On Fri, Apr 16, 2021 at 06:06:42PM +0200, Ard Biesheuvel wrote: > CONFIG_CRYPTO_SHA256 denotes the generic C implementation of the SHA-256 > shash algorithm, which is selected as the default crypto shash provider > for fsverity. However, fsverity has no strict link time dependency, and > the same shash could be exposed by an optimized implementation, and arm64 > has a number of those (scalar, NEON-based and one based on special crypto > instructions). In such cases, it makes little sense to require that the > generic C implementation is incorporated as well, given that it will never > be called. > > To address this, relax the 'select' clause to 'imply' so that the generic > driver can be omitted from the build if desired. > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > fs/verity/Kconfig | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/fs/verity/Kconfig b/fs/verity/Kconfig > index 88fb25119899..24d1b54de807 100644 > --- a/fs/verity/Kconfig > +++ b/fs/verity/Kconfig > @@ -3,9 +3,13 @@ > config FS_VERITY > bool "FS Verity (read-only file-based authenticity protection)" > select CRYPTO > - # SHA-256 is selected as it's intended to be the default hash algorithm. > + # SHA-256 is implied as it's intended to be the default hash algorithm. > # To avoid bloat, other wanted algorithms must be selected explicitly. > - select CRYPTO_SHA256 > + # Note that CRYPTO_SHA256 denotes the generic C implementation, but > + # some architectures provided optimized implementations of the same > + # algorithm that may be used instead. In this case, CRYPTO_SHA256 may > + # be omitted even if SHA-256 is being used. > + imply CRYPTO_SHA256 > help > This option enables fs-verity. fs-verity is the dm-verity > mechanism implemented at the file level. On supported Looks fine, Acked-by: Eric Biggers <ebiggers@xxxxxxxxxx> - Eric