[thirdparty/systemd.git] / man / systemd-cryptsetup-generator.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'
          xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-cryptsetup-generator</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-cryptsetup-generator</refname>
    <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><filename>systemd-cryptsetup-generator</filename> is a
    generator that translates <filename>/etc/crypttab</filename> into
    native systemd units early at boot and when configuration of the
    system manager is reloaded. This will create
    <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    units as necessary.</para>

    <para><filename>systemd-cryptsetup-generator</filename> implements
    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>Kernel Command Line</title>

    <para><filename>systemd-cryptsetup-generator</filename>
    understands the following kernel command line parameters:</para>

    <variablelist class='kernel-commandline-options'>
      <varlistentry>
        <term><varname>luks=</varname></term>
        <term><varname>rd.luks=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to <literal>yes</literal>. If
        <literal>no</literal>, disables the generator entirely. <varname>rd.luks=</varname> is honored only
        in the initrd while <varname>luks=</varname> is honored by both the main system and in the initrd.
        </para>

        <xi:include href="version-info.xml" xpointer="v186"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.crypttab=</varname></term>
        <term><varname>rd.luks.crypttab=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to <literal>yes</literal>. If
        <literal>no</literal>, causes the generator to ignore any devices configured in
        <filename>/etc/crypttab</filename> (<varname>luks.uuid=</varname> will still work however).
        <varname>rd.luks.crypttab=</varname> is honored only in initrd while
        <varname>luks.crypttab=</varname> is honored by both the main system and in the initrd.
        </para>

        <xi:include href="version-info.xml" xpointer="v186"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.uuid=</varname></term>
        <term><varname>rd.luks.uuid=</varname></term>

        <listitem><para>Takes a LUKS superblock UUID as argument. This will activate the specified device as
        part of the boot process as if it was listed in <filename>/etc/crypttab</filename>. This option may
        be specified more than once in order to set up multiple devices. <varname>rd.luks.uuid=</varname> is
        honored only in the initrd, while <varname>luks.uuid=</varname> is honored by both the main system
        and in the initrd.</para>

        <para>If <filename>/etc/crypttab</filename> contains entries with the same UUID, then the name,
        keyfile and options specified there will be used. Otherwise, the device will have the name
        <literal>luks-UUID</literal>.</para>

        <para>If <filename>/etc/crypttab</filename> exists, only those UUIDs specified on the kernel command
        line will be activated in the initrd or the real root.</para>

        <xi:include href="version-info.xml" xpointer="v186"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.name=</varname></term>
        <term><varname>rd.luks.name=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a name. This implies
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname> and will additionally make the
        LUKS device given by the UUID appear under the provided
        name.</para>

        <para>This parameter is the analogue of the first <citerefentry><refentrytitle>crypttab</refentrytitle>
        <manvolnum>5</manvolnum></citerefentry> field <replaceable>volume-name</replaceable>.</para>

        <para><varname>rd.luks.name=</varname> is honored only in the initrd, while
        <varname>luks.name=</varname> is honored by both the main system and in the initrd.</para>

        <xi:include href="version-info.xml" xpointer="v218"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.data=</varname></term>
        <term><varname>rd.luks.data=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by a <literal>=</literal> and a block device
        specification for device hosting encrypted data.</para>

        <para>For those entries specified with <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname>, the data device will be set to the one specified by
        <varname>rd.luks.data=</varname> or <varname>luks.data=</varname> of the corresponding UUID.</para>

        <para>LUKS data device parameter is useful for specifying encrypted data devices with detached headers specified in
        <varname>luks.options</varname> entry containing <literal>header=</literal> argument. For example,
        <varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
        <varname>rd.luks.options=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=header=/path/to/luks.hdr
        <varname>rd.luks.data=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/dev/sdx.
        Hence, in this case, we will attempt to unlock LUKS device assembled from data device <literal>/dev/sdx</literal>
        and LUKS header (metadata) put in <literal>/path/to/luks.hdr</literal> file. This syntax is for now
        only supported on a per-device basis, i.e. you have to specify LUKS device UUID.</para>

