1 files changed, 38 insertions, 11 deletions

diff --git a/man/crypttab.xml b/man/crypttab.xml
index aeacc57973..d403e71bef 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -1,6 +1,9 @@
 <?xml version="1.0"?>
 <!--*-nxml-*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY % entities SYSTEM "custom-entities.ent" >
+%entities;
+]>
 <!--
   This file is part of systemd.
 
@@ -75,7 +78,7 @@
 
     <para>Setting up encrypted block devices using this file supports
     three encryption modes: LUKS, TrueCrypt and plain. See
-    <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
     for more information about each mode. When no mode is specified in
     the options field and the block device contains a LUKS signature,
     it is opened as a LUKS device; otherwise, it is assumed to be in
@@ -117,7 +120,7 @@
         <term><option>cipher=</option></term>
 
         <listitem><para>Specifies the cipher to use. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for possible values and the default value of this option. A
         cipher with unpredictable IV values, such as
         <literal>aes-cbc-essiv:sha256</literal>, is
@@ -129,7 +132,7 @@
 
         <listitem><para>Specifies the hash to use for password
         hashing. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for possible values and the default value of this
         option.</para></listitem>
       </varlistentry>
@@ -140,17 +143,41 @@
         <listitem><para>Use a detached (separated) metadata device or
         file where the LUKS header is stored. This option is only
         relevant for LUKS devices. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for possible values and the default value of this
         option.</para></listitem>
       </varlistentry>
 
       <varlistentry>
+        <term><option>offset=</option></term>
+
+        <listitem><para>Start offset in the backend device, in 512-byte sectors.
+        This option is only relevant for plain devices.
+        </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>skip=</option></term>
+
+        <listitem><para>How many 512-byte sectors of the encrypted data to skip
+        at the beginning. This is different from the <option>--offset</option>
+        option with respect to the sector numbers used in initialization vector
+        (IV) calculation. Using <option>--offset</option> will shift the IV
+        calculation by the same negative amount.  Hence, if <option>--offset n</option>,
+        sector n will  get a sector number of 0 for the IV calculation.
+        Using <option>--skip</option> causes sector n to also be the first
+        sector of the mapped device, but with its number for IV generation is n.</para>
+
+        <para>This option is only relevant for plain devices.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>keyfile-offset=</option></term>
 
         <listitem><para>Specifies the number of bytes to skip at the
         start of the key file. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for possible values and the default value of this
         option.</para></listitem>
       </varlistentry>
@@ -160,7 +187,7 @@
 
         <listitem><para>Specifies the maximum number of bytes to read
         from the key file. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for possible values and the default value of this option. This
         option is ignored in plain encryption mode, as the key file
         size is then given by the key size.</para></listitem>
@@ -174,7 +201,7 @@
         given passphrase or key, but another would, the setup of the
         device will fail regardless. This option implies
         <option>luks</option>. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for possible values. The default is to try all key slots in
         sequential order.</para></listitem>
       </varlistentry>
@@ -221,7 +248,7 @@
         <term><option>size=</option></term>
 
         <listitem><para>Specifies the key size in bits. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for possible values and the default value of this
         option.</para></listitem>
       </varlistentry>
@@ -278,7 +305,7 @@
         volume provided in the second field. Please note that there is
         no protection for the hidden volume if the outer volume is
         mounted instead. See
-        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         for more information on this limitation.</para></listitem>
       </varlistentry>
 
@@ -383,7 +410,7 @@ hidden     /mnt/tc_hidden  /dev/null    tcrypt-hidden,tcrypt-keyfile=/etc/keyfil
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
     </para>