Even if FS encryption has strict functional dependencies on various crypto algorithms and chaining modes. those dependencies could potentially be satisified by other implementations than the generic ones, and no link time dependency exists on the 'depends on' claused defined by CONFIG_FS_ENCRYPTION_ALGS. So let's relax these clauses to 'imply', so that the default behavior is still to pull in those generic algorithms, but in a way that permits them to be disabled again in Kconfig. Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> --- fs/crypto/Kconfig | 23 ++++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/fs/crypto/Kconfig b/fs/crypto/Kconfig index a5f5c30368a2..1e6c11de95c8 100644 --- a/fs/crypto/Kconfig +++ b/fs/crypto/Kconfig @@ -17,13 +17,22 @@ config FS_ENCRYPTION # allows the algorithms to be built as modules when all the filesystems are. config FS_ENCRYPTION_ALGS tristate - select CRYPTO_AES - select CRYPTO_CBC - select CRYPTO_CTS - select CRYPTO_ECB - select CRYPTO_HMAC - select CRYPTO_SHA512 - select CRYPTO_XTS + imply CRYPTO_AES + imply CRYPTO_CBC + imply CRYPTO_CTS + imply CRYPTO_ECB + imply CRYPTO_HMAC + imply CRYPTO_SHA512 + imply CRYPTO_XTS + help + This pulls in the generic implementations of the various + cryptographic algorithms and chaining modes that filesystem + encryption relies on. These are 'soft' dependencies only, as + architectures may supersede these generic implementations with + special, optimized ones. + + If unsure, keep the generic algorithms enabled, as they can + happily co-exist with per-architecture implementations. config FS_ENCRYPTION_INLINE_CRYPT bool "Enable fscrypt to use inline crypto" -- 2.30.2