]>
Commit | Line | Data |
---|---|---|
8e129f51 LP |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
12b42c76 | 3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
8e129f51 | 4 | <!-- |
572eb058 ZJS |
5 | SPDX-License-Identifier: LGPL-2.1+ |
6 | ||
8e129f51 LP |
7 | This file is part of systemd. |
8 | ||
9 | Copyright 2012 Lennart Poettering | |
8e129f51 | 10 | --> |
56ba3c78 | 11 | <refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'> |
8e129f51 | 12 | |
798d3a52 ZJS |
13 | <refentryinfo> |
14 | <title>systemd-cryptsetup-generator</title> | |
15 | <productname>systemd</productname> | |
16 | ||
17 | <authorgroup> | |
18 | <author> | |
19 | <contrib>Developer</contrib> | |
20 | <firstname>Lennart</firstname> | |
21 | <surname>Poettering</surname> | |
22 | <email>lennart@poettering.net</email> | |
23 | </author> | |
24 | </authorgroup> | |
25 | </refentryinfo> | |
26 | ||
27 | <refmeta> | |
28 | <refentrytitle>systemd-cryptsetup-generator</refentrytitle> | |
29 | <manvolnum>8</manvolnum> | |
30 | </refmeta> | |
31 | ||
32 | <refnamediv> | |
33 | <refname>systemd-cryptsetup-generator</refname> | |
34 | <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose> | |
35 | </refnamediv> | |
36 | ||
37 | <refsynopsisdiv> | |
12b42c76 | 38 | <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para> |
798d3a52 ZJS |
39 | </refsynopsisdiv> |
40 | ||
41 | <refsect1> | |
42 | <title>Description</title> | |
43 | ||
44 | <para><filename>systemd-cryptsetup-generator</filename> is a | |
45 | generator that translates <filename>/etc/crypttab</filename> into | |
46 | native systemd units early at boot and when configuration of the | |
47 | system manager is reloaded. This will create | |
48 | <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
49 | units as necessary.</para> | |
50 | ||
b1c1a519 ZC |
51 | <para><filename>systemd-cryptsetup-generator</filename> implements |
52 | <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> | |
798d3a52 ZJS |
53 | </refsect1> |
54 | ||
55 | <refsect1> | |
56 | <title>Kernel Command Line</title> | |
57 | ||
58 | <para><filename>systemd-cryptsetup-generator</filename> | |
59 | understands the following kernel command line parameters:</para> | |
60 | ||
61 | <variablelist class='kernel-commandline-options'> | |
62 | <varlistentry> | |
63 | <term><varname>luks=</varname></term> | |
64 | <term><varname>rd.luks=</varname></term> | |
65 | ||
66 | <listitem><para>Takes a boolean argument. Defaults to | |
67 | <literal>yes</literal>. If <literal>no</literal>, disables the | |
68 | generator entirely. <varname>rd.luks=</varname> is honored | |
69 | only by initial RAM disk (initrd) while | |
70 | <varname>luks=</varname> is honored by both the main system | |
71 | and the initrd. </para></listitem> | |
72 | </varlistentry> | |
73 | ||
74 | <varlistentry> | |
75 | <term><varname>luks.crypttab=</varname></term> | |
76 | <term><varname>rd.luks.crypttab=</varname></term> | |
77 | ||
78 | <listitem><para>Takes a boolean argument. Defaults to | |
79 | <literal>yes</literal>. If <literal>no</literal>, causes the | |
80 | generator to ignore any devices configured in | |
81 | <filename>/etc/crypttab</filename> | |
82 | (<varname>luks.uuid=</varname> will still work however). | |
83 | <varname>rd.luks.crypttab=</varname> is honored only by | |
84 | initial RAM disk (initrd) while | |
85 | <varname>luks.crypttab=</varname> is honored by both the main | |
86 | system and the initrd. </para></listitem> | |
87 | </varlistentry> | |
88 | ||
89 | <varlistentry> | |
90 | <term><varname>luks.uuid=</varname></term> | |
91 | <term><varname>rd.luks.uuid=</varname></term> | |
92 | ||
93 | <listitem><para>Takes a LUKS superblock UUID as argument. This | |
94 | will activate the specified device as part of the boot process | |
95 | as if it was listed in <filename>/etc/crypttab</filename>. | |
