[thirdparty/systemd.git] / man / systemd-cryptsetup-generator.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
  SPDX-License-Identifier: LGPL-2.1+

  This file is part of systemd.

  Copyright 2012 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>

  <refentryinfo>
    <title>systemd-cryptsetup-generator</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Lennart</firstname>
        <surname>Poettering</surname>
        <email>lennart@poettering.net</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-cryptsetup-generator</refname>
    <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><filename>systemd-cryptsetup-generator</filename> is a
    generator that translates <filename>/etc/crypttab</filename> into
    native systemd units early at boot and when configuration of the
    system manager is reloaded. This will create
    <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    units as necessary.</para>

    <para><filename>systemd-cryptsetup-generator</filename> implements
    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>Kernel Command Line</title>

    <para><filename>systemd-cryptsetup-generator</filename>
    understands the following kernel command line parameters:</para>

    <variablelist class='kernel-commandline-options'>
      <varlistentry>
        <term><varname>luks=</varname></term>
        <term><varname>rd.luks=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to
        <literal>yes</literal>. If <literal>no</literal>, disables the
        generator entirely. <varname>rd.luks=</varname> is honored
        only by initial RAM disk (initrd) while
        <varname>luks=</varname> is honored by both the main system
        and the initrd. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.crypttab=</varname></term>
        <term><varname>rd.luks.crypttab=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to
        <literal>yes</literal>. If <literal>no</literal>, causes the
        generator to ignore any devices configured in
        <filename>/etc/crypttab</filename>
        (<varname>luks.uuid=</varname> will still work however).
        <varname>rd.luks.crypttab=</varname> is honored only by
        initial RAM disk (initrd) while
        <varname>luks.crypttab=</varname> is honored by both the main
        system and the initrd. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.uuid=</varname></term>
        <term><varname>rd.luks.uuid=</varname></term>

        <listitem><para>Takes a LUKS superblock UUID as argument. This
        will activate the specified device as part of the boot process
        as if it was listed in <filename>/etc/crypttab</filename>.
        This option may be specified more than once in order to set up
        multiple devices. <varname>rd.luks.uuid=</varname> is honored
        only by initial RAM disk (initrd) while
        <varname>luks.uuid=</varname> is honored by both the main
        system and the initrd.</para>
        <para>If /etc/crypttab contains entries with the same UUID,
        then the name, keyfile and options specified there will be
        used. Otherwise, the device will have the name
        <literal>luks-UUID</literal>.</para>
        <para>If /etc/crypttab exists, only those UUIDs
        specified on the kernel command line
        will be activated in the initrd or the real root.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.name=</varname></term>
        <term><varname>rd.luks.name=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a name. This implies
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname> and will additionally make the
        LUKS device given by the UUID appear under the provided
        name.</para>

        <para><varname>rd.luks.name=</varname> is honored only by
        initial RAM disk (initrd) while <varname>luks.name=</varname>
        is honored by both the main system and the initrd.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.options=</varname></term>
        <term><varname>rd.luks.options=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a string of options separated by
        commas as argument. This will override the options for the
        given UUID.</para>
        <para>If only a list of options, without an UUID, is
        specified, they apply to any UUIDs not specified elsewhere,
        and without an entry in
        <filename>/etc/crypttab</filename>.</para><para>
        <varname>rd.luks.options=</varname> is honored only by initial
        RAM disk (initrd) while <varname>luks.options=</varname> is
        honored by both the main system and the initrd.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.key=</varname></term>
        <term><varname>rd.luks.key=</varname></term>

        <listitem><para>Takes a password file name as argument or a
        LUKS super block UUID followed by a <literal>=</literal> and a
        password file name.</para>

