option('argon-implementation', type : 'combo', choices : ['none', 'internal', 'libargon2'], description : 'which implementation of Argon2 PBKDF shall be used (cryptsetup internal, external libargon2 (PHC) or disable Argon2 support)', value : 'internal')
option('asciidoc', type : 'feature', description : 'generate man pages from asciidoc', value : 'enabled')
option('blkid', type : 'boolean', description : 'use of blkid for device signature detection and wiping', value : true)
option('crypto-backend', type : 'combo', choices : ['gcrypt', 'openssl', 'nss', 'kernel', 'nettle'], description : 'crypto backend', value : 'openssl')
option('cryptsetup', type : 'boolean', description : 'cryptsetup support', value : true)
option('default-integrity-keyfile-size-maxkb', type : 'integer', description : 'maximum integritysetup keyfile size (in KiB)', value : 4)
option('default-keyfile-size-maxkb', type : 'integer', description : 'maximum keyfile size (in KiB)', value : 8192)
option('default-loopaes-cipher', type : 'string', description : 'cipher for loop-AES mode', value : 'aes')
option('default-loopaes-keybits', type : 'integer', description : 'key length in bits for loop-AES mode', value : 256)
option('default-luks1-cipher', type : 'string', description : 'cipher for LUKS1', value : 'aes')
option('default-luks1-hash', type : 'string', description : 'hash function for LUKS1 header', value : 'sha256')
option('default-luks1-iter-time', type : 'integer', description : 'PBKDF2 iteration time for LUKS1 (in ms)', value : 2000)
option('default-luks1-keybits', type : 'integer', description : 'key length in bits for LUKS1', value : 256)
option('default-luks1-mode', type : 'string', description : 'cipher mode for LUKS1', value : 'xts-plain64')
option('default-luks2-external-tokens-path', type : 'string', description : 'path to directory with LUKSv2 external token handlers (plugins)', value : 'LIBDIR/cryptsetup')
option('default-luks2-iter-time', type : 'integer', description : 'Argon2 PBKDF iteration time for LUKS2 (in ms)', value : 2000)
option('default-luks2-keyslot-cipher', type : 'string', description : 'fallback cipher for LUKS2 keyslot (if data encryption is incompatible)', value : 'aes-xts-plain64')
option('default-luks2-keyslot-keybits', type : 'integer', description : 'fallback key size for LUKS2 keyslot (if data encryption is incompatible)', value : 512)
option('default-luks2-lock-dir-perms', type : 'integer', description : 'default luks2 locking directory permissions', value : 0o700)
option('default-luks2-lock-path', type : 'string', description : 'path to directory for LUKSv2 locks', value : '/run/cryptsetup')
option('default-luks2-memory-kb', type : 'integer', description : 'Argon2 PBKDF memory cost for LUKS2 (in kB)', value : 1048576)
option('default-luks2-parallel-threads', type : 'integer', description : 'Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available)', value : 4)
option('default-luks2-pbkdf', type : 'string', description : 'Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2', value : 'argon2id')
option('default-luks-format', type : 'combo', choices : ['LUKS1', 'LUKS2'], description : 'default LUKS format version', value : 'LUKS2')
option('default-passphrase-size-max', type : 'integer', description : 'maximum passphrase size (in characters)', value : 512)
option('default-plain-cipher', type : 'string', description : 'cipher for plain mode', value : 'aes')
option('default-plain-hash', type : 'string', description : 'cipher for plain mode', value : 'sha256')
option('default-plain-keybits', type : 'integer', description : 'key length in bits for plain mode', value : 256)
option('default-plain-mode', type : 'string', description : 'cipher mode for plain mode', value : 'xts-plain64')
option('default-verity-data-block', type : 'integer', description : 'data block size for verity mode', value : 4096)
option('default-verity-fec-roots', type : 'integer', description : 'parity bytes for verity FEC', value : 2)
option('default-verity-hash-block', type : 'integer', description : 'hash block size for verity mode', value : 4096)
option('default-verity-hash', type : 'string', description : 'hash function for verity mode', value : 'sha256')
option('default-verity-salt-size', type : 'integer', description : 'salt size for verity mode', value : 32)
option('dev-random', type : 'boolean', description : 'use /dev/random by default for key generation (use /dev/urandom when set to false)', value : false)
option('enable-static', type : 'boolean', description : 'build static libraries', value : false)
option('external-tokens', type : 'boolean', description : 'external LUKS2 tokens', value : true)
option('fips', type : 'boolean', description : 'enable FIPS mode restrictions', value : false)
option('fuzzing-engine', type : 'string', description : 'specify LDFLAGS for linking with fuzzing engine (in OSS-Fuzz, LIB_FUZZING_ENGINE variable should be passed via this argument)')
option('fuzz-targets', type : 'boolean', description : 'enable building fuzz targets', value : false)
option('gcrypt-pbkdf2', type : 'feature', description : 'enable internal gcrypt PBKDF2', value : 'auto')
option('gcrypt-argon2', type : 'feature', description : 'enable internal gcrypt Argon2', value : 'auto')
option('hw-opal', type : 'boolean', description : 'support LUKS2 extension for SED OPAL HW encryption', value : true)
option('integritysetup', type : 'boolean', description : 'integritysetup Support', value : true)
option('internal-sse-argon2', type : 'boolean', description : 'use internal SSE implementation of Argon2 PBKDF', value : false)
option('kernel_crypto', type : 'boolean', description : 'kernel userspace crypto (no benchmark and tcrypt)', value : true)
option('keyring', type : 'boolean', description : 'kernel keyring support and builtin kernel keyring token', value : true)
option('luks2-reencryption', type : 'boolean', description : 'LUKS2 online reencryption extension', value : true)
option('luks_adjust_xts_keysize', type : 'boolean', description : 'XTS mode requires two keys, double default LUKS keysize if needed', value : true)
option('nls', type : 'boolean', description : 'use Native Language Support', value : true)
option('passwdqc', type : 'string', description : 'enable password quality checking using passwdqc library (optionally with CONFIG_PATH)', value : 'false')
option('pwquality', type : 'boolean', description : 'password quality checking using pwquality library', value : false)
option('ssh-token', type : 'boolean', description : 'LUKS2 ssh-token', value : true)
option('static-cryptsetup', type : 'boolean', description : 'enable build of static version of tools', value : false)
option('systemd-tokens-test', type : 'boolean', description : 'compile systemd tokens and test using them from cryptsetup', value : false)
option('tmpfilesdir', type : 'string', description : 'override default path to directory with systemd temporary files')
option('udev', type : 'boolean', description : 'udev support', value : true)
option('veritysetup', type : 'boolean', description : 'veritysetup support', value : true)