        <para>This parameter is the analogue of the second <citerefentry><refentrytitle>crypttab</refentrytitle>
        <manvolnum>5</manvolnum></citerefentry> field <replaceable>encrypted-device</replaceable>.</para>

        <para><varname>rd.luks.data=</varname> is honored only in the initrd, while
        <varname>luks.data=</varname> is honored by both the main system and in the initrd.</para>

        <xi:include href="version-info.xml" xpointer="v247"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.key=</varname></term>
        <term><varname>rd.luks.key=</varname></term>

        <listitem><para>Takes a password file name as argument or a
        LUKS super block UUID followed by a <literal>=</literal> and a
        password file name.</para>

        <para>For those entries specified with
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname>, the password file will be set
        to the one specified by <varname>rd.luks.key=</varname> or
        <varname>luks.key=</varname> of the corresponding UUID, or the
        password file that was specified without a UUID.</para>

        <para>It is also possible to specify an external device which
        should be mounted before we attempt to unlock the LUKS device.
        systemd-cryptsetup will use password file stored on that
        device. Device containing password file is specified by
        appending colon and a device identifier to the password file
        path. For example,
        <varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
        <varname>rd.luks.key=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/keyfile:LABEL=keydev.
        Hence, in this case, we will attempt to mount file system
        residing on the block device with label <literal>keydev</literal>.
        This syntax is for now only supported on a per-device basis,
        i.e. you have to specify LUKS device UUID.</para>

        <para>This parameter is the analogue of the third <citerefentry><refentrytitle>crypttab</refentrytitle>
        <manvolnum>5</manvolnum></citerefentry> field <replaceable>key-file</replaceable>.</para>

        <para><varname>rd.luks.key=</varname> is honored only in the initrd, while
        <varname>luks.key=</varname> is honored by both the main system and in the initrd.</para>

        <xi:include href="version-info.xml" xpointer="v202"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.options=</varname></term>
        <term><varname>rd.luks.options=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a string of options separated by
        commas as argument. This will override the options for the
        given UUID.</para>
        <para>If only a list of options, without a UUID, is
        specified, they apply to any UUIDs not specified elsewhere,
        and without an entry in
        <filename>/etc/crypttab</filename>.</para>

        <para>This parameter is the analogue of the fourth <citerefentry><refentrytitle>crypttab</refentrytitle>
        <manvolnum>5</manvolnum></citerefentry> field <replaceable>options</replaceable>.</para>

        <para>It is possible to specify an external device which
        should be mounted before we attempt to unlock the LUKS device.
        systemd-cryptsetup will assemble LUKS device by combining
        data device specified in <varname>luks.data</varname> with
        detached LUKS header found in <literal>header=</literal>
        argument. For example,
        <varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
        <varname>rd.luks.options=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=header=/luks.hdr:LABEL=hdrdev
        <varname>rd.luks.data=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/dev/sdx.
        Hence, in this case, we will attempt to mount file system
        residing on the block device with label <literal>hdrdev</literal>, and look
        for <literal>luks.hdr</literal> on that file system. Said header will be used
        to unlock (decrypt) encrypted data stored on /dev/sdx.
        This syntax is for now only supported on a per-device basis,
        i.e. you have to specify LUKS device UUID.</para>

        <para><varname>rd.luks.options=</varname> is honored only by initial
        RAM disk (initrd) while <varname>luks.options=</varname> is
        honored by both the main system and in the initrd.</para>

        <xi:include href="version-info.xml" xpointer="v208"/>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para><simplelist type="inline">
      <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
    </simplelist></para>
  </refsect1>

