
dm-cache attempts to improve performance of a block device by
|
|
moving frequently used data to a smaller, higher performance
|
|
device. Different 'policy' plugins can be used to change the
|
|
algorithms used to select which blocks are promoted, demoted,
|
|
cleaned etc. It supports writeback and writethrough modes.
|
|
|
|
config DM_CACHE_SMQ
|
|
tristate "Stochastic MQ Cache Policy (EXPERIMENTAL)"
|
|
depends on DM_CACHE
|
|
default y
|
|
---help---
|
|
A cache policy that uses a multiqueue ordered by recent hits
|
|
to select which blocks should be promoted and demoted.
|
|
This is meant to be a general purpose policy. It prioritises
|
|
reads over writes. This SMQ policy (vs MQ) offers the promise
|
|
of less memory utilization, improved performance and increased
|
|
adaptability in the face of changing workloads.
|
|
|
|
config DM_ERA
|
|
tristate "Era target (EXPERIMENTAL)"
|
|
depends on BLK_DEV_DM
|
|
default n
|
|
select DM_PERSISTENT_DATA
|
|
select DM_BIO_PRISON
|
|
---help---
|
|
dm-era tracks which parts of a block device are written to
|
|
over time. Useful for maintaining cache coherency when using
|
|
vendor snapshots.
|
|
|
|
config DM_MIRROR
|
|
tristate "Mirror target"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
Allow volume managers to mirror logical volumes, also
|
|
needed for live data migration tools such as 'pvmove'.
|
|
|
|
config DM_LOG_USERSPACE
|
|
tristate "Mirror userspace logging"
|
|
depends on DM_MIRROR && NET
|
|
select CONNECTOR
|
|
---help---
|
|
The userspace logging module provides a mechanism for
|
|
relaying the dm-dirty-log API to userspace. Log designs
|
|
which are more suited to userspace implementation (e.g.
|
|
shared storage logs) or experimental logs can be implemented
|
|
by leveraging this framework.
|
|
|
|
config DM_RAID
|
|
tristate "RAID 1/4/5/6/10 target"
|
|
depends on BLK_DEV_DM
|
|
select MD_RAID0
|
|
select MD_RAID1
|
|
select MD_RAID10
|
|
select MD_RAID456
|
|
select BLK_DEV_MD
|
|
---help---
|
|
A dm target that supports RAID1, RAID10, RAID4, RAID5 and RAID6 mappings
|
|
|
|
A RAID-5 set of N drives with a capacity of C MB per drive provides
|
|
the capacity of C * (N - 1) MB, and protects against a failure
|
|
of a single drive. For a given sector (row) number, (N - 1) drives
|
|
contain data sectors, and one drive contains the parity protection.
|
|
For a RAID-4 set, the parity blocks are present on a single drive,
|
|
while a RAID-5 set distributes the parity across the drives in one
|
|
of the available parity distribution methods.
|
|
|
|
A RAID-6 set of N drives with a capacity of C MB per drive
|
|
provides the capacity of C * (N - 2) MB, and protects
|
|
against a failure of any two drives. For a given sector
|
|
(row) number, (N - 2) drives contain data sectors, and two
|
|
drives contains two independent redundancy syndromes. Like
|
|
RAID-5, RAID-6 distributes the syndromes across the drives
|
|
in one of the available parity distribution methods.
|
|
|
|
config DM_ZERO
|
|
tristate "Zero target"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
A target that discards writes, and returns all zeroes for
|
|
reads. Useful in some recovery situations.
|
|
|
|
config DM_MULTIPATH
|
|
tristate "Multipath target"
|
|
depends on BLK_DEV_DM
|
|
# nasty syntax but means make DM_MULTIPATH independent
|
|
# of SCSI_DH if the latter isn't defined but if
|
|
# it is, DM_MULTIPATH must depend on it. We get a build
|
|
# error if SCSI_DH=m and DM_MULTIPATH=y
|
|
depends on !SCSI_DH || SCSI
|
|
---help---
|
|
Allow volume managers to support multipath hardware.
|
|
|
|
config DM_MULTIPATH_QL
|
|
tristate "I/O Path Selector based on the number of in-flight I/Os"
|
|
depends on DM_MULTIPATH
|
|
---help---
|
|
This path selector is a dynamic load balancer which selects
|
|
the path with the least number of in-flight I/Os.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_MULTIPATH_ST
|
|
tristate "I/O Path Selector based on the service time"
|
|
depends on DM_MULTIPATH
|
|
---help---
|
|
This path selector is a dynamic load balancer which selects
|
|
the path expected to complete the incoming I/O in the shortest
|
|
time.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_DELAY
|
|
tristate "I/O delaying target"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
A target that delays reads and/or writes and can send
|
|
them to different devices. Useful for testing.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_UEVENT
|
|
bool "DM uevents"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
Generate udev events for DM events.
|
|
|
|
config DM_FLAKEY
|
|
tristate "Flakey target"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
A target that intermittently fails I/O for debugging purposes.
|
|
|
|
config DM_VERITY
|
|
tristate "Verity target support"
|
|
depends on BLK_DEV_DM
|
|
select CRYPTO
|
|
select CRYPTO_HASH
|
|
select DM_BUFIO
|
|
---help---
|
|
This device-mapper target creates a read-only device that
|
|
transparently validates the data on one underlying device against
|
|
a pre-generated tree of cryptographic checksums stored on a second
|
|
device.
|
|
|
|
You'll need to activate the digests you're going to use in the
|
|
cryptoapi configuration.
