]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd-cryptsetup-generator.xml
Merge pull request #8822 from fbuihuu/rfc-tmpfiles-safe-upstream
[thirdparty/systemd.git] / man / systemd-cryptsetup-generator.xml
1 <?xml version="1.0"?>
2 <!--*-nxml-*-->
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 <!--
5 SPDX-License-Identifier: LGPL-2.1+
6 -->
7 <refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
8
9 <refentryinfo>
10 <title>systemd-cryptsetup-generator</title>
11 <productname>systemd</productname>
12 </refentryinfo>
13
14 <refmeta>
15 <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
16 <manvolnum>8</manvolnum>
17 </refmeta>
18
19 <refnamediv>
20 <refname>systemd-cryptsetup-generator</refname>
21 <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
22 </refnamediv>
23
24 <refsynopsisdiv>
25 <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
26 </refsynopsisdiv>
27
28 <refsect1>
29 <title>Description</title>
30
31 <para><filename>systemd-cryptsetup-generator</filename> is a
32 generator that translates <filename>/etc/crypttab</filename> into
33 native systemd units early at boot and when configuration of the
34 system manager is reloaded. This will create
35 <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
36 units as necessary.</para>
37
38 <para><filename>systemd-cryptsetup-generator</filename> implements
39 <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
40 </refsect1>
41
42 <refsect1>
43 <title>Kernel Command Line</title>
44
45 <para><filename>systemd-cryptsetup-generator</filename>
46 understands the following kernel command line parameters:</para>
47
48 <variablelist class='kernel-commandline-options'>
49 <varlistentry>
50 <term><varname>luks=</varname></term>
51 <term><varname>rd.luks=</varname></term>
52
53 <listitem><para>Takes a boolean argument. Defaults to
54 <literal>yes</literal>. If <literal>no</literal>, disables the
55 generator entirely. <varname>rd.luks=</varname> is honored
56 only by initial RAM disk (initrd) while
57 <varname>luks=</varname> is honored by both the main system
58 and the initrd. </para></listitem>
59 </varlistentry>
60
61 <varlistentry>
62 <term><varname>luks.crypttab=</varname></term>
63 <term><varname>rd.luks.crypttab=</varname></term>
64
65 <listitem><para>Takes a boolean argument. Defaults to
66 <literal>yes</literal>. If <literal>no</literal>, causes the
67 generator to ignore any devices configured in
68 <filename>/etc/crypttab</filename>
69 (<varname>luks.uuid=</varname> will still work however).
70 <varname>rd.luks.crypttab=</varname> is honored only by
71 initial RAM disk (initrd) while
72 <varname>luks.crypttab=</varname> is honored by both the main
73 system and the initrd. </para></listitem>
74 </varlistentry>
75
76 <varlistentry>
77 <term><varname>luks.uuid=</varname></term>
78 <term><varname>rd.luks.uuid=</varname></term>
79
80 <listitem><para>Takes a LUKS superblock UUID as argument. This
81 will activate the specified device as part of the boot process
82 as if it was listed in <filename>/etc/crypttab</filename>.
83 This option may be specified more than once in order to set up
84 multiple devices. <varname>rd.luks.uuid=</varname> is honored
85 only by initial RAM disk (initrd) while
86 <varname>luks.uuid=</varname> is honored by both the main
87 system and the initrd.</para>
88 <para>If /etc/crypttab contains entries with the same UUID,
89 then the name, keyfile and options specified there will be
90 used. Otherwise, the device will have the name
91 <literal>luks-UUID</literal>.</para>
92 <para>If /etc/crypttab exists, only those UUIDs
93 specified on the kernel command line
94 will be activated in the initrd or the real root.</para>
95 </listitem>
96 </varlistentry>
97
98 <varlistentry>
99 <term><varname>luks.name=</varname></term>
100 <term><varname>rd.luks.name=</varname></term>
101
102 <listitem><para>Takes a LUKS super block UUID followed by an
103 <literal>=</literal> and a name. This implies
104 <varname>rd.luks.uuid=</varname> or
105 <varname>luks.uuid=</varname> and will additionally make the
106 LUKS device given by the UUID appear under the provided
107 name.</para>
108
109 <para><varname>rd.luks.name=</varname> is honored only by
110 initial RAM disk (initrd) while <varname>luks.name=</varname>
111 is honored by both the main system and the initrd.</para>
112 </listitem>
113 </varlistentry>
114
115 <varlistentry>
116 <term><varname>luks.options=</varname></term>
117 <term><varname>rd.luks.options=</varname></term>
118
119 <listitem><para>Takes a LUKS super block UUID followed by an
120 <literal>=</literal> and a string of options separated by
121 commas as argument. This will override the options for the
122 given UUID.</para>
123 <para>If only a list of options, without an UUID, is
124 specified, they apply to any UUIDs not specified elsewhere,
125 and without an entry in
126 <filename>/etc/crypttab</filename>.</para><para>
127 <varname>rd.luks.options=</varname> is honored only by initial
128 RAM disk (initrd) while <varname>luks.options=</varname> is
129 honored by both the main system and the initrd.</para>
130 </listitem>
131 </varlistentry>
132
133 <varlistentry>
134 <term><varname>luks.key=</varname></term>
135 <term><varname>rd.luks.key=</varname></term>
136
137 <listitem><para>Takes a password file name as argument or a
138 LUKS super block UUID followed by a <literal>=</literal> and a
139 password file name.</para>
140
141 <para>For those entries specified with
142 <varname>rd.luks.uuid=</varname> or
143 <varname>luks.uuid=</varname>, the password file will be set
144 to the one specified by <varname>rd.luks.key=</varname> or
145 <varname>luks.key=</varname> of the corresponding UUID, or the
146 password file that was specified without a UUID.</para>
147 <para><varname>rd.luks.key=</varname>
148 is honored only by initial RAM disk
149 (initrd) while
150 <varname>luks.key=</varname> is
151 honored by both the main system and
152 the initrd.</para>
153 </listitem>
154 </varlistentry>
155 </variablelist>
156 </refsect1>
157
158 <refsect1>
159 <title>See Also</title>
160 <para>
161 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
162 <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
163 <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
164 <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
165 <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
166 </para>
167 </refsect1>
168
169 </refentry>