[thirdparty/systemd.git] / man / systemd-cryptsetup-generator.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
  SPDX-License-Identifier: LGPL-2.1+
-->
<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>

  <refentryinfo>
    <title>systemd-cryptsetup-generator</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-cryptsetup-generator</refname>
    <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><filename>systemd-cryptsetup-generator</filename> is a
    generator that translates <filename>/etc/crypttab</filename> into
    native systemd units early at boot and when configuration of the
    system manager is reloaded. This will create
    <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    units as necessary.</para>

    <para><filename>systemd-cryptsetup-generator</filename> implements
    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>Kernel Command Line</title>

    <para><filename>systemd-cryptsetup-generator</filename>
    understands the following kernel command line parameters:</para>

    <variablelist class='kernel-commandline-options'>
      <varlistentry>
        <term><varname>luks=</varname></term>
        <term><varname>rd.luks=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to
        <literal>yes</literal>. If <literal>no</literal>, disables the
        generator entirely. <varname>rd.luks=</varname> is honored
        only by initial RAM disk (initrd) while
        <varname>luks=</varname> is honored by both the main system
        and the initrd. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.crypttab=</varname></term>
        <term><varname>rd.luks.crypttab=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to
        <literal>yes</literal>. If <literal>no</literal>, causes the
        generator to ignore any devices configured in
        <filename>/etc/crypttab</filename>
        (<varname>luks.uuid=</varname> will still work however).
        <varname>rd.luks.crypttab=</varname> is honored only by
        initial RAM disk (initrd) while
        <varname>luks.crypttab=</varname> is honored by both the main
        system and the initrd. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.uuid=</varname></term>
        <term><varname>rd.luks.uuid=</varname></term>

        <listitem><para>Takes a LUKS superblock UUID as argument. This
        will activate the specified device as part of the boot process
        as if it was listed in <filename>/etc/crypttab</filename>.
        This option may be specified more than once in order to set up
        multiple devices. <varname>rd.luks.uuid=</varname> is honored
        only by initial RAM disk (initrd) while
        <varname>luks.uuid=</varname> is honored by both the main
        system and the initrd.</para>
        <para>If /etc/crypttab contains entries with the same UUID,
        then the name, keyfile and options specified there will be
        used. Otherwise, the device will have the name
        <literal>luks-UUID</literal>.</para>
        <para>If /etc/crypttab exists, only those UUIDs
        specified on the kernel command line
        will be activated in the initrd or the real root.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.name=</varname></term>
        <term><varname>rd.luks.name=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a name. This implies
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname> and will additionally make the
        LUKS device given by the UUID appear under the provided
        name.</para>

        <para><varname>rd.luks.name=</varname> is honored only by
        initial RAM disk (initrd) while <varname>luks.name=</varname>
        is honored by both the main system and the initrd.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.options=</varname></term>
        <term><varname>rd.luks.options=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a string of options separated by
        commas as argument. This will override the options for the
        given UUID.</para>
        <para>If only a list of options, without an UUID, is
        specified, they apply to any UUIDs not specified elsewhere,
        and without an entry in
        <filename>/etc/crypttab</filename>.</para><para>
        <varname>rd.luks.options=</varname> is honored only by initial
        RAM disk (initrd) while <varname>luks.options=</varname> is
        honored by both the main system and the initrd.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.key=</varname></term>
        <term><varname>rd.luks.key=</varname></term>

        <listitem><para>Takes a password file name as argument or a
        LUKS super block UUID followed by a <literal>=</literal> and a
        password file name.</para>

