[thirdparty/systemd.git] / man / systemd-cryptsetup-generator.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
  This file is part of systemd.

  Copyright 2012 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>

  <refentryinfo>
    <title>systemd-cryptsetup-generator</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Lennart</firstname>
        <surname>Poettering</surname>
        <email>lennart@poettering.net</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-cryptsetup-generator</refname>
    <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><filename>systemd-cryptsetup-generator</filename> is a
    generator that translates <filename>/etc/crypttab</filename> into
    native systemd units early at boot and when configuration of the
    system manager is reloaded. This will create
    <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    units as necessary.</para>

    <para><filename>systemd-cryptsetup-generator</filename> implements
    <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
    <title>Kernel Command Line</title>

    <para><filename>systemd-cryptsetup-generator</filename>
    understands the following kernel command line parameters:</para>

    <variablelist class='kernel-commandline-options'>
      <varlistentry>
        <term><varname>luks=</varname></term>
        <term><varname>rd.luks=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to
        <literal>yes</literal>. If <literal>no</literal>, disables the
        generator entirely. <varname>rd.luks=</varname> is honored
        only by initial RAM disk (initrd) while
        <varname>luks=</varname> is honored by both the main system
        and the initrd. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.crypttab=</varname></term>
        <term><varname>rd.luks.crypttab=</varname></term>

        <listitem><para>Takes a boolean argument. Defaults to
        <literal>yes</literal>. If <literal>no</literal>, causes the
        generator to ignore any devices configured in
        <filename>/etc/crypttab</filename>
        (<varname>luks.uuid=</varname> will still work however).
        <varname>rd.luks.crypttab=</varname> is honored only by
        initial RAM disk (initrd) while
        <varname>luks.crypttab=</varname> is honored by both the main
        system and the initrd. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.uuid=</varname></term>
        <term><varname>rd.luks.uuid=</varname></term>

        <listitem><para>Takes a LUKS superblock UUID as argument. This
        will activate the specified device as part of the boot process
        as if it was listed in <filename>/etc/crypttab</filename>.
        This option may be specified more than once in order to set up
        multiple devices. <varname>rd.luks.uuid=</varname> is honored
        only by initial RAM disk (initrd) while
        <varname>luks.uuid=</varname> is honored by both the main
        system and the initrd.</para>
        <para>If /etc/crypttab contains entries with the same UUID,
        then the name, keyfile and options specified there will be
        used. Otherwise, the device will have the name
        <literal>luks-UUID</literal>.</para>
        <para>If /etc/crypttab exists, only those UUIDs
        specified on the kernel command line
        will be activated in the initrd or the real root.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.name=</varname></term>
        <term><varname>rd.luks.name=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a name. This implies
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname> and will additionally make the
        LUKS device given by the UUID appear under the provided
        name.</para>

        <para><varname>rd.luks.name=</varname> is honored only by
        initial RAM disk (initrd) while <varname>luks.name=</varname>
        is honored by both the main system and the initrd.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.options=</varname></term>
        <term><varname>rd.luks.options=</varname></term>

        <listitem><para>Takes a LUKS super block UUID followed by an
        <literal>=</literal> and a string of options separated by
        commas as argument. This will override the options for the
        given UUID.</para>
        <para>If only a list of options, without an UUID, is
        specified, they apply to any UUIDs not specified elsewhere,
        and without an entry in
        <filename>/etc/crypttab</filename>.</para><para>
        <varname>rd.luks.options=</varname> is honored only by initial
        RAM disk (initrd) while <varname>luks.options=</varname> is
        honored by both the main system and the initrd.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>luks.key=</varname></term>
        <term><varname>rd.luks.key=</varname></term>

        <listitem><para>Takes a password file name as argument or a
        LUKS super block UUID followed by a <literal>=</literal> and a
        password file name.</para>

