1mount.crypt(8) pam_mount mount.crypt(8)
2
6 mount.crypt - mount a dm-crypt encrypted volume
7
9 mount.crypt [-nrv] [-o options] device directory
10
12 -o options
13 Set further mount options. mount.crypt will take out its own op‐
14 tions it recognizes and passes any remaining options on to the
15 underlying mount program. See below for possible options.
16 -n Do not update /etc/mtab. Note that this makes it impossible to
18 unmount the volume by naming the container - you will have to
19 pass the mountpoint to umount.crypt.
20 -r Set up the loop device (if necessary) and crypto device in read-
22 only mode. (The mount itself will necessarily also be read-
23 only.) Note that doing a remount using `mount /mnt -o re‐
24 mount,rw` will not make the mount readwrite. The crypto and loop
25 devices will have to be disassociated first.
26 -v Turn on debugging and be a bit more verbose.
28
30 header A detached (separated) metadata file where the LUKS header is
31 stored. It correlates with the `cryptsetup --header` option. If
32 omitted, the detached LUKS header feature is not used.
33 allow_discard
35 Enables discard passthrough support. This option does not cause
36 the filesystem to be mounted with discard enabled, but does al‐
37 low fstrim to be manually run.
38 no_read_workqueue
40 Bypass internal workqueue and process read requests syn‐
41 chronously.
42 no_write_workqueue
44 Bypass internal workqueue and process write requests syn‐
45 chronously.
46 cipher The cryptsetup cipher used for the encrypted volume. This option
48 is mandatory for PLAIN (non-LUKS) volumes. pmt-ehd(8) defaults
49 to creating volumes with "aes-cbc-essiv:sha256" as a cipher.
50 crypto_name
52 Select the name for the crypto device (optional). This option is
53 currently only usable with dm-crypt systems.
54 fsck Run fsck on the container before mounting it.
56 fsk_cipher
58 The OpenSSL cipher used for the filesystem key. The special key‐
59 word "none" can be used to bypass decryption and pass the file
60 contents directly to libcryptsetup.
61 fsk_hash
63 The OpenSSL hash used for producing key and IV.
64 fstype The exact type of filesystem in the encrypted container. The de‐
66 fault is to let the kernel autodetect.
67 hash The cryptsetup hash used for the encrypted volume. This defaults
69 to no hashing, because pam_mount assumes EHD volumes with strong
70 and simple fskey generation.
71 keyfile
73 The path to the key file. This option is mandatory for "normal"
74 crypto volumes and should not be used for LUKS volumes.
75 remount
77 Causes the filesystem to be remounted with new options. Note
78 that mount.crypt cannot switch the underlying loop device (if
79 applies) or the crypto device between read-only and read-write
80 once it is created; only the actual filesystem mount can be
81 changed, with limits. If the loop device is read-only, the
82 crypto device will be read-only, and changing the mount to read-
83 write is impossible. Similarly, going from rw to ro will only
84 mark the mount read-only, but not the crypto or loop device,
85 thus making it impossible to set the filesystem the crypto con‐
86 tainer is located on to read-only.
87 ro Same as the -r option.
89 verbose
91 Same as the -v option.
92
94 This section is provided for reference.
95 loop This option used to set up a loop device, because cryptsetup(8)
97 expects a block device. The option is ignored because
98 mount.crypt can figure this out on its own.
99pam_mount 2011-12-15 mount.crypt(8)