        <para>For those entries specified with
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname>, the password file will be set
        to the one specified by <varname>rd.luks.key=</varname> or
        <varname>luks.key=</varname> of the corresponding UUID, or the
        password file that was specified without a UUID.</para>
        <para><varname>rd.luks.key=</varname>
        is honored only by initial RAM disk
        (initrd) while
        <varname>luks.key=</varname> is
        honored by both the main system and
        the initrd.</para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
8e129f51 LP	1	<?xml version="1.0"?>
8e129f51 LP	2	<!---nxml--->
12b42c76	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
8e129f51	4	<!--
572eb058 ZJS	5	SPDX-License-Identifier: LGPL-2.1+
572eb058 ZJS	6
8e129f51 LP	7	This file is part of systemd.
	8
	9	Copyright 2012 Lennart Poettering
	10
	11	systemd is free software; you can redistribute it and/or modify it
	12	under the terms of the GNU Lesser General Public License as published by
	13	the Free Software Foundation; either version 2.1 of the License, or
	14	(at your option) any later version.
	15
	16	systemd is distributed in the hope that it will be useful, but
	17	WITHOUT ANY WARRANTY; without even the implied warranty of
	18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	19	Lesser General Public License for more details.
	20
	21	You should have received a copy of the GNU Lesser General Public License
	22	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	23	-->
56ba3c78	24	<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
8e129f51	25
798d3a52 ZJS	26	<refentryinfo>
	27	<title>systemd-cryptsetup-generator</title>
	28	<productname>systemd</productname>
	29
	30	<authorgroup>
	31	<author>
	32	<contrib>Developer</contrib>
	33	<firstname>Lennart</firstname>
	34	<surname>Poettering</surname>
	35	<email>lennart@poettering.net</email>
	36	</author>
	37	</authorgroup>
	38	</refentryinfo>
	39
	40	<refmeta>
	41	<refentrytitle>systemd-cryptsetup-generator</refentrytitle>
	42	<manvolnum>8</manvolnum>
	43	</refmeta>
	44
	45	<refnamediv>
	46	<refname>systemd-cryptsetup-generator</refname>
	47	<refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
	48	</refnamediv>
	49
	50	<refsynopsisdiv>
12b42c76	51	<para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
798d3a52 ZJS	52	</refsynopsisdiv>
	53
	54	<refsect1>
	55	<title>Description</title>
	56
	57	<para><filename>systemd-cryptsetup-generator</filename> is a
	58	generator that translates <filename>/etc/crypttab</filename> into
	59	native systemd units early at boot and when configuration of the
	60	system manager is reloaded. This will create
	61	<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	62	units as necessary.</para>
	63
b1c1a519 ZC	64	<para><filename>systemd-cryptsetup-generator</filename> implements
b1c1a519 ZC	65	<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
798d3a52 ZJS	66	</refsect1>
	67
	68	<refsect1>
	69	<title>Kernel Command Line</title>
	70
	71	<para><filename>systemd-cryptsetup-generator</filename>
	72	understands the following kernel command line parameters:</para>
	73
	74	<variablelist class='kernel-commandline-options'>
	75	<varlistentry>
	76	<term><varname>luks=</varname></term>
	77	<term><varname>rd.luks=</varname></term>
	78
	79	<listitem><para>Takes a boolean argument. Defaults to
	80	<literal>yes</literal>. If <literal>no</literal>, disables the
	81	generator entirely. <varname>rd.luks=</varname> is honored
	82	only by initial RAM disk (initrd) while
	83	<varname>luks=</varname> is honored by both the main system
	84	and the initrd. </para></listitem>
	85	</varlistentry>
	86
	87	<varlistentry>
	88	<term><varname>luks.crypttab=</varname></term>
	89	<term><varname>rd.luks.crypttab=</varname></term>
	90
	91	<listitem><para>Takes a boolean argument. Defaults to
	92	<literal>yes</literal>. If <literal>no</literal>, causes the
	93	generator to ignore any devices configured in
	94	<filename>/etc/crypttab</filename>
	95	(<varname>luks.uuid=</varname> will still work however).
