1SYSTEMD-CRYPTSETUP-GENERATsOyRs(t8e)md-cryptsetup-geneSrYaStToErMD-CRYPTSETUP-GENERATOR(8)
2
3
4

NAME

6       systemd-cryptsetup-generator - Unit generator for /etc/crypttab
7

SYNOPSIS

9       /usr/lib/systemd/system-generators/systemd-cryptsetup-generator
10

DESCRIPTION

12       systemd-cryptsetup-generator is a generator that translates
13       /etc/crypttab into native systemd units early at boot and when
14       configuration of the system manager is reloaded. This will create
15       systemd-cryptsetup@.service(8) units as necessary.
16
17       systemd-cryptsetup-generator implements systemd.generator(7).
18

KERNEL COMMAND LINE

20       systemd-cryptsetup-generator understands the following kernel command
21       line parameters:
22
23       luks=, rd.luks=
24           Takes a boolean argument. Defaults to "yes". If "no", disables the
25           generator entirely.  rd.luks= is honored only by initial RAM disk
26           (initrd) while luks= is honored by both the main system and the
27           initrd.
28
29       luks.crypttab=, rd.luks.crypttab=
30           Takes a boolean argument. Defaults to "yes". If "no", causes the
31           generator to ignore any devices configured in /etc/crypttab
32           (luks.uuid= will still work however).  rd.luks.crypttab= is honored
33           only by initial RAM disk (initrd) while luks.crypttab= is honored
34           by both the main system and the initrd.
35
36       luks.uuid=, rd.luks.uuid=
37           Takes a LUKS superblock UUID as argument. This will activate the
38           specified device as part of the boot process as if it was listed in
39           /etc/crypttab. This option may be specified more than once in order
40           to set up multiple devices.  rd.luks.uuid= is honored only by
41           initial RAM disk (initrd) while luks.uuid= is honored by both the
42           main system and the initrd.
43
44           If /etc/crypttab contains entries with the same UUID, then the
45           name, keyfile and options specified there will be used. Otherwise,
46           the device will have the name "luks-UUID".
47
48           If /etc/crypttab exists, only those UUIDs specified on the kernel
49           command line will be activated in the initrd or the real root.
50
51       luks.name=, rd.luks.name=
52           Takes a LUKS super block UUID followed by an "=" and a name. This
53           implies rd.luks.uuid= or luks.uuid= and will additionally make the
54           LUKS device given by the UUID appear under the provided name.
55
56           rd.luks.name= is honored only by initial RAM disk (initrd) while
57           luks.name= is honored by both the main system and the initrd.
58
59       luks.options=, rd.luks.options=
60           Takes a LUKS super block UUID followed by an "=" and a string of
61           options separated by commas as argument. This will override the
62           options for the given UUID.
63
64           If only a list of options, without an UUID, is specified, they
65           apply to any UUIDs not specified elsewhere, and without an entry in
66           /etc/crypttab.
67
68           rd.luks.options= is honored only by initial RAM disk (initrd) while
69           luks.options= is honored by both the main system and the initrd.
70
71       luks.key=, rd.luks.key=
72           Takes a password file name as argument or a LUKS super block UUID
73           followed by a "=" and a password file name.
74
75           For those entries specified with rd.luks.uuid= or luks.uuid=, the
76           password file will be set to the one specified by rd.luks.key= or
77           luks.key= of the corresponding UUID, or the password file that was
78           specified without a UUID.
79
80           It is also possible to specify an external device which should be
81           mounted before we attempt to unlock the LUKS device.
82           systemd-cryptsetup will use password file stored on that device.
83           Device containing password file is specified by appending colon and
84           a device identifier to the password file path. For example,
85           rd.luks.uuid=b40f1abf-2a53-400a-889a-2eccc27eaa40
86           rd.luks.key=b40f1abf-2a53-400a-889a-2eccc27eaa40=/keyfile:LABEL=keydev.
87           Hence, in this case, we will attempt to mount file system residing
88           on the block device with label "keydev". This syntax is for now
89           only supported on a per-device basis, i.e. you have to specify LUKS
90           device UUID.
91
92           rd.luks.key= is honored only by initial RAM disk (initrd) while
93           luks.key= is honored by both the main system and the initrd.
94

SEE ALSO

96       systemd(1), crypttab(5), systemd-cryptsetup@.service(8), cryptsetup(8),
97       systemd-fstab-generator(8)
98
99
100
101systemd 246                                    SYSTEMD-CRYPTSETUP-GENERATOR(8)
Impressum