<?xml version="1.0"?>
<!--*-nxml-*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-<!--
- This file is part of systemd.
-
- Copyright 2012 Lennart Poettering
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
--->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
- <refentryinfo>
- <title>systemd-cryptsetup-generator</title>
- <productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>Developer</contrib>
- <firstname>Lennart</firstname>
- <surname>Poettering</surname>
- <email>lennart@poettering.net</email>
- </author>
- </authorgroup>
- </refentryinfo>
-
- <refmeta>
- <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
- <manvolnum>8</manvolnum>
- </refmeta>
-
- <refnamediv>
- <refname>systemd-cryptsetup-generator</refname>
- <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
- </refsynopsisdiv>
-
- <refsect1>
- <title>Description</title>
-
- <para><filename>systemd-cryptsetup-generator</filename>
- is a generator that translates
- <filename>/etc/crypttab</filename> into native systemd
- units early at boot and when configuration of the
- system manager is reloaded. This will create
- <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- units as necessary.</para>
-
- <para><filename>systemd-cryptsetup-generator</filename>
- implements the <ulink
- url="http://www.freedesktop.org/wiki/Software/systemd/Generators">generator
- specification</ulink>.</para>
- </refsect1>
-
- <refsect1>
- <title>Kernel Command Line</title>
-
- <para><filename>systemd-cryptsetup-generator</filename> understands
- the following kernel command line parameters:</para>
-
- <variablelist class='kernel-commandline-options'>
- <varlistentry>
- <term><varname>luks=</varname></term>
- <term><varname>rd.luks=</varname></term>
-
- <listitem><para>Takes a boolean
- argument. Defaults to
- <literal>yes</literal>. If
- <literal>no</literal> disables the
- generator
- entirely. <varname>rd.luks=</varname>
- is honored only by initial RAM disk
- (initrd) while
- <varname>luks=</varname> is honored
- by both the main system and the
- initrd. </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>luks.crypttab=</varname></term>
- <term><varname>rd.luks.crypttab=</varname></term>
-
- <listitem><para>Takes a boolean
- argument. Defaults to
- <literal>yes</literal>. If
- <literal>no</literal> causes the
- generator to ignore any devices
- configured in
- <filename>/etc/crypttab</filename>
- (<varname>luks.uuid=</varname> will
- still work
- however). <varname>rd.luks.crypttab=</varname>
- is honored only by initial RAM disk
- (initrd) while
- <varname>luks.crypttab=</varname> is
- honored by both the main system and
- the initrd. </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>luks.uuid=</varname></term>
- <term><varname>rd.luks.uuid=</varname></term>
-
- <listitem><para>Takes a LUKS super
- block UUID as argument. This will
- activate the specified device as part
- of the boot process as if it was
- listed in
- <filename>/etc/fstab</filename>. This
- option may be specified more than once
- in order to set up multiple
- devices. <varname>rd.luks.uuid=</varname>
- is honored only by initial RAM disk
- (initrd) while
- <varname>luks.uuid=</varname> is
- honored by both the main system and
- the initrd.</para></listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1>
- <title>See Also</title>
- <para>
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- </para>
- </refsect1>
+ <refentryinfo>
+ <title>systemd-cryptsetup-generator</title>
+ <productname>systemd</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd-cryptsetup-generator</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd-cryptsetup-generator</refname>
+ <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para><filename>systemd-cryptsetup-generator</filename> is a
+ generator that translates <filename>/etc/crypttab</filename> into
+ native systemd units early at boot and when configuration of the
+ system manager is reloaded. This will create
+ <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ units as necessary.</para>
+
+ <para><filename>systemd-cryptsetup-generator</filename> implements
+ <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Kernel Command Line</title>
+
+ <para><filename>systemd-cryptsetup-generator</filename>
+ understands the following kernel command line parameters:</para>
+
+ <variablelist class='kernel-commandline-options'>
+ <varlistentry>
+ <term><varname>luks=</varname></term>
+ <term><varname>rd.luks=</varname></term>
+
+ <listitem><para>Takes a boolean argument. Defaults to
+ <literal>yes</literal>. If <literal>no</literal>, disables the
+ generator entirely. <varname>rd.luks=</varname> is honored
+ only by initial RAM disk (initrd) while
+ <varname>luks=</varname> is honored by both the main system
+ and the initrd. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>luks.crypttab=</varname></term>
+ <term><varname>rd.luks.crypttab=</varname></term>
+
+ <listitem><para>Takes a boolean argument. Defaults to
+ <literal>yes</literal>. If <literal>no</literal>, causes the
+ generator to ignore any devices configured in
+ <filename>/etc/crypttab</filename>
+ (<varname>luks.uuid=</varname> will still work however).
