blob: f036ab974461ca27749ef57729fc7fd60f8273e9 [file] [log] [blame] [raw]
<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
Copyright 2012 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
<refentryinfo>
<title>systemd-cryptsetup-generator</title>
<productname>systemd</productname>
<authorgroup>
<author>
<contrib>Developer</contrib>
<firstname>Lennart</firstname>
<surname>Poettering</surname>
<email>lennart@poettering.net</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-cryptsetup-generator</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-cryptsetup-generator</refname>
<refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><filename>systemd-cryptsetup-generator</filename> is a
generator that translates <filename>/etc/crypttab</filename> into
native systemd units early at boot and when configuration of the
system manager is reloaded. This will create
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
units as necessary.</para>
<para><filename>systemd-cryptsetup-generator</filename> implements
<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>Kernel Command Line</title>
<para><filename>systemd-cryptsetup-generator</filename>
understands the following kernel command line parameters:</para>
<variablelist class='kernel-commandline-options'>
<varlistentry>
<term><varname>luks=</varname></term>
<term><varname>rd.luks=</varname></term>
<listitem><para>Takes a boolean argument. Defaults to
<literal>yes</literal>. If <literal>no</literal>, disables the
generator entirely. <varname>rd.luks=</varname> is honored
only by initial RAM disk (initrd) while
<varname>luks=</varname> is honored by both the main system
and the initrd. </para></listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.crypttab=</varname></term>
<term><varname>rd.luks.crypttab=</varname></term>
<listitem><para>Takes a boolean argument. Defaults to
<literal>yes</literal>. If <literal>no</literal>, causes the
generator to ignore any devices configured in
<filename>/etc/crypttab</filename>
(<varname>luks.uuid=</varname> will still work however).
<varname>rd.luks.crypttab=</varname> is honored only by
initial RAM disk (initrd) while
<varname>luks.crypttab=</varname> is honored by both the main
system and the initrd. </para></listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.uuid=</varname></term>
<term><varname>rd.luks.uuid=</varname></term>
<listitem><para>Takes a LUKS superblock UUID as argument. This
will activate the specified device as part of the boot process
as if it was listed in <filename>/etc/crypttab</filename>.
This option may be specified more than once in order to set up
multiple devices. <varname>rd.luks.uuid=</varname> is honored
only by initial RAM disk (initrd) while
<varname>luks.uuid=</varname> is honored by both the main
system and the initrd.</para>
<para>If /etc/crypttab contains entries with the same UUID,
then the name, keyfile and options specified there will be
used. Otherwise, the device will have the name
<literal>luks-UUID</literal>.</para>
<para>If /etc/crypttab exists, only those UUIDs
specified on the kernel command line
will be activated in the initrd or the real root.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.name=</varname></term>
<term><varname>rd.luks.name=</varname></term>
<listitem><para>Takes a LUKS super block UUID followed by an
<literal>=</literal> and a name. This implies
<varname>rd.luks.uuid=</varname> or
<varname>luks.uuid=</varname> and will additionally make the
LUKS device given by the UUID appear under the provided
name.</para>
<para><varname>rd.luks.name=</varname> is honored only by
initial RAM disk (initrd) while <varname>luks.name=</varname>
is honored by both the main system and the initrd.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.options=</varname></term>
<term><varname>rd.luks.options=</varname></term>
<listitem><para>Takes a LUKS super block UUID followed by an
<literal>=</literal> and a string of options separated by
commas as argument. This will override the options for the
given UUID.</para>
<para>If only a list of options, without an UUID, is
specified, they apply to any UUIDs not specified elsewhere,
and without an entry in
<filename>/etc/crypttab</filename>.</para><para>
<varname>rd.luks.options=</varname> is honored only by initial
RAM disk (initrd) while <varname>luks.options=</varname> is
honored by both the main system and the initrd.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.key=</varname></term>
<term><varname>rd.luks.key=</varname></term>
<listitem><para>Takes a password file name as argument or a
LUKS super block UUID followed by a <literal>=</literal> and a
password file name.</para>
<para>For those entries specified with
<varname>rd.luks.uuid=</varname> or
<varname>luks.uuid=</varname>, the password file will be set
to the one specified by <varname>rd.luks.key=</varname> or
<varname>luks.key=</varname> of the corresponding UUID, or the
password file that was specified without a UUID.</para>
<para><varname>rd.luks.key=</varname>
is honored only by initial RAM disk
(initrd) while
<varname>luks.key=</varname> is
honored by both the main system and
the initrd.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>