1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-25 06:03:40 +03:00
systemd-stable/man/systemd-cryptsetup-generator.xml

220 lines
11 KiB
XML

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
Copyright 2012 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-cryptsetup-generator" conditional='HAVE_LIBCRYPTSETUP'>
<refentryinfo>
<title>systemd-cryptsetup-generator</title>
<productname>systemd</productname>
<authorgroup>
<author>
<contrib>Developer</contrib>
<firstname>Lennart</firstname>
<surname>Poettering</surname>
<email>lennart@poettering.net</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-cryptsetup-generator</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-cryptsetup-generator</refname>
<refpurpose>Unit generator for <filename>/etc/crypttab</filename></refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>/usr/lib/systemd/system-generators/systemd-cryptsetup-generator</filename></para>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><filename>systemd-cryptsetup-generator</filename>
is a generator that translates
<filename>/etc/crypttab</filename> into native systemd
units early at boot and when configuration of the
system manager is reloaded. This will create
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
units as necessary.</para>
<para><filename>systemd-cryptsetup-generator</filename>
implements the <ulink
url="http://www.freedesktop.org/wiki/Software/systemd/Generators">generator
specification</ulink>.</para>
</refsect1>
<refsect1>
<title>Kernel Command Line</title>
<para><filename>systemd-cryptsetup-generator</filename> understands
the following kernel command line parameters:</para>
<variablelist class='kernel-commandline-options'>
<varlistentry>
<term><varname>luks=</varname></term>
<term><varname>rd.luks=</varname></term>
<listitem><para>Takes a boolean
argument. Defaults to
<literal>yes</literal>. If
<literal>no</literal>, disables the
generator
entirely. <varname>rd.luks=</varname>
is honored only by initial RAM disk
(initrd) while
<varname>luks=</varname> is honored
by both the main system and the
initrd. </para></listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.crypttab=</varname></term>
<term><varname>rd.luks.crypttab=</varname></term>
<listitem><para>Takes a boolean
argument. Defaults to
<literal>yes</literal>. If
<literal>no</literal>, causes the
generator to ignore any devices
configured in
<filename>/etc/crypttab</filename>
(<varname>luks.uuid=</varname> will
still work
however). <varname>rd.luks.crypttab=</varname>
is honored only by initial RAM disk
(initrd) while
<varname>luks.crypttab=</varname> is
honored by both the main system and
the initrd. </para></listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.uuid=</varname></term>
<term><varname>rd.luks.uuid=</varname></term>
<listitem><para>Takes a LUKS superblock
UUID as argument. This will
activate the specified device as part
of the boot process as if it was
listed in
<filename>/etc/crypttab</filename>. This
option may be specified more than once
in order to set up multiple
devices. <varname>rd.luks.uuid=</varname>
is honored only by initial RAM disk
(initrd) while
<varname>luks.uuid=</varname> is
honored by both the main system and
the initrd.</para>
<para>If /etc/crypttab contains entries with
the same UUID, then the name, keyfile and options
specified there will be used. Otherwise the device
will have the name <literal>luks-UUID</literal>.</para>
<para>If /etc/crypttab exists, only those UUIDs
specified on the kernel command line
will be activated in the initrd or the real root.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.name=</varname></term>
<term><varname>rd.luks.name=</varname></term>
<listitem><para>Takes a LUKS super
block UUID followed by an '=' and a name. This implies
<varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>
and will additionally make the LUKS device given by
the UUID appear under the provided name.</para>
<para><varname>rd.luks.name=</varname>
is honored only by initial RAM disk
(initrd) while
<varname>luks.name=</varname> is
honored by both the main system and
the initrd.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.options=</varname></term>
<term><varname>rd.luks.options=</varname></term>
<listitem><para>Takes a LUKS super
block UUID followed by an '=' and a string
of options separated by commas as argument.
This will override the options for the given
UUID.</para>
<para>If only a list of options, without an
UUID, is specified, they apply to any UUIDs not
specified elsewhere, and without an entry in
/etc/crypttab.</para><para>
<varname>rd.luks.options=</varname>
is honored only by initial RAM disk
(initrd) while
<varname>luks.options=</varname> is
honored by both the main system and
the initrd.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.key=</varname></term>
<term><varname>rd.luks.key=</varname></term>
<listitem><para>Takes a password file name as argument or
a LUKS super block UUID followed by a '=' and a password
file name.</para>
<para>For those entries specified with
<varname>rd.luks.uuid=</varname> or <varname>luks.uuid=</varname>,
the password file will be set to the one specified by
<varname>rd.luks.key=</varname> or <varname>luks.key=</varname>
of the corresponding UUID, or the password file that was specified
without a UUID.</para>
<para><varname>rd.luks.key=</varname>
is honored only by initial RAM disk
(initrd) while
<varname>luks.key=</varname> is
honored by both the main system and
the initrd.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>