diff options
-rw-r--r-- | man/kernel-command-line.xml | 2 | ||||
-rw-r--r-- | man/systemd-cryptsetup-generator.xml | 26 | ||||
-rw-r--r-- | src/cryptsetup/cryptsetup-generator.c | 22 |
3 files changed, 46 insertions, 4 deletions
diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index f249798171..6d064f6373 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -237,6 +237,8 @@ <term><varname>rd.luks.crypttab=</varname></term> <term><varname>luks.uuid=</varname></term> <term><varname>rd.luks.uuid=</varname></term> + <term><varname>luks.key=</varname></term> + <term><varname>rd.luks.key=</varname></term> <listitem> <para>Configures the LUKS diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml index 292e967bea..7950032941 100644 --- a/man/systemd-cryptsetup-generator.xml +++ b/man/systemd-cryptsetup-generator.xml @@ -128,7 +128,31 @@ (initrd) while <varname>luks.uuid=</varname> is honored by both the main system and - the initrd.</para></listitem> + the initrd.</para> + <para>If /etc/crypttab contains entries with + the same UUID, then the options for this entry + will be used.</para> + <para>If /etc/crypttab exists, only those UUID + specified on the kernel command line + will be activated in the initrd or the real root.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><varname>luks.key=</varname></term> + <term><varname>rd.luks.key=</varname></term> + + <listitem><para>Takes a password file as argument.</para> + <para>For those entries specified with + <varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>, + the password file will be set to the password file specified by + <varname>rd.luks.key=</varname> or <varname>luks.key</varname></para> + <para><varname>rd.luks.key=</varname> + is honored only by initial RAM disk + (initrd) while + <varname>luks.key=</varname> is + honored by both the main system and + the initrd.</para> + </listitem> </varlistentry> </variablelist> </refsect1> diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index fd2080b539..fd634ae74c 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -233,7 +233,7 @@ static int create_disk( return 0; } -static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) { +static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cmdline_keyfile) { char _cleanup_free_ *line = NULL; char *w = NULL, *state = NULL; int r; @@ -300,6 +300,21 @@ static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) { return log_oom(); } + } else if (startswith(word, "luks.key=")) { + *arg_proc_cmdline_keyfile = strdup(word + 9); + if (! arg_proc_cmdline_keyfile) + return log_oom(); + + } else if (startswith(word, "rd.luks.key=")) { + + if (in_initrd()) { + if (*arg_proc_cmdline_keyfile) + free(*arg_proc_cmdline_keyfile); + *arg_proc_cmdline_keyfile = strdup(word + 12); + if (!arg_proc_cmdline_keyfile) + return log_oom(); + } + } else if (startswith(word, "luks.") || (in_initrd() && startswith(word, "rd.luks."))) { @@ -319,6 +334,7 @@ int main(int argc, char *argv[]) { char **i; char _cleanup_strv_free_ **arg_proc_cmdline_disks_done = NULL; char _cleanup_strv_free_ **arg_proc_cmdline_disks = NULL; + char _cleanup_free_ *arg_proc_cmdline_keyfile = NULL; if (argc > 1 && argc != 4) { log_error("This program takes three or no arguments."); @@ -334,7 +350,7 @@ int main(int argc, char *argv[]) { umask(0022); - if (parse_proc_cmdline(&arg_proc_cmdline_disks) < 0) + if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_keyfile) < 0) return EXIT_FAILURE; if (!arg_enabled) @@ -425,7 +441,7 @@ int main(int argc, char *argv[]) { if (!name || !device) return log_oom(); - if (create_disk(name, device, NULL, "timeout=0") < 0) + if (create_disk(name, device, arg_proc_cmdline_keyfile, "timeout=0") < 0) r = EXIT_FAILURE; } |