</refentry>
Commit	Line	Data
8e129f51 LP	1	<?xml version="1.0"?>
8e129f51 LP	2	<!---nxml--->
3a54a157	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
eea10b26	4	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
db9ecf05	5	<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
4623eecb AK	6	<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'
4623eecb AK	7	xmlns:xi="http://www.w3.org/2001/XInclude">
8e129f51	8
798d3a52 ZJS	9	<refentryinfo>
	10	<title>systemd-cryptsetup-generator</title>
	11	<productname>systemd</productname>
798d3a52 ZJS	12	</refentryinfo>
	13
	14	<refmeta>
	15	<refentrytitle>systemd-cryptsetup-generator</refentrytitle>
	16	<manvolnum>8</manvolnum>
	17	</refmeta>
	18
	19	<refnamediv>
	20	<refname>systemd-cryptsetup-generator</refname>
	21	<refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
	22	</refnamediv>
	23
	24	<refsynopsisdiv>
12b42c76	25	<para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
798d3a52 ZJS	26	</refsynopsisdiv>
	27
	28	<refsect1>
	29	<title>Description</title>
	30
	31	<para><filename>systemd-cryptsetup-generator</filename> is a
	32	generator that translates <filename>/etc/crypttab</filename> into
	33	native systemd units early at boot and when configuration of the
	34	system manager is reloaded. This will create
	35	<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	36	units as necessary.</para>
	37
b1c1a519 ZC	38	<para><filename>systemd-cryptsetup-generator</filename> implements
b1c1a519 ZC	39	<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
798d3a52 ZJS	40	</refsect1>
	41
	42	<refsect1>
	43	<title>Kernel Command Line</title>
	44
	45	<para><filename>systemd-cryptsetup-generator</filename>
	46	understands the following kernel command line parameters:</para>
	47
	48	<variablelist class='kernel-commandline-options'>
	49	<varlistentry>
	50	<term><varname>luks=</varname></term>
	51	<term><varname>rd.luks=</varname></term>
	52
b66a6e1a ZJS	53	<listitem><para>Takes a boolean argument. Defaults to <literal>yes</literal>. If
	54	<literal>no</literal>, disables the generator entirely. <varname>rd.luks=</varname> is honored only
	55	in the initrd while <varname>luks=</varname> is honored by both the main system and in the initrd.
ec07c3c8 AK	56	</para>
	57
	58	<xi:include href="version-info.xml" xpointer="v186"/></listitem>
798d3a52 ZJS	59	</varlistentry>
	60
	61	<varlistentry>
	62	<term><varname>luks.crypttab=</varname></term>
	63	<term><varname>rd.luks.crypttab=</varname></term>
	64
b66a6e1a ZJS	65	<listitem><para>Takes a boolean argument. Defaults to <literal>yes</literal>. If
	66	<literal>no</literal>, causes the generator to ignore any devices configured in
	67	<filename>/etc/crypttab</filename> (<varname>luks.uuid=</varname> will still work however).
	68	<varname>rd.luks.crypttab=</varname> is honored only in initrd while
8b9f0921	69	<varname>luks.crypttab=</varname> is honored by both the main system and in the initrd.
ec07c3c8 AK	70	</para>
	71
	72	<xi:include href="version-info.xml" xpointer="v186"/></listitem>
798d3a52 ZJS	73	</varlistentry>
	74
	75	<varlistentry>
	76	<term><varname>luks.uuid=</varname></term>
	77	<term><varname>rd.luks.uuid=</varname></term>
	78
b66a6e1a ZJS	79	<listitem><para>Takes a LUKS superblock UUID as argument. This will activate the specified device as
	80	part of the boot process as if it was listed in <filename>/etc/crypttab</filename>. This option may
	81	be specified more than once in order to set up multiple devices. <varname>rd.luks.uuid=</varname> is
	82	honored only in the initrd, while <varname>luks.uuid=</varname> is honored by both the main system
8b9f0921	83	and in the initrd.</para>
b66a6e1a ZJS	84
	85	<para>If <filename>/etc/crypttab</filename> contains entries with the same UUID, then the name,
	86	keyfile and options specified there will be used. Otherwise, the device will have the name
798d3a52	87	<literal>luks-UUID</literal>.</para>
b66a6e1a ZJS	88
	89	<para>If <filename>/etc/crypttab</filename> exists, only those UUIDs specified on the kernel command
