]>
Commit | Line | Data |
---|---|---|
8e129f51 LP |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
12b42c76 | 3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
8e129f51 | 4 | <!-- |
572eb058 | 5 | SPDX-License-Identifier: LGPL-2.1+ |
8e129f51 | 6 | --> |
56ba3c78 | 7 | <refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'> |
8e129f51 | 8 | |
798d3a52 ZJS |
9 | <refentryinfo> |
10 | <title>systemd-cryptsetup-generator</title> | |
11 | <productname>systemd</productname> | |
12 | ||
13 | <authorgroup> | |
14 | <author> | |
15 | <contrib>Developer</contrib> | |
16 | <firstname>Lennart</firstname> | |
17 | <surname>Poettering</surname> | |
18 | <email>lennart@poettering.net</email> | |
19 | </author> | |
20 | </authorgroup> | |
21 | </refentryinfo> | |
22 | ||
23 | <refmeta> | |
24 | <refentrytitle>systemd-cryptsetup-generator</refentrytitle> | |
25 | <manvolnum>8</manvolnum> | |
26 | </refmeta> | |
27 | ||
28 | <refnamediv> | |
29 | <refname>systemd-cryptsetup-generator</refname> | |
30 | <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose> | |
31 | </refnamediv> | |
32 | ||
33 | <refsynopsisdiv> | |
12b42c76 | 34 | <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para> |
798d3a52 ZJS |
35 | </refsynopsisdiv> |
36 | ||
37 | <refsect1> | |
38 | <title>Description</title> | |
39 | ||
40 | <para><filename>systemd-cryptsetup-generator</filename> is a | |
41 | generator that translates <filename>/etc/crypttab</filename> into | |
42 | native systemd units early at boot and when configuration of the | |
43 | system manager is reloaded. This will create | |
44 | <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
45 | units as necessary.</para> | |
46 | ||
b1c1a519 ZC |
47 | <para><filename>systemd-cryptsetup-generator</filename> implements |
48 | <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> | |
798d3a52 ZJS |
49 | </refsect1> |
50 | ||
51 | <refsect1> | |
52 | <title>Kernel Command Line</title> | |
53 | ||
54 | <para><filename>systemd-cryptsetup-generator</filename> | |
55 | understands the following kernel command line parameters:</para> | |
56 | ||
57 | <variablelist class='kernel-commandline-options'> | |
58 | <varlistentry> | |
59 | <term><varname>luks=</varname></term> | |
60 | <term><varname>rd.luks=</varname></term> | |
61 | ||
62 | <listitem><para>Takes a boolean argument. Defaults to | |
63 | <literal>yes</literal>. If <literal>no</literal>, disables the | |
64 | generator entirely. <varname>rd.luks=</varname> is honored | |
65 | only by initial RAM disk (initrd) while | |
66 | <varname>luks=</varname> is honored by both the main system | |
67 | and the initrd. </para></listitem> | |
68 | </varlistentry> | |
69 | ||
70 | <varlistentry> | |
71 | <term><varname>luks.crypttab=</varname></term> | |
72 | <term><varname>rd.luks.crypttab=</varname></term> | |
73 | ||
74 | <listitem><para>Takes a boolean argument. Defaults to | |
75 | <literal>yes</literal>. If <literal>no</literal>, causes the | |
76 | generator to ignore any devices configured in | |
77 | <filename>/etc/crypttab</filename> | |
78 | (<varname>luks.uuid=</varname> will still work however). | |
79 | <varname>rd.luks.crypttab=</varname> is honored only by | |
80 | initial RAM disk (initrd) while | |
81 | <varname>luks.crypttab=</varname> is honored by both the main | |
82 | system and the initrd. </para></listitem> | |
83 | </varlistentry> | |
84 | ||
85 | <varlistentry> | |
86 | <term><varname>luks.uuid=</varname></term> | |
87 | <term><varname>rd.luks.uuid=</varname></term> | |
88 | ||
89 | <listitem><para>Takes a LUKS superblock UUID as argument. This | |
90 | will activate the specified device as part of the boot process | |
91 | as if it was listed in <filename>/etc/crypttab</filename>. | |
92 | This option may be specified more than once in order to set up | |