        <para>For those entries specified with
        <varname>rd.luks.uuid=</varname> or
        <varname>luks.uuid=</varname>, the password file will be set
        to the one specified by <varname>rd.luks.key=</varname> or
        <varname>luks.key=</varname> of the corresponding UUID, or the
        password file that was specified without a UUID.</para>
        <para><varname>rd.luks.key=</varname>
        is honored only by initial RAM disk
        (initrd) while
        <varname>luks.key=</varname> is
        honored by both the main system and
        the initrd.</para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
8e129f51 LP	1	<?xml version="1.0"?>
8e129f51 LP	2	<!---nxml--->
12b42c76	3	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
8e129f51 LP	4	<!--
	5	This file is part of systemd.
	6
	7	Copyright 2012 Lennart Poettering
	8
	9	systemd is free software; you can redistribute it and/or modify it
	10	under the terms of the GNU Lesser General Public License as published by
	11	the Free Software Foundation; either version 2.1 of the License, or
	12	(at your option) any later version.
	13
	14	systemd is distributed in the hope that it will be useful, but
	15	WITHOUT ANY WARRANTY; without even the implied warranty of
	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	Lesser General Public License for more details.
	18
	19	You should have received a copy of the GNU Lesser General Public License
	20	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	21	-->
56ba3c78	22	<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
8e129f51	23
798d3a52 ZJS	24	<refentryinfo>
	25	<title>systemd-cryptsetup-generator</title>
	26	<productname>systemd</productname>
	27
	28	<authorgroup>
	29	<author>
	30	<contrib>Developer</contrib>
	31	<firstname>Lennart</firstname>
	32	<surname>Poettering</surname>
	33	<email>lennart@poettering.net</email>
	34	</author>
	35	</authorgroup>
	36	</refentryinfo>
	37
	38	<refmeta>
	39	<refentrytitle>systemd-cryptsetup-generator</refentrytitle>
	40	<manvolnum>8</manvolnum>
	41	</refmeta>
	42
	43	<refnamediv>
	44	<refname>systemd-cryptsetup-generator</refname>
	45	<refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
	46	</refnamediv>
	47
	48	<refsynopsisdiv>
12b42c76	49	<para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
798d3a52 ZJS	50	</refsynopsisdiv>
	51
	52	<refsect1>
	53	<title>Description</title>
	54
	55	<para><filename>systemd-cryptsetup-generator</filename> is a
	56	generator that translates <filename>/etc/crypttab</filename> into
	57	native systemd units early at boot and when configuration of the
	58	system manager is reloaded. This will create
	59	<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	60	units as necessary.</para>
	61
b1c1a519 ZC	62	<para><filename>systemd-cryptsetup-generator</filename> implements
b1c1a519 ZC	63	<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
798d3a52 ZJS	64	</refsect1>
	65
	66	<refsect1>
	67	<title>Kernel Command Line</title>
	68
	69	<para><filename>systemd-cryptsetup-generator</filename>
	70	understands the following kernel command line parameters:</para>
	71
	72	<variablelist class='kernel-commandline-options'>
	73	<varlistentry>
	74	<term><varname>luks=</varname></term>
	75	<term><varname>rd.luks=</varname></term>
	76
	77	<listitem><para>Takes a boolean argument. Defaults to
	78	<literal>yes</literal>. If <literal>no</literal>, disables the
	79	generator entirely. <varname>rd.luks=</varname> is honored
	80	only by initial RAM disk (initrd) while
	81	<varname>luks=</varname> is honored by both the main system
	82	and the initrd. </para></listitem>
	83	</varlistentry>
	84
	85	<varlistentry>
	86	<term><varname>luks.crypttab=</varname></term>
	87	<term><varname>rd.luks.crypttab=</varname></term>
	88
	89	<listitem><para>Takes a boolean argument. Defaults to
	90	<literal>yes</literal>. If <literal>no</literal>, causes the
	91	generator to ignore any devices configured in
	92	<filename>/etc/crypttab</filename>
	93	(<varname>luks.uuid=</varname> will still work however).