	90	line will be activated in the initrd or the real root.</para>
ec07c3c8 AK	91
ec07c3c8 AK	92	<xi:include href="version-info.xml" xpointer="v186"/>
798d3a52 ZJS	93	</listitem>
	94	</varlistentry>
	95
	96	<varlistentry>
	97	<term><varname>luks.name=</varname></term>
	98	<term><varname>rd.luks.name=</varname></term>
	99
	100	<listitem><para>Takes a LUKS super block UUID followed by an
	101	<literal>=</literal> and a name. This implies
	102	<varname>rd.luks.uuid=</varname> or
	103	<varname>luks.uuid=</varname> and will additionally make the
	104	LUKS device given by the UUID appear under the provided
	105	name.</para>
	106
a8574d00 OK	107	<para>This parameter is the analogue of the first <citerefentry><refentrytitle>crypttab</refentrytitle>
	108	<manvolnum>5</manvolnum></citerefentry> field <replaceable>volume-name</replaceable>.</para>
	109
b66a6e1a	110	<para><varname>rd.luks.name=</varname> is honored only in the initrd, while
8b9f0921	111	<varname>luks.name=</varname> is honored by both the main system and in the initrd.</para>
ec07c3c8 AK	112
ec07c3c8 AK	113	<xi:include href="version-info.xml" xpointer="v218"/>
798d3a52 ZJS	114	</listitem>
	115	</varlistentry>
	116
	117	<varlistentry>
a8574d00 OK	118	<term><varname>luks.data=</varname></term>
a8574d00 OK	119	<term><varname>rd.luks.data=</varname></term>
798d3a52	120
a8574d00 OK	121	<listitem><para>Takes a LUKS super block UUID followed by a <literal>=</literal> and a block device
	122	specification for device hosting encrypted data.</para>
	123
	124	<para>For those entries specified with <varname>rd.luks.uuid=</varname> or
	125	<varname>luks.uuid=</varname>, the data device will be set to the one specified by
	126	<varname>rd.luks.data=</varname> or <varname>luks.data=</varname> of the corresponding UUID.</para>
	127
377a9545	128	<para>LUKS data device parameter is useful for specifying encrypted data devices with detached headers specified in
a8574d00 OK	129	<varname>luks.options</varname> entry containing <literal>header=</literal> argument. For example,
	130	<varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
	131	<varname>rd.luks.options=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=header=/path/to/luks.hdr
	132	<varname>rd.luks.data=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/dev/sdx.
	133	Hence, in this case, we will attempt to unlock LUKS device assembled from data device <literal>/dev/sdx</literal>
	134	and LUKS header (metadata) put in <literal>/path/to/luks.hdr</literal> file. This syntax is for now
	135	only supported on a per-device basis, i.e. you have to specify LUKS device UUID.</para>
	136
	137	<para>This parameter is the analogue of the second <citerefentry><refentrytitle>crypttab</refentrytitle>
	138	<manvolnum>5</manvolnum></citerefentry> field <replaceable>encrypted-device</replaceable>.</para>
	139
b66a6e1a ZJS	140	<para><varname>rd.luks.data=</varname> is honored only in the initrd, while
b66a6e1a ZJS	141	<varname>luks.data=</varname> is honored by both the main system and in the initrd.</para>
ec07c3c8 AK	142
ec07c3c8 AK	143	<xi:include href="version-info.xml" xpointer="v247"/>
798d3a52 ZJS	144	</listitem>
	145	</varlistentry>
	146
	147	<varlistentry>
	148	<term><varname>luks.key=</varname></term>
	149	<term><varname>rd.luks.key=</varname></term>
	150
	151	<listitem><para>Takes a password file name as argument or a
	152	LUKS super block UUID followed by a <literal>=</literal> and a
	153	password file name.</para>
	154
	155	<para>For those entries specified with
	156	<varname>rd.luks.uuid=</varname> or
	157	<varname>luks.uuid=</varname>, the password file will be set
	158	to the one specified by <varname>rd.luks.key=</varname> or
	159	<varname>luks.key=</varname> of the corresponding UUID, or the
	160	password file that was specified without a UUID.</para>
70f5f48e MS	161
	162	<para>It is also possible to specify an external device which
	163	should be mounted before we attempt to unlock the LUKS device.
