dracut.kernel.7: crypto LUKS - info about gpg-encrypted keys

diff --git a/dracut.kernel.7.xml b/dracut.kernel.7.xml
index 1de4df1932330a406254b7bc46d0462c2a012ec2..a277c7406e6fb59bcbd7339f23b6cf7e3beefaa7 100644 (file)
--- a/dracut.kernel.7.xml
+++ b/dracut.kernel.7.xml
@@ -317,7 +317,7 @@ This parameter can be specified multiple times.</para>
             <envar>rd.luks.key=</envar><replaceable>&lt;keypath&gt;:&lt;keydev&gt;:&lt;luksdev&gt;</replaceable>
           </term>
           <listitem>
-            <para><replaceable>keypath</replaceable> is a path to key file to look for. It&apos;s REQUIRED.</para>
+            <para><replaceable>keypath</replaceable> is a path to key file to look for. It&apos;s REQUIRED. When <replaceable>keypath</replaceable> ends with '.gpg' it's considered to be key encrypted symmetrically with GPG. You will be prompted for password on boot. GPG support comes with 'crypt-gpg' module which needs to be added explicitly.</para>
             <para><replaceable>keydev</replaceable> is a device on which key file resides. It might be kernel name of devices (should start with &quot;/dev/&quot;), UUID (prefixed with &quot;UUID=&quot;) or label (prefix with &quot;LABEL=&quot;).  You don&apos;t have to specify full UUID. Just its beginning will suffice, even if its ambiguous. All matching devices will be probed. This parameter is recommended, but not required. If not present, all block devices will be probed, which may significantly increase boot time.</para>
             <para>If <replaceable>luksdev</replaceable> is given, the specified key will only be applied for that LUKS device. Possible values are the same as for <replaceable>keydev</replaceable>. Unless you have several LUKS devices, you don&apos;t have to specify this parameter.</para>
             <para>The simplest usage is:</para>