<?xml version="1.0"?>
<!--*-nxml-*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1+
<refentryinfo>
<title>crypttab</title>
<productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>Documentation</contrib>
- <firstname>Miloslav</firstname>
- <surname>Trmac</surname>
- <email>mitr@redhat.com</email>
- </author>
- <author>
- <contrib>Documentation</contrib>
- <firstname>Lennart</firstname>
- <surname>Poettering</surname>
- <email>lennart@poettering.net</email>
- </author>
- </authorgroup>
</refentryinfo>
<refmeta>
sequential order.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>keyfile-timeout=</option></term>
+
+ <listitem><para> Specifies the timeout for the device on
+ which the key file resides and falls back to a password if
+ it could not be mounted. See
+ <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for key files on external devices.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>luks</option></term>
<term><option>nofail</option></term>
<listitem><para>This device will not be a hard dependency of
- <filename>cryptsetup.target</filename>. It'll be still pulled in and started, but the system
+ <filename>cryptsetup.target</filename>. It'll still be pulled in and started, but the system
will not wait for the device to show up and be unlocked, and boot will not fail if this is
unsuccessful. Note that other units that depend on the unlocked device may still fail. In
- particular, if the device is used for a mount point, the mount point itself is also needs to
- have <option>noauto</option> option, or the boot will fail if the device is not unlocked
+ particular, if the device is used for a mount point, the mount point itself also needs to
+ have the <option>nofail</option> option, or the boot will fail if the device is not unlocked
successfully.</para></listitem>
</varlistentry>
mode.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>same-cpu-crypt</option></term>
+
+ <listitem><para>Perform encryption using the same cpu that IO was submitted on. The default is to use
+ an unbound workqueue so that encryption work is automatically balanced between available CPUs.</para>
+ <para>This requires kernel 4.0 or newer.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>submit-from-crypt-cpus</option></term>
+
+ <listitem><para>Disable offloading writes to a separate thread after encryption. There are some
+ situations where offloading write bios from the encryption threads to a single thread degrades
+ performance significantly. The default is to offload write bios to the same thread because it benefits
+ CFQ to have writes submitted using the same context.</para>
+ <para>This requires kernel 4.0 or newer.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>skip=</option></term>
option.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>sector-size=</option></term>
+
+ <listitem><para>Specifies the sector size in bytes. See
+ <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for possible values and the default value of this
+ option.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>swap</option></term>
<programlisting>luks UUID=2505567a-9e27-4efe-a4d5-15ad146c258b
swap /dev/sda7 /dev/urandom swap
truecrypt /dev/sda2 /etc/container_password tcrypt
-hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile</programlisting>
+hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile
+external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10s</programlisting>
</example>
</refsect1>
projects / thirdparty / systemd.git / blobdiff