3 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5 SPDX-License-Identifier: LGPL-2.1+
7 <refentry id=
"systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'
>
10 <title>systemd-cryptsetup-generator
</title>
11 <productname>systemd
</productname>
15 <refentrytitle>systemd-cryptsetup-generator
</refentrytitle>
16 <manvolnum>8</manvolnum>
20 <refname>systemd-cryptsetup-generator
</refname>
21 <refpurpose>Unit generator for
<filename>/etc/crypttab
</filename></refpurpose>
25 <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator
</filename></para>
29 <title>Description
</title>
31 <para><filename>systemd-cryptsetup-generator
</filename> is a
32 generator that translates
<filename>/etc/crypttab
</filename> into
33 native systemd units early at boot and when configuration of the
34 system manager is reloaded. This will create
35 <citerefentry><refentrytitle>systemd-cryptsetup@.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
36 units as necessary.
</para>
38 <para><filename>systemd-cryptsetup-generator
</filename> implements
39 <citerefentry><refentrytitle>systemd.generator
</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
43 <title>Kernel Command Line
</title>
45 <para><filename>systemd-cryptsetup-generator
</filename>
46 understands the following kernel command line parameters:
</para>
48 <variablelist class='kernel-commandline-options'
>
50 <term><varname>luks=
</varname></term>
51 <term><varname>rd.luks=
</varname></term>
53 <listitem><para>Takes a boolean argument. Defaults to
54 <literal>yes
</literal>. If
<literal>no
</literal>, disables the
55 generator entirely.
<varname>rd.luks=
</varname> is honored
56 only by initial RAM disk (initrd) while
57 <varname>luks=
</varname> is honored by both the main system
58 and the initrd.
</para></listitem>
62 <term><varname>luks.crypttab=
</varname></term>
63 <term><varname>rd.luks.crypttab=
</varname></term>
65 <listitem><para>Takes a boolean argument. Defaults to
66 <literal>yes
</literal>. If
<literal>no
</literal>, causes the
67 generator to ignore any devices configured in
68 <filename>/etc/crypttab
</filename>
69 (
<varname>luks.uuid=
</varname> will still work however).
70 <varname>rd.luks.crypttab=
</varname> is honored only by
71 initial RAM disk (initrd) while
72 <varname>luks.crypttab=
</varname> is honored by both the main
73 system and the initrd.
</para></listitem>
77 <term><varname>luks.uuid=
</varname></term>
78 <term><varname>rd.luks.uuid=
</varname></term>
80 <listitem><para>Takes a LUKS superblock UUID as argument. This
81 will activate the specified device as part of the boot process
82 as if it was listed in
<filename>/etc/crypttab
</filename>.
83 This option may be specified more than once in order to set up
84 multiple devices.
<varname>rd.luks.uuid=
</varname> is honored
85 only by initial RAM disk (initrd) while
86 <varname>luks.uuid=
</varname> is honored by both the main
87 system and the initrd.
</para>
88 <para>If /etc/crypttab contains entries with the same UUID,
89 then the name, keyfile and options specified there will be
90 used. Otherwise, the device will have the name
91 <literal>luks-UUID
</literal>.
</para>
92 <para>If /etc/crypttab exists, only those UUIDs
93 specified on the kernel command line
94 will be activated in the initrd or the real root.
</para>
99 <term><varname>luks.name=
</varname></term>
100 <term><varname>rd.luks.name=
</varname></term>
102 <listitem><para>Takes a LUKS super block UUID followed by an
103 <literal>=
</literal> and a name. This implies
104 <varname>rd.luks.uuid=
</varname> or
105 <varname>luks.uuid=
</varname> and will additionally make the
106 LUKS device given by the UUID appear under the provided
109 <para><varname>rd.luks.name=
</varname> is honored only by
110 initial RAM disk (initrd) while
<varname>luks.name=
</varname>
111 is honored by both the main system and the initrd.
</para>
116 <term><varname>luks.options=
</varname></term>
117 <term><varname>rd.luks.options=
</varname></term>
119 <listitem><para>Takes a LUKS super block UUID followed by an
120 <literal>=
</literal> and a string of options separated by
121 commas as argument. This will override the options for the
123 <para>If only a list of options, without an UUID, is
124 specified, they apply to any UUIDs not specified elsewhere,
125 and without an entry in
126 <filename>/etc/crypttab
</filename>.
</para><para>
127 <varname>rd.luks.options=
</varname> is honored only by initial
128 RAM disk (initrd) while
<varname>luks.options=
</varname> is
129 honored by both the main system and the initrd.
</para>
134 <term><varname>luks.key=
</varname></term>
135 <term><varname>rd.luks.key=
</varname></term>
137 <listitem><para>Takes a password file name as argument or a
138 LUKS super block UUID followed by a
<literal>=
</literal> and a
139 password file name.
</para>
141 <para>For those entries specified with
142 <varname>rd.luks.uuid=
</varname> or
143 <varname>luks.uuid=
</varname>, the password file will be set
144 to the one specified by
<varname>rd.luks.key=
</varname> or
145 <varname>luks.key=
</varname> of the corresponding UUID, or the
146 password file that was specified without a UUID.
</para>
147 <para><varname>rd.luks.key=
</varname>
148 is honored only by initial RAM disk
150 <varname>luks.key=
</varname> is
151 honored by both the main system and
159 <title>See Also
</title>
161 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
162 <citerefentry><refentrytitle>crypttab
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
163 <citerefentry><refentrytitle>systemd-cryptsetup@.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
164 <citerefentry project='die-net'
><refentrytitle>cryptsetup
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
165 <citerefentry><refentrytitle>systemd-fstab-generator
</refentrytitle><manvolnum>8</manvolnum></citerefentry>