1mount.crypt(8)                     pam_mount                    mount.crypt(8)
2
3
4

Name

6       mount.crypt - mount a dm-crypt encrypted volume
7

Syntax

9       mount.crypt [-nrv] [-o options] device directory
10

Options

12       -o options
13              Set  further  mount  options.  mount.crypt will take out its own
14              options it recognizes and passes any remaining options on to the
15              underlying mount program. See below for possible options.
16
17       -n     Do  not  update /etc/mtab. Note that this makes it impossible to
18              unmount the volume by naming the container - you  will  have  to
19              pass the mountpoint to umount.crypt.
20
21       -r     Set up the loop device (if necessary) and crypto device in read-
22              only mode.  (The mount itself will  necessarily  also  be  read-
23              only.)   Note   that  doing  a  remount  using  `mount  /mnt  -o
24              remount,rw` will not make the mount readwrite.  The  crypto  and
25              loop devices will have to be disassociated first.
26
27       -v     Turn on debugging and be a bit more verbose.
28

Mount options

30       allow_discard
31              Enables  discard passthrough support. This option does not cause
32              the filesystem to be mounted  with  discard  enabled,  but  does
33              allow fstrim to be manually run.
34
35       cipher The cryptsetup cipher used for the encrypted volume. This option
36              is mandatory for PLAIN (non-LUKS) volumes.  pmt-ehd(8)  defaults
37              to creating volumes with "aes-cbc-essiv:sha256" as a cipher.
38
39       crypto_name
40              Select the name for the crypto device (optional). This option is
41              currently only usable with dm-crypt systems.
42
43       fsck   Run fsck on the container before mounting it.
44
45       fsk_cipher
46              The OpenSSL cipher used for the filesystem key. The special key‐
47              word  "none"  can be used to bypass decryption and pass the file
48              contents directly to libcryptsetup.
49
50       fsk_hash
51              The OpenSSL hash used for producing key and IV.
52
53       fstype The exact type of filesystem in  the  encrypted  container.  The
54              default is to let the kernel autodetect.
55
56       hash   The cryptsetup hash used for the encrypted volume. This defaults
57              to no hashing, because pam_mount assumes EHD volumes with strong
58              and simple fskey generation.
59
60       keyfile
61              The  path to the key file. This option is mandatory for "normal"
62              crypto volumes and should not be used for LUKS volumes.
63
64       remount
65              Causes the filesystem to be remounted  with  new  options.  Note
66              that  mount.crypt  cannot  switch the underlying loop device (if
67              applies) or the crypto device between read-only  and  read-write
68              once  it  is  created;  only  the actual filesystem mount can be
69              changed, with limits. If  the  loop  device  is  read-only,  the
70              crypto device will be read-only, and changing the mount to read-
71              write is impossible.  Similarly, going from rw to ro  will  only
72              mark  the  mount  read-only,  but not the crypto or loop device,
73              thus making it impossible to set the filesystem the crypto  con‐
74              tainer is located on to read-only.
75
76       ro     Same as the -r option.
77
78       verbose
79              Same as the -v option.
80

Obsolete mount options

82       This section is provided for reference.
83
84       loop   This  option used to set up a loop device, because cryptsetup(8)
85              expects  a  block  device.  The  option   is   ignored   because
86              mount.crypt can figure this out on its own.
87
88
89
90pam_mount                         2011-12-15                    mount.crypt(8)
Impressum