96 | This option may be specified more than once in order to set up | |
97 | multiple devices. <varname>rd.luks.uuid=</varname> is honored | |
98 | only by initial RAM disk (initrd) while | |
99 | <varname>luks.uuid=</varname> is honored by both the main | |
100 | system and the initrd.</para> | |
101 | <para>If /etc/crypttab contains entries with the same UUID, | |
102 | then the name, keyfile and options specified there will be | |
b938cb90 | 103 | used. Otherwise, the device will have the name |
798d3a52 ZJS |
104 | <literal>luks-UUID</literal>.</para> |
105 | <para>If /etc/crypttab exists, only those UUIDs | |
106 | specified on the kernel command line | |
107 | will be activated in the initrd or the real root.</para> | |
108 | </listitem> | |
109 | </varlistentry> | |
110 | ||
111 | <varlistentry> | |
112 | <term><varname>luks.name=</varname></term> | |
113 | <term><varname>rd.luks.name=</varname></term> | |
114 | ||
115 | <listitem><para>Takes a LUKS super block UUID followed by an | |
116 | <literal>=</literal> and a name. This implies | |
117 | <varname>rd.luks.uuid=</varname> or | |
118 | <varname>luks.uuid=</varname> and will additionally make the | |
119 | LUKS device given by the UUID appear under the provided | |
120 | name.</para> | |
121 | ||
122 | <para><varname>rd.luks.name=</varname> is honored only by | |
123 | initial RAM disk (initrd) while <varname>luks.name=</varname> | |
124 | is honored by both the main system and the initrd.</para> | |
125 | </listitem> | |
126 | </varlistentry> | |
127 | ||
128 | <varlistentry> | |
129 | <term><varname>luks.options=</varname></term> | |
130 | <term><varname>rd.luks.options=</varname></term> | |
131 | ||
132 | <listitem><para>Takes a LUKS super block UUID followed by an | |
133 | <literal>=</literal> and a string of options separated by | |
134 | commas as argument. This will override the options for the | |
135 | given UUID.</para> | |
136 | <para>If only a list of options, without an UUID, is | |
137 | specified, they apply to any UUIDs not specified elsewhere, | |
138 | and without an entry in | |
139 | <filename>/etc/crypttab</filename>.</para><para> | |
140 | <varname>rd.luks.options=</varname> is honored only by initial | |
141 | RAM disk (initrd) while <varname>luks.options=</varname> is | |
142 | honored by both the main system and the initrd.</para> | |
143 | </listitem> | |
144 | </varlistentry> | |
145 | ||
146 | <varlistentry> | |
147 | <term><varname>luks.key=</varname></term> | |
148 | <term><varname>rd.luks.key=</varname></term> | |
149 | ||
150 | <listitem><para>Takes a password file name as argument or a | |
151 | LUKS super block UUID followed by a <literal>=</literal> and a | |
152 | password file name.</para> | |
153 | ||
154 | <para>For those entries specified with | |
155 | <varname>rd.luks.uuid=</varname> or | |
156 | <varname>luks.uuid=</varname>, the password file will be set | |
157 | to the one specified by <varname>rd.luks.key=</varname> or | |
158 | <varname>luks.key=</varname> of the corresponding UUID, or the | |
159 | password file that was specified without a UUID.</para> | |
160 | <para><varname>rd.luks.key=</varname> | |
161 | is honored only by initial RAM disk | |
162 | (initrd) while | |
163 | <varname>luks.key=</varname> is | |
164 | honored by both the main system and | |
165 | the initrd.</para> | |
166 | </listitem> | |
167 | </varlistentry> | |
168 | </variablelist> | |
169 | </refsect1> | |
170 | ||
171 | <refsect1> | |
172 | <title>See Also</title> | |
173 | <para> | |
174 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
175 | <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
176 | <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
3ba3a79d | 177 | <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
798d3a52 ZJS |
178 | <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
179 | </para> | |
180 | </refsect1> | |
8e129f51 LP |
181 | |
182 | </refentry> |