	94	<varname>rd.luks.crypttab=</varname> is honored only by
	95	initial RAM disk (initrd) while
	96	<varname>luks.crypttab=</varname> is honored by both the main
	97	system and the initrd. </para></listitem>
	98	</varlistentry>
	99
	100	<varlistentry>
	101	<term><varname>luks.uuid=</varname></term>
	102	<term><varname>rd.luks.uuid=</varname></term>
	103
	104	<listitem><para>Takes a LUKS superblock UUID as argument. This
	105	will activate the specified device as part of the boot process
	106	as if it was listed in <filename>/etc/crypttab</filename>.
	107	This option may be specified more than once in order to set up
	108	multiple devices. <varname>rd.luks.uuid=</varname> is honored
	109	only by initial RAM disk (initrd) while
	110	<varname>luks.uuid=</varname> is honored by both the main
	111	system and the initrd.</para>
	112	<para>If /etc/crypttab contains entries with the same UUID,
	113	then the name, keyfile and options specified there will be
b938cb90	114	used. Otherwise, the device will have the name
798d3a52 ZJS	115	<literal>luks-UUID</literal>.</para>
	116	<para>If /etc/crypttab exists, only those UUIDs
	117	specified on the kernel command line
	118	will be activated in the initrd or the real root.</para>
	119	</listitem>
	120	</varlistentry>
	121
	122	<varlistentry>
	123	<term><varname>luks.name=</varname></term>
	124	<term><varname>rd.luks.name=</varname></term>
	125
	126	<listitem><para>Takes a LUKS super block UUID followed by an
	127	<literal>=</literal> and a name. This implies
	128	<varname>rd.luks.uuid=</varname> or
	129	<varname>luks.uuid=</varname> and will additionally make the
	130	LUKS device given by the UUID appear under the provided
	131	name.</para>
	132
	133	<para><varname>rd.luks.name=</varname> is honored only by
	134	initial RAM disk (initrd) while <varname>luks.name=</varname>
	135	is honored by both the main system and the initrd.</para>
	136	</listitem>
	137	</varlistentry>
	138
	139	<varlistentry>
	140	<term><varname>luks.options=</varname></term>
	141	<term><varname>rd.luks.options=</varname></term>
	142
	143	<listitem><para>Takes a LUKS super block UUID followed by an
	144	<literal>=</literal> and a string of options separated by
	145	commas as argument. This will override the options for the
	146	given UUID.</para>
	147	<para>If only a list of options, without an UUID, is
	148	specified, they apply to any UUIDs not specified elsewhere,
	149	and without an entry in
	150	<filename>/etc/crypttab</filename>.</para><para>
	151	<varname>rd.luks.options=</varname> is honored only by initial
	152	RAM disk (initrd) while <varname>luks.options=</varname> is
	153	honored by both the main system and the initrd.</para>
	154	</listitem>
	155	</varlistentry>
	156
	157	<varlistentry>
	158	<term><varname>luks.key=</varname></term>
	159	<term><varname>rd.luks.key=</varname></term>
	160
	161	<listitem><para>Takes a password file name as argument or a
	162	LUKS super block UUID followed by a <literal>=</literal> and a
	163	password file name.</para>
	164
	165	<para>For those entries specified with
	166	<varname>rd.luks.uuid=</varname> or
	167	<varname>luks.uuid=</varname>, the password file will be set
	168	to the one specified by <varname>rd.luks.key=</varname> or
	169	<varname>luks.key=</varname> of the corresponding UUID, or the
	170	password file that was specified without a UUID.</para>
	171	<para><varname>rd.luks.key=</varname>
	172	is honored only by initial RAM disk
	173	(initrd) while
	174	<varname>luks.key=</varname> is
	175	honored by both the main system and
	176	the initrd.</para>
	177	</listitem>
	178	</varlistentry>
179	</variablelist>
180	</refsect1>
181
182	<refsect1>
183	<title>See Also</title>
184	<para>
185	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
186	<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
187	<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
3ba3a79d	188	<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
798d3a52 ZJS	189	<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	190	</para>
	191	</refsect1>
8e129f51 LP	192
8e129f51 LP	193	</refentry>