3 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5 SPDX-License-Identifier: LGPL-2.1+
7 This file is part of systemd.
9 Copyright 2012 Lennart Poettering
11 <refentry id=
"systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'
>
14 <title>systemd-cryptsetup-generator
</title>
15 <productname>systemd
</productname>
19 <contrib>Developer
</contrib>
20 <firstname>Lennart
</firstname>
21 <surname>Poettering
</surname>
22 <email>lennart@poettering.net
</email>
28 <refentrytitle>systemd-cryptsetup-generator
</refentrytitle>
29 <manvolnum>8</manvolnum>
33 <refname>systemd-cryptsetup-generator
</refname>
34 <refpurpose>Unit generator for
<filename>/etc/crypttab
</filename></refpurpose>
38 <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator
</filename></para>
42 <title>Description
</title>
44 <para><filename>systemd-cryptsetup-generator
</filename> is a
45 generator that translates
<filename>/etc/crypttab
</filename> into
46 native systemd units early at boot and when configuration of the
47 system manager is reloaded. This will create
48 <citerefentry><refentrytitle>systemd-cryptsetup@.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
49 units as necessary.
</para>
51 <para><filename>systemd-cryptsetup-generator
</filename> implements
52 <citerefentry><refentrytitle>systemd.generator
</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
56 <title>Kernel Command Line
</title>
58 <para><filename>systemd-cryptsetup-generator
</filename>
59 understands the following kernel command line parameters:
</para>
61 <variablelist class='kernel-commandline-options'
>
63 <term><varname>luks=
</varname></term>
64 <term><varname>rd.luks=
</varname></term>
66 <listitem><para>Takes a boolean argument. Defaults to
67 <literal>yes
</literal>. If
<literal>no
</literal>, disables the
68 generator entirely.
<varname>rd.luks=
</varname> is honored
69 only by initial RAM disk (initrd) while
70 <varname>luks=
</varname> is honored by both the main system
71 and the initrd.
</para></listitem>
75 <term><varname>luks.crypttab=
</varname></term>
76 <term><varname>rd.luks.crypttab=
</varname></term>
78 <listitem><para>Takes a boolean argument. Defaults to
79 <literal>yes
</literal>. If
<literal>no
</literal>, causes the
80 generator to ignore any devices configured in
81 <filename>/etc/crypttab
</filename>
82 (
<varname>luks.uuid=
</varname> will still work however).
83 <varname>rd.luks.crypttab=
</varname> is honored only by
84 initial RAM disk (initrd) while
85 <varname>luks.crypttab=
</varname> is honored by both the main
86 system and the initrd.
</para></listitem>
90 <term><varname>luks.uuid=
</varname></term>
91 <term><varname>rd.luks.uuid=
</varname></term>
93 <listitem><para>Takes a LUKS superblock UUID as argument. This
94 will activate the specified device as part of the boot process
95 as if it was listed in
<filename>/etc/crypttab
</filename>.
96 This option may be specified more than once in order to set up
97 multiple devices.
<varname>rd.luks.uuid=
</varname> is honored
98 only by initial RAM disk (initrd) while
99 <varname>luks.uuid=
</varname> is honored by both the main
100 system and the initrd.
</para>
101 <para>If /etc/crypttab contains entries with the same UUID,
102 then the name, keyfile and options specified there will be
103 used. Otherwise, the device will have the name
104 <literal>luks-UUID
</literal>.
</para>
105 <para>If /etc/crypttab exists, only those UUIDs
106 specified on the kernel command line
107 will be activated in the initrd or the real root.
</para>
112 <term><varname>luks.name=
</varname></term>
113 <term><varname>rd.luks.name=
</varname></term>
115 <listitem><para>Takes a LUKS super block UUID followed by an
116 <literal>=
</literal> and a name. This implies
117 <varname>rd.luks.uuid=
</varname> or
118 <varname>luks.uuid=
</varname> and will additionally make the
119 LUKS device given by the UUID appear under the provided
122 <para><varname>rd.luks.name=
</varname> is honored only by
123 initial RAM disk (initrd) while
<varname>luks.name=
</varname>
124 is honored by both the main system and the initrd.
</para>
129 <term><varname>luks.options=
</varname></term>
130 <term><varname>rd.luks.options=
</varname></term>
132 <listitem><para>Takes a LUKS super block UUID followed by an
133 <literal>=
</literal> and a string of options separated by
134 commas as argument. This will override the options for the
136 <para>If only a list of options, without an UUID, is
137 specified, they apply to any UUIDs not specified elsewhere,
138 and without an entry in
139 <filename>/etc/crypttab
</filename>.
</para><para>
140 <varname>rd.luks.options=
</varname> is honored only by initial
141 RAM disk (initrd) while
<varname>luks.options=
</varname> is
142 honored by both the main system and the initrd.
</para>
147 <term><varname>luks.key=
</varname></term>
148 <term><varname>rd.luks.key=
</varname></term>
150 <listitem><para>Takes a password file name as argument or a
151 LUKS super block UUID followed by a
<literal>=
</literal> and a
152 password file name.
</para>
154 <para>For those entries specified with
155 <varname>rd.luks.uuid=
</varname> or
156 <varname>luks.uuid=
</varname>, the password file will be set
157 to the one specified by
<varname>rd.luks.key=
</varname> or
158 <varname>luks.key=
</varname> of the corresponding UUID, or the
159 password file that was specified without a UUID.
</para>
160 <para><varname>rd.luks.key=
</varname>
161 is honored only by initial RAM disk
163 <varname>luks.key=
</varname> is
164 honored by both the main system and
172 <title>See Also
</title>
174 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
175 <citerefentry><refentrytitle>crypttab
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
176 <citerefentry><refentrytitle>systemd-cryptsetup@.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
177 <citerefentry project='die-net'
><refentrytitle>cryptsetup
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
178 <citerefentry><refentrytitle>systemd-fstab-generator
</refentrytitle><manvolnum>8</manvolnum></citerefentry>