	164	systemd-cryptsetup will use password file stored on that
	165	device. Device containing password file is specified by
	166	appending colon and a device identifier to the password file
	167	path. For example,
	168	<varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
	169	<varname>rd.luks.key=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/keyfile:LABEL=keydev.
	170	Hence, in this case, we will attempt to mount file system
	171	residing on the block device with label <literal>keydev</literal>.
	172	This syntax is for now only supported on a per-device basis,
	173	i.e. you have to specify LUKS device UUID.</para>
	174
a8574d00 OK	175	<para>This parameter is the analogue of the third <citerefentry><refentrytitle>crypttab</refentrytitle>
	176	<manvolnum>5</manvolnum></citerefentry> field <replaceable>key-file</replaceable>.</para>
	177
b66a6e1a ZJS	178	<para><varname>rd.luks.key=</varname> is honored only in the initrd, while
b66a6e1a ZJS	179	<varname>luks.key=</varname> is honored by both the main system and in the initrd.</para>
ec07c3c8 AK	180
ec07c3c8 AK	181	<xi:include href="version-info.xml" xpointer="v202"/>
798d3a52 ZJS	182	</listitem>
798d3a52 ZJS	183	</varlistentry>
a8574d00 OK	184
	185	<varlistentry>
	186	<term><varname>luks.options=</varname></term>
	187	<term><varname>rd.luks.options=</varname></term>
	188
	189	<listitem><para>Takes a LUKS super block UUID followed by an
	190	<literal>=</literal> and a string of options separated by
	191	commas as argument. This will override the options for the
	192	given UUID.</para>
5bc9ea07	193	<para>If only a list of options, without a UUID, is
a8574d00 OK	194	specified, they apply to any UUIDs not specified elsewhere,
	195	and without an entry in
	196	<filename>/etc/crypttab</filename>.</para>
	197
	198	<para>This parameter is the analogue of the fourth <citerefentry><refentrytitle>crypttab</refentrytitle>
	199	<manvolnum>5</manvolnum></citerefentry> field <replaceable>options</replaceable>.</para>
	200
	201	<para>It is possible to specify an external device which
	202	should be mounted before we attempt to unlock the LUKS device.
	203	systemd-cryptsetup will assemble LUKS device by combining
	204	data device specified in <varname>luks.data</varname> with
	205	detached LUKS header found in <literal>header=</literal>
	206	argument. For example,
	207	<varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
	208	<varname>rd.luks.options=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=header=/luks.hdr:LABEL=hdrdev
	209	<varname>rd.luks.data=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/dev/sdx.
	210	Hence, in this case, we will attempt to mount file system
	211	residing on the block device with label <literal>hdrdev</literal>, and look
	212	for <literal>luks.hdr</literal> on that file system. Said header will be used
	213	to unlock (decrypt) encrypted data stored on /dev/sdx.
	214	This syntax is for now only supported on a per-device basis,
	215	i.e. you have to specify LUKS device UUID.</para>
	216
	217	<para><varname>rd.luks.options=</varname> is honored only by initial
	218	RAM disk (initrd) while <varname>luks.options=</varname> is
8b9f0921	219	honored by both the main system and in the initrd.</para>
ec07c3c8 AK	220
ec07c3c8 AK	221	<xi:include href="version-info.xml" xpointer="v208"/>
a8574d00 OK	222	</listitem>
a8574d00 OK	223	</varlistentry>
798d3a52 ZJS	224	</variablelist>
	225	</refsect1>
	226
	227	<refsect1>
	228	<title>See Also</title>
13a69c12 DT	229	<para><simplelist type="inline">
	230	<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
	231	<member><citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
	232	<member><citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
	233	<member><citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
	234	<member><citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
	235	<member><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
	236	</simplelist></para>
798d3a52	237	</refsect1>
8e129f51 LP	238
8e129f51 LP	239	</refentry>