	96	<varname>rd.luks.crypttab=</varname> is honored only by
	97	initial RAM disk (initrd) while
	98	<varname>luks.crypttab=</varname> is honored by both the main
	99	system and the initrd. </para></listitem>
	100	</varlistentry>
	101
	102	<varlistentry>
	103	<term><varname>luks.uuid=</varname></term>
	104	<term><varname>rd.luks.uuid=</varname></term>
	105
	106	<listitem><para>Takes a LUKS superblock UUID as argument. This
	107	will activate the specified device as part of the boot process
	108	as if it was listed in <filename>/etc/crypttab</filename>.
	109	This option may be specified more than once in order to set up
	110	multiple devices. <varname>rd.luks.uuid=</varname> is honored
	111	only by initial RAM disk (initrd) while
	112	<varname>luks.uuid=</varname> is honored by both the main
	113	system and the initrd.</para>
	114	<para>If /etc/crypttab contains entries with the same UUID,
	115	then the name, keyfile and options specified there will be
b938cb90	116	used. Otherwise, the device will have the name
798d3a52 ZJS	117	<literal>luks-UUID</literal>.</para>
	118	<para>If /etc/crypttab exists, only those UUIDs
	119	specified on the kernel command line
	120	will be activated in the initrd or the real root.</para>
	121	</listitem>
	122	</varlistentry>
	123
	124	<varlistentry>
	125	<term><varname>luks.name=</varname></term>
	126	<term><varname>rd.luks.name=</varname></term>
	127
	128	<listitem><para>Takes a LUKS super block UUID followed by an
	129	<literal>=</literal> and a name. This implies
	130	<varname>rd.luks.uuid=</varname> or
	131	<varname>luks.uuid=</varname> and will additionally make the
	132	LUKS device given by the UUID appear under the provided
	133	name.</para>
	134
	135	<para><varname>rd.luks.name=</varname> is honored only by
	136	initial RAM disk (initrd) while <varname>luks.name=</varname>
	137	is honored by both the main system and the initrd.</para>
	138	</listitem>
	139	</varlistentry>
	140
	141	<varlistentry>
	142	<term><varname>luks.options=</varname></term>
	143	<term><varname>rd.luks.options=</varname></term>
	144
	145	<listitem><para>Takes a LUKS super block UUID followed by an
	146	<literal>=</literal> and a string of options separated by
	147	commas as argument. This will override the options for the
	148	given UUID.</para>
	149	<para>If only a list of options, without an UUID, is
	150	specified, they apply to any UUIDs not specified elsewhere,
	151	and without an entry in
	152	<filename>/etc/crypttab</filename>.</para><para>
	153	<varname>rd.luks.options=</varname> is honored only by initial
	154	RAM disk (initrd) while <varname>luks.options=</varname> is
	155	honored by both the main system and the initrd.</para>
	156	</listitem>
	157	</varlistentry>
	158
	159	<varlistentry>
	160	<term><varname>luks.key=</varname></term>
	161	<term><varname>rd.luks.key=</varname></term>
	162
	163	<listitem><para>Takes a password file name as argument or a
	164	LUKS super block UUID followed by a <literal>=</literal> and a
	165	password file name.</para>
	166
	167	<para>For those entries specified with
	168	<varname>rd.luks.uuid=</varname> or
	169	<varname>luks.uuid=</varname>, the password file will be set
	170	to the one specified by <varname>rd.luks.key=</varname> or
	171	<varname>luks.key=</varname> of the corresponding UUID, or the
	172	password file that was specified without a UUID.</para>
	173	<para><varname>rd.luks.key=</varname>
	174	is honored only by initial RAM disk
	175	(initrd) while
	176	<varname>luks.key=</varname> is
	177	honored by both the main system and
	178	the initrd.</para>
	179	</listitem>
	180	</varlistentry>
181	</variablelist>
182	</refsect1>
183
184	<refsect1>
185	<title>See Also</title>
186	<para>
187	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
188	<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
189	<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
3ba3a79d	190	<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
798d3a52 ZJS	191	<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	192	</para>
	193	</refsect1>
8e129f51 LP	194
8e129f51 LP	195	</refentry>