|
|
|
|
To compile this code as a module, choose M here: the module will
|
|
be called dm-verity.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_VERITY_FEC
|
|
bool "Verity forward error correction support"
|
|
depends on DM_VERITY
|
|
select REED_SOLOMON
|
|
select REED_SOLOMON_DEC8
|
|
---help---
|
|
Add forward error correction support to dm-verity. This option
|
|
makes it possible to use pre-generated error correction data to
|
|
recover from corrupted blocks.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_SWITCH
|
|
tristate "Switch target support (EXPERIMENTAL)"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
This device-mapper target creates a device that supports an arbitrary
|
|
mapping of fixed-size regions of I/O across a fixed set of paths.
|
|
The path used for any specific region can be switched dynamically
|
|
by sending the target a message.
|
|
|
|
To compile this code as a module, choose M here: the module will
|
|
be called dm-switch.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_LOG_WRITES
|
|
tristate "Log writes target support"
|
|
depends on BLK_DEV_DM
|
|
---help---
|
|
This device-mapper target takes two devices, one device to use
|
|
normally, one to log all write operations done to the first device.
|
|
This is for use by file system developers wishing to verify that
|
|
their fs is writing a consistent file system at all times by allowing
|
|
them to replay the log in a variety of ways and to check the
|
|
contents.
|
|
|
|
To compile this code as a module, choose M here: the module will
|
|
be called dm-log-writes.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_INTEGRITY
|
|
tristate "Integrity target support"
|
|
depends on BLK_DEV_DM
|
|
select BLK_DEV_INTEGRITY
|
|
select DM_BUFIO
|
|
select CRYPTO
|
|
select ASYNC_XOR
|
|
---help---
|
|
This device-mapper target emulates a block device that has
|
|
additional per-sector tags that can be used for storing
|
|
integrity information.
|
|
|
|
This integrity target is used with the dm-crypt target to
|
|
provide authenticated disk encryption or it can be used
|
|
standalone.
|
|
|
|
To compile this code as a module, choose M here: the module will
|
|
be called dm-integrity.
|
|
|
|
config DM_ZONED
|
|
tristate "Drive-managed zoned block device target support"
|
|
depends on BLK_DEV_DM
|
|
depends on BLK_DEV_ZONED
|
|
---help---
|
|
This device-mapper target takes a host-managed or host-aware zoned
|
|
block device and exposes most of its capacity as a regular block
|
|
device (drive-managed zoned block device) without any write
|
|
constraints. This is mainly intended for use with file systems that
|
|
do not natively support zoned block devices but still want to
|
|
benefit from the increased capacity offered by SMR disks. Other uses
|
|
by applications using raw block devices (for example object stores)
|
|
are also possible.
|
|
|
|
To compile this code as a module, choose M here: the module will
|
|
be called dm-zoned.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_VERITY_AVB
|
|
tristate "Support AVB specific verity error behavior"
|
|
depends on DM_VERITY
|
|
---help---
|
|
Enables Android Verified Boot platform-specific error
|
|
behavior. In particular, it will modify the vbmeta partition
|
|
specified on the kernel command-line when non-transient error
|
|
occurs (followed by a panic).
|
|
|
|
config DM_ANDROID_VERITY
|
|
bool "Android verity target support"
|
|
depends on BLK_DEV_DM=y
|
|
depends on DM_VERITY=y
|
|
depends on X509_CERTIFICATE_PARSER
|
|
depends on SYSTEM_TRUSTED_KEYRING
|
|
depends on CRYPTO_RSA
|
|
depends on KEYS
|
|
depends on ASYMMETRIC_KEY_TYPE
|
|
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
depends on MD_LINEAR=y
|
|
select DM_VERITY_HASH_PREFETCH_MIN_SIZE_128
|
|
---help---
|
|
This device-mapper target is virtually a VERITY target. This
|
|
target is setup by reading the metadata contents piggybacked
|
|
to the actual data blocks in the block device. The signature
|
|
of the metadata contents are verified against the key included
|
|
in the system keyring. Upon success, the underlying verity
|
|
target is setup.
|
|
|
|
config DM_ANDROID_VERITY_AT_MOST_ONCE_DEFAULT_ENABLED
|
|
bool "Verity will validate blocks at most once"
|
|
depends on DM_VERITY
|
|
---help---
|
|
Default enables at_most_once option for dm-verity
|
|
|
|
Verify data blocks only the first time they are read from the
|
|
data device, rather than every time. This reduces the overhead
|
|
of dm-verity so that it can be used on systems that are memory
|
|
and/or CPU constrained. However, it provides a reduced level
|
|
of security because only offline tampering of the data device's
|
|
content will be detected, not online tampering.
|
|
|
|
Hash blocks are still verified each time they are read from the
|
|
hash device, since verification of hash blocks is less performance
|
|
critical than data blocks, and a hash block will not be verified
|
|
any more after all the data blocks it covers have been verified anyway.
|
|
|
|
If unsure, say N.
|
|
|
|
config DM_BOW
|
|
tristate "Backup block device"
|
|
depends on BLK_DEV_DM
|
|
select DM_BUFIO
|
|
---help---
|
|
This device-mapper target takes a device and keeps a log of all
|
|
changes using free blocks identified by issuing a trim command.
|
|
This can then be restored by running a command line utility,
|
|
or committed by simply replacing the target.
|
|
|
|
If unsure, say N.
|
|
|
|
endif # MD
|