1CLEVIS-LUKS-UNLOCK(7)                                    CLEVIS-LUKS-UNLOCK(7)
2
3
4

NAME

6       clevis-luks-unlockers - Overview of clevis luks unlockers
7

OVERVIEW

9       Clevis provides unlockers for LUKS volumes which can use LUKS policy:
10
11       ·   clevis-luks-unlock - Unlocks manually using the command line.
12
13       ·   dracut - Unlocks automatically during early boot.
14
15       ·   systemd - Unlocks automatically during late boot.
16
17       ·   udisks2 - Unlocks automatically in a GNOME desktop session.
18
19       Once a LUKS volume is bound using clevis luks bind, it can be unlocked
20       using any of the above unlockers without using a password.
21

MANUAL UNLOCKING

23       You can unlock a LUKS volume manually using the following command:
24
25           $ sudo clevis luks unlock -d /dev/sda
26
27       For more information, see clevis-luks-unlock(1).
28

EARLY BOOT UNLOCKING

30       If Clevis integration does not already ship in your initramfs, you may
31       need to rebuild your initramfs with this command:
32
33           $ sudo dracut -f
34
35       Once Clevis is integrated into your initramfs, a simple reboot should
36       unlock your root volume. Note, however, that early boot integration
37       only works for the root volume. Non-root volumes should use the late
38       boot unlocker.
39
40       Dracut will bring up your network using DHCP by default. If you need to
41       specify additional network parameters, such as static IP configuration,
42       please consult the dracut documentation.
43

LATE BOOT UNLOCKING

45       You can enable late boot unlocking by executing the following command:
46
47           $ sudo systemctl enable clevis-luks-askpass.path
48
49       After a reboot, Clevis will attempt to unlock all _netdev devices
50       listed in /etc/crypttab when systemd prompts for their passwords. This
51       implies that systemd support for _netdev is required.
52

DESKTOP UNLOCKING

54       When the udisks2 unlocker is installed, your GNOME desktop session
55       should unlock LUKS removable devices configured with Clevis
56       automatically. You may need to restart your desktop session after
57       installation for the unlocker to be loaded.
58

SEE ALSO

60       clevis-luks-unlock(1) clevis-luks-bind(1)
61
62
63
64                                  05/28/2019             CLEVIS-LUKS-UNLOCK(7)
Impressum