| <?xml version="1.0"?> |
| <!--*-nxml-*--> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| <!-- |
| This file is part of systemd. |
| |
| Copyright 2012 Lennart Poettering |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| --> |
| <refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'> |
| |
| <refentryinfo> |
| <title>systemd-cryptsetup-generator</title> |
| <productname>systemd</productname> |
| |
| <authorgroup> |
| <author> |
| <contrib>Developer</contrib> |
| <firstname>Lennart</firstname> |
| <surname>Poettering</surname> |
| <email>lennart@poettering.net</email> |
| </author> |
| </authorgroup> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>systemd-cryptsetup-generator</refentrytitle> |
| <manvolnum>8</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>systemd-cryptsetup-generator</refname> |
| <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para><filename>systemd-cryptsetup-generator</filename> is a |
| generator that translates <filename>/etc/crypttab</filename> into |
| native systemd units early at boot and when configuration of the |
| system manager is reloaded. This will create |
| <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
| units as necessary.</para> |
| |
| <para><filename>systemd-cryptsetup-generator</filename> implements |
| <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Kernel Command Line</title> |
| |
| <para><filename>systemd-cryptsetup-generator</filename> |
| understands the following kernel command line parameters:</para> |
| |
| <variablelist class='kernel-commandline-options'> |
| <varlistentry> |
| <term><varname>luks=</varname></term> |
| <term><varname>rd.luks=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. Defaults to |
| <literal>yes</literal>. If <literal>no</literal>, disables the |
| generator entirely. <varname>rd.luks=</varname> is honored |
| only by initial RAM disk (initrd) while |
| <varname>luks=</varname> is honored by both the main system |
| and the initrd. </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>luks.crypttab=</varname></term> |
| <term><varname>rd.luks.crypttab=</varname></term> |
| |
| <listitem><para>Takes a boolean argument. Defaults to |
| <literal>yes</literal>. If <literal>no</literal>, causes the |
| generator to ignore any devices configured in |
| <filename>/etc/crypttab</filename> |
| (<varname>luks.uuid=</varname> will still work however). |
| <varname>rd.luks.crypttab=</varname> is honored only by |
| initial RAM disk (initrd) while |
| <varname>luks.crypttab=</varname> is honored by both the main |
| system and the initrd. </para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>luks.uuid=</varname></term> |
| <term><varname>rd.luks.uuid=</varname></term> |
| |
| <listitem><para>Takes a LUKS superblock UUID as argument. This |
| will activate the specified device as part of the boot process |
| as if it was listed in <filename>/etc/crypttab</filename>. |
| This option may be specified more than once in order to set up |
| multiple devices. <varname>rd.luks.uuid=</varname> is honored |
| only by initial RAM disk (initrd) while |
| <varname>luks.uuid=</varname> is honored by both the main |
| system and the initrd.</para> |
| <para>If /etc/crypttab contains entries with the same UUID, |
| then the name, keyfile and options specified there will be |
| used. Otherwise, the device will have the name |
| <literal>luks-UUID</literal>.</para> |
| <para>If /etc/crypttab exists, only those UUIDs |
| specified on the kernel command line |
| will be activated in the initrd or the real root.</para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>luks.name=</varname></term> |
| <term><varname>rd.luks.name=</varname></term> |
| |
| <listitem><para>Takes a LUKS super block UUID followed by an |
| <literal>=</literal> and a name. This implies |
| <varname>rd.luks.uuid=</varname> or |
| <varname>luks.uuid=</varname> and will additionally make the |
| LUKS device given by the UUID appear under the provided |
| name.</para> |
| |
| <para><varname>rd.luks.name=</varname> is honored only by |
| initial RAM disk (initrd) while <varname>luks.name=</varname> |
| is honored by both the main system and the initrd.</para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>luks.options=</varname></term> |
| <term><varname>rd.luks.options=</varname></term> |
| |
| <listitem><para>Takes a LUKS super block UUID followed by an |
| <literal>=</literal> and a string of options separated by |
| commas as argument. This will override the options for the |
| given UUID.</para> |
| <para>If only a list of options, without an UUID, is |
| specified, they apply to any UUIDs not specified elsewhere, |
| and without an entry in |
| <filename>/etc/crypttab</filename>.</para><para> |
| <varname>rd.luks.options=</varname> is honored only by initial |
| RAM disk (initrd) while <varname>luks.options=</varname> is |
| honored by both the main system and the initrd.</para> |
| </listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><varname>luks.key=</varname></term> |
| <term><varname>rd.luks.key=</varname></term> |
| |
| <listitem><para>Takes a password file name as argument or a |
| LUKS super block UUID followed by a <literal>=</literal> and a |
| password file name.</para> |
| |
| <para>For those entries specified with |
| <varname>rd.luks.uuid=</varname> or |
| <varname>luks.uuid=</varname>, the password file will be set |
| to the one specified by <varname>rd.luks.key=</varname> or |
| <varname>luks.key=</varname> of the corresponding UUID, or the |
| password file that was specified without a UUID.</para> |
| <para><varname>rd.luks.key=</varname> |
| is honored only by initial RAM disk |
| (initrd) while |
| <varname>luks.key=</varname> is |
| honored by both the main system and |
| the initrd.</para> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| |
| </refentry> |