93 | multiple devices. <varname>rd.luks.uuid=</varname> is honored | |
94 | only by initial RAM disk (initrd) while | |
95 | <varname>luks.uuid=</varname> is honored by both the main | |
96 | system and the initrd.</para> | |
97 | <para>If /etc/crypttab contains entries with the same UUID, | |
98 | then the name, keyfile and options specified there will be | |
b938cb90 | 99 | used. Otherwise, the device will have the name |
798d3a52 ZJS |
100 | <literal>luks-UUID</literal>.</para> |
101 | <para>If /etc/crypttab exists, only those UUIDs | |
102 | specified on the kernel command line | |
103 | will be activated in the initrd or the real root.</para> | |
104 | </listitem> | |
105 | </varlistentry> | |
106 | ||
107 | <varlistentry> | |
108 | <term><varname>luks.name=</varname></term> | |
109 | <term><varname>rd.luks.name=</varname></term> | |
110 | ||
111 | <listitem><para>Takes a LUKS super block UUID followed by an | |
112 | <literal>=</literal> and a name. This implies | |
113 | <varname>rd.luks.uuid=</varname> or | |
114 | <varname>luks.uuid=</varname> and will additionally make the | |
115 | LUKS device given by the UUID appear under the provided | |
116 | name.</para> | |
117 | ||
118 | <para><varname>rd.luks.name=</varname> is honored only by | |
119 | initial RAM disk (initrd) while <varname>luks.name=</varname> | |
120 | is honored by both the main system and the initrd.</para> | |
121 | </listitem> | |
122 | </varlistentry> | |
123 | ||
124 | <varlistentry> | |
125 | <term><varname>luks.options=</varname></term> | |
126 | <term><varname>rd.luks.options=</varname></term> | |
127 | ||
128 | <listitem><para>Takes a LUKS super block UUID followed by an | |
129 | <literal>=</literal> and a string of options separated by | |
130 | commas as argument. This will override the options for the | |
131 | given UUID.</para> | |
132 | <para>If only a list of options, without an UUID, is | |
133 | specified, they apply to any UUIDs not specified elsewhere, | |
134 | and without an entry in | |
135 | <filename>/etc/crypttab</filename>.</para><para> | |
136 | <varname>rd.luks.options=</varname> is honored only by initial | |
137 | RAM disk (initrd) while <varname>luks.options=</varname> is | |
138 | honored by both the main system and the initrd.</para> | |
139 | </listitem> | |
140 | </varlistentry> | |
141 | ||
142 | <varlistentry> | |
143 | <term><varname>luks.key=</varname></term> | |
144 | <term><varname>rd.luks.key=</varname></term> | |
145 | ||
146 | <listitem><para>Takes a password file name as argument or a | |
147 | LUKS super block UUID followed by a <literal>=</literal> and a | |
148 | password file name.</para> | |
149 | ||
150 | <para>For those entries specified with | |
151 | <varname>rd.luks.uuid=</varname> or | |
152 | <varname>luks.uuid=</varname>, the password file will be set | |
153 | to the one specified by <varname>rd.luks.key=</varname> or | |
154 | <varname>luks.key=</varname> of the corresponding UUID, or the | |
155 | password file that was specified without a UUID.</para> | |
156 | <para><varname>rd.luks.key=</varname> | |
157 | is honored only by initial RAM disk | |
158 | (initrd) while | |
159 | <varname>luks.key=</varname> is | |
160 | honored by both the main system and | |
161 | the initrd.</para> | |
162 | </listitem> | |
163 | </varlistentry> | |
164 | </variablelist> | |
165 | </refsect1> | |
166 | ||
167 | <refsect1> | |
168 | <title>See Also</title> | |
169 | <para> | |
170 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
171 | <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
172 | <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
3ba3a79d | 173 | <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
798d3a52 ZJS |
174 | <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
175 | </para> | |
176 | </refsect1> | |
8e129f51 LP |
177 | |
178 | </refentry> |