<?xml version="1.0"?> <!--*-nxml-*--> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> <!-- This file is part of systemd. Copyright 2012 Lennart Poettering systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see <http://www.gnu.org/licenses/>. --> <refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'> <refentryinfo> <title>systemd-cryptsetup-generator</title> <productname>systemd</productname> <authorgroup> <author> <contrib>Developer</contrib> <firstname>Lennart</firstname> <surname>Poettering</surname> <email>lennart@poettering.net</email> </author> </authorgroup> </refentryinfo> <refmeta> <refentrytitle>systemd-cryptsetup-generator</refentrytitle> <manvolnum>8</manvolnum> </refmeta> <refnamediv> <refname>systemd-cryptsetup-generator</refname> <refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose> </refnamediv> <refsynopsisdiv> <para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para> </refsynopsisdiv> <refsect1> <title>Description</title> <para><filename>systemd-cryptsetup-generator</filename> is a generator that translates <filename>/etc/crypttab</filename> into native systemd units early at boot and when configuration of the system manager is reloaded. This will create <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> units as necessary.</para> <para><filename>systemd-cryptsetup-generator</filename> implements <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para> </refsect1> <refsect1> <title>Kernel Command Line</title> <para><filename>systemd-cryptsetup-generator</filename> understands the following kernel command line parameters:</para> <variablelist class='kernel-commandline-options'> <varlistentry> <term><varname>luks=</varname></term> <term><varname>rd.luks=</varname></term> <listitem><para>Takes a boolean argument. Defaults to <literal>yes</literal>. If <literal>no</literal>, disables the generator entirely. <varname>rd.luks=</varname> is honored only by initial RAM disk (initrd) while <varname>luks=</varname> is honored by both the main system and the initrd. </para></listitem> </varlistentry> <varlistentry> <term><varname>luks.crypttab=</varname></term> <term><varname>rd.luks.crypttab=</varname></term> <listitem><para>Takes a boolean argument. Defaults to <literal>yes</literal>. If <literal>no</literal>, causes the generator to ignore any devices configured in <filename>/etc/crypttab</filename> (<varname>luks.uuid=</varname> will still work however). <varname>rd.luks.crypttab=</varname> is honored only by initial RAM disk (initrd) while <varname>luks.crypttab=</varname> is honored by both the main system and the initrd. </para></listitem> </varlistentry> <varlistentry> <term><varname>luks.uuid=</varname></term> <term><varname>rd.luks.uuid=</varname></term> <listitem><para>Takes a LUKS superblock UUID as argument. This will activate the specified device as part of the boot process as if it was listed in <filename>/etc/crypttab</filename>. This option may be specified more than once in order to set up multiple devices. <varname>rd.luks.uuid=</varname> is honored only by initial RAM disk (initrd) while <varname>luks.uuid=</varname> is honored by both the main system and the initrd.</para> <para>If /etc/crypttab contains entries with the same UUID, then the name, keyfile and options specified there will be used. Otherwise the device will have the name <literal>luks-UUID</literal>.</para> <para>If /etc/crypttab exists, only those UUIDs specified on the kernel command line will be activated in the initrd or the real root.</para> </listitem> </varlistentry> <varlistentry> <term><varname>luks.name=</varname></term> <term><varname>rd.luks.name=</varname></term> <listitem><para>Takes a LUKS super block UUID followed by an <literal>=</literal> and a name. This implies <varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname> and will additionally make the LUKS device given by the UUID appear under the provided name.</para> <para><varname>rd.luks.name=</varname> is honored only by initial RAM disk (initrd) while <varname>luks.name=</varname> is honored by both the main system and the initrd.</para> </listitem> </varlistentry> <varlistentry> <term><varname>luks.options=</varname></term> <term><varname>rd.luks.options=</varname></term> <listitem><para>Takes a LUKS super block UUID followed by an <literal>=</literal> and a string of options separated by commas as argument. This will override the options for the given UUID.</para> <para>If only a list of options, without an UUID, is specified, they apply to any UUIDs not specified elsewhere, and without an entry in <filename>/etc/crypttab</filename>.</para><para> <varname>rd.luks.options=</varname> is honored only by initial RAM disk (initrd) while <varname>luks.options=</varname> is honored by both the main system and the initrd.</para> </listitem> </varlistentry> <varlistentry> <term><varname>luks.key=</varname></term> <term><varname>rd.luks.key=</varname></term> <listitem><para>Takes a password file name as argument or a LUKS super block UUID followed by a <literal>=</literal> and a password file name.</para> <para>For those entries specified with <varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>, the password file will be set to the one specified by <varname>rd.luks.key=</varname> or <varname>luks.key=</varname> of the corresponding UUID, or the password file that was specified without a UUID.</para> <para><varname>rd.luks.key=</varname> is honored only by initial RAM disk (initrd) while <varname>luks.key=</varname> is honored by both the main system and the initrd.</para> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1> <title>See Also</title> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> </para> </refsect1> </refentry>