<?xml version="1.0"?>
<!--*-nxml-*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1+
- This file is part of systemd.
-
- Copyright 2012 Lennart Poettering
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
-
This is based on crypttab(5) from Fedora's initscripts package, which in
turn is based on Debian's version.
The Red Hat version has been written by Miloslav Trmac <mitr@redhat.com>.
-
-->
<refentry id="crypttab" conditional='HAVE_LIBCRYPTSETUP'>
<refentryinfo>
<title>crypttab</title>
<productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>Documentation</contrib>
- <firstname>Miloslav</firstname>
- <surname>Trmac</surname>
- <email>mitr@redhat.com</email>
- </author>
- <author>
- <contrib>Documentation</contrib>
- <firstname>Lennart</firstname>
- <surname>Poettering</surname>
- <email>lennart@poettering.net</email>
- </author>
- </authorgroup>
</refentryinfo>
<refmeta>
sequential order.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>keyfile-timeout=</option></term>
+
+ <listitem><para> Specifies the timeout for the device on
+ which the key file resides and falls back to a password if
+ it could not be mounted. See
+ <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for key files on external devices.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>luks</option></term>
<term><option>nofail</option></term>
<listitem><para>This device will not be a hard dependency of
- <filename>cryptsetup.target</filename>. It'll be still pulled in and started, but the system
+ <filename>cryptsetup.target</filename>. It'll still be pulled in and started, but the system
will not wait for the device to show up and be unlocked, and boot will not fail if this is
unsuccessful. Note that other units that depend on the unlocked device may still fail. In
- particular, if the device is used for a mount point, the mount point itself is also needs to
- have <option>noauto</option> option, or the boot will fail if the device is not unlocked
+ particular, if the device is used for a mount point, the mount point itself also needs to
+ have the <option>nofail</option> option, or the boot will fail if the device is not unlocked
successfully.</para></listitem>
</varlistentry>
mode.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>same-cpu-crypt</option></term>
+
+ <listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
+ an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
+ <para>This requires kernel 4.0 or newer.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>submit-from-crypt-cpus</option></term>
+
+ <listitem><para>Disable offloading writes to a separate thread after encryption. There are some
+ situations where offloading write bios from the encryption threads to a single thread degrades
+ performance significantly. The default is to offload write bios to the same thread because it benefits
+ CFQ to have writes submitted using the same context.</para>
+ <para>This requires kernel 4.0 or newer.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>skip=</option></term>
option.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>sector-size=</option></term>
+
+ <listitem><para>Specifies the sector size in bytes. See
+ <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for possible values and the default value of this
+ option.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>swap</option></term>
<programlisting>luks UUID=2505567a-9e27-4efe-a4d5-15ad146c258b
swap /dev/sda7 /dev/urandom swap
truecrypt /dev/sda2 /etc/container_password tcrypt
-hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile</programlisting>
+hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile
+external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlisting>
</example>
</refsect1>
projects / thirdparty / systemd.git / blobdiff