X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=man%2Fcrypttab.xml;h=ee54499bfe7a13c86869b3c7c4e355a0e7d511a5;hb=3177b9270c88ba8b758d5ea9c8210248ea03b259;hp=2046911c7849517771c627b6ec39c08ee58d4420;hpb=5a36324962ba0ec5de4100945bc6d6bce494e956;p=thirdparty%2Fsystemd.git
diff --git a/man/crypttab.xml b/man/crypttab.xml
index 2046911c784..ee54499bfe7 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -60,13 +60,15 @@
device or file, or a specification of a block device via
UUID= followed by the UUID.
- The third field specifies an absolute path to a file to read the encryption key from. If the field
- is not present or set to none or -, a key file named after the
- volume to unlock (i.e. the first column of the line), suffixed with .key is
- automatically loaded from the /etc/cryptsetup-keys.d/ and
- /run/cryptsetup-keys.d/ directories, if present. Otherwise, the password has to be
- manually entered during system boot. For swap encryption, /dev/urandom may be used
- as key file.
+ The third field specifies an absolute path to a file to read the encryption key from. Optionally,
+ the path may be followed by : and an fstab device specification (e.g. starting with
+ LABEL= or similar); in which case, the path is relative to the device file system
+ root. If the field is not present or set to none or -, a key file
+ named after the volume to unlock (i.e. the first column of the line), suffixed with
+ .key is automatically loaded from the /etc/cryptsetup-keys.d/
+ and /run/cryptsetup-keys.d/ directories, if present. Otherwise, the password has to
+ be manually entered during system boot. For swap encryption, /dev/urandom may be
+ used as key file.The fourth field, if present, is a comma-delimited list of
options. The following options are recognized:
@@ -253,6 +255,7 @@
Perform encryption using the same cpu that IO was submitted on. The default is to use
an unbound workqueue so that encryption work is automatically balanced between available CPUs.
+
This requires kernel 4.0 or newer.
@@ -261,9 +264,10 @@
Disable offloading writes to a separate thread after encryption. There are some
- situations where offloading write bios from the encryption threads to a single thread degrades
- performance significantly. The default is to offload write bios to the same thread because it benefits
- CFQ to have writes submitted using the same context.
+ situations where offloading write requests from the encryption threads to a dedicated thread degrades
+ performance significantly. The default is to offload write requests to a dedicated thread because it
+ benefits the CFQ scheduler to have writes submitted using the same context.
+
This requires kernel 4.0 or newer.
@@ -510,7 +514,8 @@ external /dev/sda3 keyfile:LABEL=keydev keyfile-timeout=10sThe PKCS#11 logic allows hooking up any compatible security token that is capable of storing RSA
decryption keys. Here's an example how to set up a Yubikey security token for this purpose, using
- ykman from the yubikey-manager project:
+ ykmap1
+ from the yubikey-manager project: