]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd-cryptsetup-generator.xml
cryptsetup-generator: Add support for naming luks devices on kernel cmdline
[thirdparty/systemd.git] / man / systemd-cryptsetup-generator.xml
1 <?xml version="1.0"?>
2 <!--*-nxml-*-->
3 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 <!--
5 This file is part of systemd.
6
7 Copyright 2012 Lennart Poettering
8
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
13
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 -->
22 <refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
23
24 <refentryinfo>
25 <title>systemd-cryptsetup-generator</title>
26 <productname>systemd</productname>
27
28 <authorgroup>
29 <author>
30 <contrib>Developer</contrib>
31 <firstname>Lennart</firstname>
32 <surname>Poettering</surname>
33 <email>lennart@poettering.net</email>
34 </author>
35 </authorgroup>
36 </refentryinfo>
37
38 <refmeta>
39 <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
40 <manvolnum>8</manvolnum>
41 </refmeta>
42
43 <refnamediv>
44 <refname>systemd-cryptsetup-generator</refname>
45 <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
46 </refnamediv>
47
48 <refsynopsisdiv>
49 <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
50 </refsynopsisdiv>
51
52 <refsect1>
53 <title>Description</title>
54
55 <para><filename>systemd-cryptsetup-generator</filename>
56 is a generator that translates
57 <filename>/etc/crypttab</filename> into native systemd
58 units early at boot and when configuration of the
59 system manager is reloaded. This will create
60 <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
61 units as necessary.</para>
62
63 <para><filename>systemd-cryptsetup-generator</filename>
64 implements the <ulink
65 url="http://www.freedesktop.org/wiki/Software/systemd/Generators">generator
66 specification</ulink>.</para>
67 </refsect1>
68
69 <refsect1>
70 <title>Kernel Command Line</title>
71
72 <para><filename>systemd-cryptsetup-generator</filename> understands
73 the following kernel command line parameters:</para>
74
75 <variablelist class='kernel-commandline-options'>
76 <varlistentry>
77 <term><varname>luks=</varname></term>
78 <term><varname>rd.luks=</varname></term>
79
80 <listitem><para>Takes a boolean
81 argument. Defaults to
82 <literal>yes</literal>. If
83 <literal>no</literal>, disables the
84 generator
85 entirely. <varname>rd.luks=</varname>
86 is honored only by initial RAM disk
87 (initrd) while
88 <varname>luks=</varname> is honored
89 by both the main system and the
90 initrd. </para></listitem>
91 </varlistentry>
92
93 <varlistentry>
94 <term><varname>luks.crypttab=</varname></term>
95 <term><varname>rd.luks.crypttab=</varname></term>
96
97 <listitem><para>Takes a boolean
98 argument. Defaults to
99 <literal>yes</literal>. If
100 <literal>no</literal>, causes the
101 generator to ignore any devices
102 configured in
103 <filename>/etc/crypttab</filename>
104 (<varname>luks.uuid=</varname> will
105 still work
106 however). <varname>rd.luks.crypttab=</varname>
107 is honored only by initial RAM disk
108 (initrd) while
109 <varname>luks.crypttab=</varname> is
110 honored by both the main system and
111 the initrd. </para></listitem>
112 </varlistentry>
113
114 <varlistentry>
115 <term><varname>luks.uuid=</varname></term>
116 <term><varname>rd.luks.uuid=</varname></term>
117
118 <listitem><para>Takes a LUKS superblock
119 UUID as argument. This will
120 activate the specified device as part
121 of the boot process as if it was
122 listed in
123 <filename>/etc/crypttab</filename>. This
124 option may be specified more than once
125 in order to set up multiple
126 devices. <varname>rd.luks.uuid=</varname>
127 is honored only by initial RAM disk
128 (initrd) while
129 <varname>luks.uuid=</varname> is
130 honored by both the main system and
131 the initrd.</para>
132 <para>If /etc/crypttab contains entries with
133 the same UUID, then the name, keyfile and options
134 specified there will be used. Otherwise the device
135 will have the name <literal>luks-UUID</literal>.</para>
136 <para>If /etc/crypttab exists, only those UUIDs
137 specified on the kernel command line
138 will be activated in the initrd or the real root.</para>
139 </listitem>
140 </varlistentry>
141
142 <varlistentry>
143 <term><varname>luks.name=</varname></term>
144 <term><varname>rd.luks.name=</varname></term>
145
146 <listitem><para>Takes a LUKS super
147 block UUID followed by an '=' and a name. This implies
148 <varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>
149 and will additionally make the LUKS device given by
150 the UUID appear under the provided name.</para>
151
152 <para><varname>rd.luks.name=</varname>
153 is honored only by initial RAM disk
154 (initrd) while
155 <varname>luks.name=</varname> is
156 honored by both the main system and
157 the initrd.</para>
158 </listitem>
159 </varlistentry>
160
161 <varlistentry>
162 <term><varname>luks.options=</varname></term>
163 <term><varname>rd.luks.options=</varname></term>
164
165 <listitem><para>Takes a LUKS super
166 block UUID followed by an '=' and a string
167 of options separated by commas as argument.
168 This will override the options for the given
169 UUID.</para>
170 <para>If only a list of options, without an
171 UUID, is specified, they apply to any UUIDs not
172 specified elsewhere, and without an entry in
173 /etc/crypttab.</para><para>
174 <varname>rd.luks.options=</varname>
175 is honored only by initial RAM disk
176 (initrd) while
177 <varname>luks.options=</varname> is
178 honored by both the main system and
179 the initrd.</para>
180 </listitem>
181 </varlistentry>
182
183 <varlistentry>
184 <term><varname>luks.key=</varname></term>
185 <term><varname>rd.luks.key=</varname></term>
186
187 <listitem><para>Takes a password file name as argument or
188 a LUKS super block UUID followed by a '=' and a password
189 file name.</para>
190
191 <para>For those entries specified with
192 <varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>,
193 the password file will be set to the one specified by
194 <varname>rd.luks.key=</varname> or <varname>luks.key=</varname>
195 of the corresponding UUID, or the password file that was specified
196 without a UUID.</para>
197 <para><varname>rd.luks.key=</varname>
198 is honored only by initial RAM disk
199 (initrd) while
200 <varname>luks.key=</varname> is
201 honored by both the main system and
202 the initrd.</para>
203 </listitem>
204 </varlistentry>
205 </variablelist>
206 </refsect1>
207
208 <refsect1>
209 <title>See Also</title>
210 <para>
211 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
212 <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
213 <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
214 <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
215 <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
216 </para>
217 </refsect1>
218
219 </refentry>