+ <varname>rd.luks.crypttab=</varname> is honored only by
+ initial RAM disk (initrd) while
+ <varname>luks.crypttab=</varname> is honored by both the main
+ system and the initrd. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>luks.uuid=</varname></term>
+ <term><varname>rd.luks.uuid=</varname></term>
+
+ <listitem><para>Takes a LUKS superblock UUID as argument. This
+ will activate the specified device as part of the boot process
+ as if it was listed in <filename>/etc/crypttab</filename>.
+ This option may be specified more than once in order to set up
+ multiple devices. <varname>rd.luks.uuid=</varname> is honored
+ only by initial RAM disk (initrd) while
+ <varname>luks.uuid=</varname> is honored by both the main
+ system and the initrd.</para>
+ <para>If /etc/crypttab contains entries with the same UUID,
+ then the name, keyfile and options specified there will be
+ used. Otherwise, the device will have the name
+ <literal>luks-UUID</literal>.</para>
+ <para>If /etc/crypttab exists, only those UUIDs
+ specified on the kernel command line
+ will be activated in the initrd or the real root.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>luks.name=</varname></term>
+ <term><varname>rd.luks.name=</varname></term>
+
+ <listitem><para>Takes a LUKS super block UUID followed by an
+ <literal>=</literal> and a name. This implies
+ <varname>rd.luks.uuid=</varname> or
+ <varname>luks.uuid=</varname> and will additionally make the
+ LUKS device given by the UUID appear under the provided
+ name.</para>
+
+ <para><varname>rd.luks.name=</varname> is honored only by
+ initial RAM disk (initrd) while <varname>luks.name=</varname>
+ is honored by both the main system and the initrd.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>luks.options=</varname></term>
+ <term><varname>rd.luks.options=</varname></term>
+
+ <listitem><para>Takes a LUKS super block UUID followed by an
+ <literal>=</literal> and a string of options separated by
+ commas as argument. This will override the options for the
+ given UUID.</para>
+ <para>If only a list of options, without an UUID, is
+ specified, they apply to any UUIDs not specified elsewhere,
+ and without an entry in
+ <filename>/etc/crypttab</filename>.</para><para>
+ <varname>rd.luks.options=</varname> is honored only by initial
+ RAM disk (initrd) while <varname>luks.options=</varname> is
+ honored by both the main system and the initrd.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>luks.key=</varname></term>
+ <term><varname>rd.luks.key=</varname></term>
+
+ <listitem><para>Takes a password file name as argument or a
+ LUKS super block UUID followed by a <literal>=</literal> and a
+ password file name.</para>
+
+ <para>For those entries specified with
+ <varname>rd.luks.uuid=</varname> or
+ <varname>luks.uuid=</varname>, the password file will be set
+ to the one specified by <varname>rd.luks.key=</varname> or
+ <varname>luks.key=</varname> of the corresponding UUID, or the
+ password file that was specified without a UUID.</para>
+
+ <para>It is also possible to specify an external device which
+ should be mounted before we attempt to unlock the LUKS device.
+ systemd-cryptsetup will use password file stored on that
+ device. Device containing password file is specified by
+ appending colon and a device identifier to the password file
+ path. For example,
+ <varname>rd.luks.uuid=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40
+ <varname>rd.luks.key=</varname>b40f1abf-2a53-400a-889a-2eccc27eaa40=/keyfile:LABEL=keydev.
+ Hence, in this case, we will attempt to mount file system
+ residing on the block device with label <literal>keydev</literal>.
+ This syntax is for now only supported on a per-device basis,
+ i.e. you have to specify LUKS device UUID.</para>
+
+ <para><varname>rd.luks.key=</varname>
+ is honored only by initial RAM disk
+ (initrd) while
+ <varname>luks.key=</varname> is
+ honored by both the main system and
+ the initrd.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
</refentry>
projects / thirdparty / systemd.git / blobdiff