systemd-cryptsetup-generator
systemd
Developer
Lennart
Poettering
lennart@poettering.net
systemd-cryptsetup-generator
8
systemd-cryptsetup-generator
Unit generator for /etc/crypttab
/usr/lib/systemd/system-generators/systemd-cryptsetup-generator
Description
systemd-cryptsetup-generator
is a generator that translates
/etc/crypttab into native systemd
units early at boot and when configuration of the
system manager is reloaded. This will create
systemd-cryptsetup@.service8
units as necessary.
systemd-cryptsetup-generator
implements the generator
specification.
Kernel Command Line
systemd-cryptsetup-generator understands
the following kernel command line parameters:
luks=
rd.luks=
Takes a boolean
argument. Defaults to
yes. If
no, disables the
generator
entirely. rd.luks=
is honored only by initial RAM disk
(initrd) while
luks= is honored
by both the main system and the
initrd.
luks.crypttab=
rd.luks.crypttab=
Takes a boolean
argument. Defaults to
yes. If
no, causes the
generator to ignore any devices
configured in
/etc/crypttab
(luks.uuid= will
still work
however). rd.luks.crypttab=
is honored only by initial RAM disk
(initrd) while
luks.crypttab= is
honored by both the main system and
the initrd.
luks.uuid=
rd.luks.uuid=
Takes a LUKS superblock
UUID as argument. This will
activate the specified device as part
of the boot process as if it was
listed in
/etc/crypttab. This
option may be specified more than once
in order to set up multiple
devices. rd.luks.uuid=
is honored only by initial RAM disk
(initrd) while
luks.uuid= is
honored by both the main system and
the initrd.
If /etc/crypttab contains entries with
the same UUID, then the name, keyfile and options
specified there will be used. Otherwise the device
will have the name luks-UUID.
If /etc/crypttab exists, only those UUIDs
specified on the kernel command line
will be activated in the initrd or the real root.
luks.name=
rd.luks.name=
Takes a LUKS super
block UUID followed by an '=' and a name. This implies
rd.luks.uuid= or luks.uuid=
and will additionally make the LUKS device given by
the UUID appear under the provided name.
rd.luks.name=
is honored only by initial RAM disk
(initrd) while
luks.name= is
honored by both the main system and
the initrd.
luks.options=
rd.luks.options=
Takes a LUKS super
block UUID followed by an '=' and a string
of options separated by commas as argument.
This will override the options for the given
UUID.
If only a list of options, without an
UUID, is specified, they apply to any UUIDs not
specified elsewhere, and without an entry in
/etc/crypttab.
rd.luks.options=
is honored only by initial RAM disk
(initrd) while
luks.options= is
honored by both the main system and
the initrd.
luks.key=
rd.luks.key=
Takes a password file name as argument or
a LUKS super block UUID followed by a '=' and a password
file name.
For those entries specified with
rd.luks.uuid= or luks.uuid=,
the password file will be set to the one specified by
rd.luks.key= or luks.key=
of the corresponding UUID, or the password file that was specified
without a UUID.
rd.luks.key=
is honored only by initial RAM disk
(initrd) while
luks.key= is
honored by both the main system and
the initrd.
See Also
systemd1,
crypttab5,
systemd-cryptsetup@.service8,
cryptsetup8,
systemd-fstab-generator8