mount.crypto_LUKS(8)

1mount.crypt(8)                     pam_mount                    mount.crypt(8)
2
3
4

Name

6       mount.crypt - mount a dm-crypt encrypted volume
7

Syntax

9       mount.crypt [-nrv] [-o options] device directory
10

Options

12       -o options
13              Set  further  mount  options.  mount.crypt will take out its own
14              options it recognizes and passes any remaining options on to the
15              underlying mount program. See below for possible options.
16
17       -n     Do  not  update /etc/mtab. Note that this makes it impossible to
18              unmount the volume by naming the container - you  will  have  to
19              pass the mountpoint to umount.crypt.
20
21       -r     Set up the loop device (if necessary) and crypto device in read-
22              only mode.  (The mount itself will  necessarily  also  be  read-
23              only.)   Note   that  doing  a  remount  using  `mount  /mnt  -o
24              remount,rw` will not make the mount readwrite.  The  crypto  and
25              loop devices will have to be disassociated first.
26
27       -v     Turn on debugging and be a bit more verbose.
28

Mount options

30       cipher The cryptsetup cipher used for the encrypted volume. This option
31              is mandatory for PLAIN (non-LUKS) volumes.  pmt-ehd(8)  defaults
32              to creating volumes with "aes-cbc-essiv:sha256" as a cipher.
33
34       dm-timeout=seconds
35              Wait  at  most  this  many  seconds for udev to create /dev/map‐
36              per/name after calling cryptsetup(8). The  default  value  is  0
37              seconds.
38
39       fsck   Run fsck on the container before mounting it.
40
41       fsk_cipher
42              The OpenSSL cipher used for the filesystem key. The special key‐
43              word "none" can be used to bypass decryption and pass  the  file
44              contents directly to libcryptsetup.
45
46       fsk_hash
47              The OpenSSL hash used for producing key and IV.
48
49       fstype The  exact  type  of  filesystem in the encrypted container. The
50              default is to let the kernel autodetect.
51
52       hash   The cryptsetup hash used for the encrypted volume. This defaults
53              to no hashing, because pam_mount assumes EHD volumes with strong
54              and simple fskey generation.
55
56       keyfile
57              The path to the key file. This option is mandatory for  "normal"
58              crypto volumes and should not be used for LUKS volumes.
59
60       remount
61              Causes  the  filesystem  to  be remounted with new options. Note
62              that mount.crypt cannot switch the underlying  loop  device  (if
63              applies)  or  the crypto device between read-only and read-write
64              once it is created; only the  actual  filesystem  mount  can  be
65              changed,  with  limits.  If  the  loop  device is read-only, the
66              crypto device will be read-only, and changing the mount to read-
67              write  is  impossible.  Similarly, going from rw to ro will only
68              mark the mount read-only, but not the  crypto  or  loop  device,
69              thus  making it impossible to set the filesystem the crypto con‐
70              tainer is located on to read-only.
71
72       ro     Same as the -r option.
73
74       verbose
75              Same as the -v option.
76

Obsolete mount options

78       This section is provided for reference.
79
80       loop   This option used to set up a loop device, because  cryptsetup(8)
81              expects   a   block   device.  The  option  is  ignored  because
82              mount.crypt can figure this out on its own.
83
84
85
86pam_mount                         2008-10-08                    mount.crypt(8)