        <para>For those entries specified with
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname>, the password file will be set
        to the one specified by <varname>rd.luks.key=</varname> or
        <varname>luks.key=</varname> of the corresponding UUID, or the
        password file that was specified without a UUID.</para>
        <para><varname>rd.luks.key=</varname>
        is honored only by initial RAM disk
        (initrd) while
        <varname>luks.key=</varname> is
        honored by both the main system and
        the initrd.</para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
8e129f51 LP	1	<?xml version="1.0"?>
8e129f51 LP	2	<!---nxml--->
12b42c76	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
8e129f51	4	<!--
572eb058	5	SPDX-License-Identifier: LGPL-2.1+
8e129f51	6	-->
56ba3c78	7	<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
8e129f51	8
798d3a52 ZJS	9	<refentryinfo>
	10	<title>systemd-cryptsetup-generator</title>
	11	<productname>systemd</productname>
798d3a52 ZJS	12	</refentryinfo>
	13
	14	<refmeta>
	15	<refentrytitle>systemd-cryptsetup-generator</refentrytitle>
	16	<manvolnum>8</manvolnum>
	17	</refmeta>
	18
	19	<refnamediv>
	20	<refname>systemd-cryptsetup-generator</refname>
	21	<refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
	22	</refnamediv>
	23
	24	<refsynopsisdiv>
12b42c76	25	<para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
798d3a52 ZJS	26	</refsynopsisdiv>
	27
	28	<refsect1>
	29	<title>Description</title>
	30
	31	<para><filename>systemd-cryptsetup-generator</filename> is a
	32	generator that translates <filename>/etc/crypttab</filename> into
	33	native systemd units early at boot and when configuration of the
	34	system manager is reloaded. This will create
	35	<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	36	units as necessary.</para>
	37
b1c1a519 ZC	38	<para><filename>systemd-cryptsetup-generator</filename> implements
b1c1a519 ZC	39	<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
798d3a52 ZJS	40	</refsect1>
	41
	42	<refsect1>
	43	<title>Kernel Command Line</title>
	44
	45	<para><filename>systemd-cryptsetup-generator</filename>
	46	understands the following kernel command line parameters:</para>
	47
	48	<variablelist class='kernel-commandline-options'>
	49	<varlistentry>
	50	<term><varname>luks=</varname></term>
	51	<term><varname>rd.luks=</varname></term>
	52
	53	<listitem><para>Takes a boolean argument. Defaults to
	54	<literal>yes</literal>. If <literal>no</literal>, disables the
	55	generator entirely. <varname>rd.luks=</varname> is honored
	56	only by initial RAM disk (initrd) while
	57	<varname>luks=</varname> is honored by both the main system
	58	and the initrd. </para></listitem>
	59	</varlistentry>
	60
	61	<varlistentry>
	62	<term><varname>luks.crypttab=</varname></term>
	63	<term><varname>rd.luks.crypttab=</varname></term>
	64
	65	<listitem><para>Takes a boolean argument. Defaults to
	66	<literal>yes</literal>. If <literal>no</literal>, causes the
	67	generator to ignore any devices configured in
	68	<filename>/etc/crypttab</filename>
	69	(<varname>luks.uuid=</varname> will still work however).
	70	<varname>rd.luks.crypttab=</varname> is honored only by
	71	initial RAM disk (initrd) while
	72	<varname>luks.crypttab=</varname> is honored by both the main
	73	system and the initrd. </para></listitem>
	74	</varlistentry>
	75
	76	<varlistentry>
	77	<term><varname>luks.uuid=</varname></term>
	78	<term><varname>rd.luks.uuid=</varname></term>
	79
	80	<listitem><para>Takes a LUKS superblock UUID as argument. This
	81	will activate the specified device as part of the boot process
	82	as if it was listed in <filename>/etc/crypttab</filename>.
	83	This option may be specified more than once in order to set up
	84	multiple devices. <varname>rd.luks.uuid=</varname> is honored
	85	only by initial RAM disk (initrd) while
	86	<varname>luks.uuid=</varname> is honored by both the main
	87	system and the initrd.</para>
	88	<para>If /etc/crypttab contains entries with the same UUID,
	89	then the name, keyfile and options specified there will be
b938cb90	90	used. Otherwise, the device will have the name
798d3a52 ZJS	91	<literal>luks-UUID</literal>.</para>
	92	<para>If /etc/crypttab exists, only those UUIDs
	93	specified on the kernel command line
	94	will be activated in the initrd or the real root.</para>
	95	</listitem>
	96	</varlistentry>
	97
	98	<varlistentry>
	99	<term><varname>luks.name=</varname></term>
	100	<term><varname>rd.luks.name=</varname></term>
	101
	102	<listitem><para>Takes a LUKS super block UUID followed by an
	103	<literal>=</literal> and a name. This implies
	104	<varname>rd.luks.uuid=</varname> or
	105	<varname>luks.uuid=</varname> and will additionally make the
	106	LUKS device given by the UUID appear under the provided
	107	name.</para>
	108
	109	<para><varname>rd.luks.name=</varname> is honored only by
	110	initial RAM disk (initrd) while <varname>luks.name=</varname>
	111	is honored by both the main system and the initrd.</para>
	112	</listitem>
	113	</varlistentry>
	114
	115	<varlistentry>
	116	<term><varname>luks.options=</varname></term>
	117	<term><varname>rd.luks.options=</varname></term>
	118
	119	<listitem><para>Takes a LUKS super block UUID followed by an
	120	<literal>=</literal> and a string of options separated by
	121	commas as argument. This will override the options for the
	122	given UUID.</para>
	123	<para>If only a list of options, without an UUID, is
	124	specified, they apply to any UUIDs not specified elsewhere,
	125	and without an entry in
	126	<filename>/etc/crypttab</filename>.</para><para>
	127	<varname>rd.luks.options=</varname> is honored only by initial
	128	RAM disk (initrd) while <varname>luks.options=</varname> is
	129	honored by both the main system and the initrd.</para>
	130	</listitem>
	131	</varlistentry>
	132
	133	<varlistentry>
	134	<term><varname>luks.key=</varname></term>
	135	<term><varname>rd.luks.key=</varname></term>
	136
	137	<listitem><para>Takes a password file name as argument or a
	138	LUKS super block UUID followed by a <literal>=</literal> and a
	139	password file name.</para>
	140
	141	<para>For those entries specified with
	142	<varname>rd.luks.uuid=</varname> or
	143	<varname>luks.uuid=</varname>, the password file will be set
	144	to the one specified by <varname>rd.luks.key=</varname> or
	145	<varname>luks.key=</varname> of the corresponding UUID, or the
	146	password file that was specified without a UUID.</para>
	147	<para><varname>rd.luks.key=</varname>
	148	is honored only by initial RAM disk
	149	(initrd) while
	150	<varname>luks.key=</varname> is
	151	honored by both the main system and
	152	the initrd.</para>
	153	</listitem>
	154	</varlistentry>
155	</variablelist>
156	</refsect1>
157
158	<refsect1>
159	<title>See Also</title>
160	<para>
161	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
162	<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
163	<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
3ba3a79d	164	<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
798d3a52 ZJS	165	<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	166	</para>
	167	</refsect1>
8e129f51 LP	168
8e129f51 LP	169	</refentry>