systemd-cryptsetup-generator(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | KERNEL COMMAND LINE | SEE ALSO | COLOPHON

SYSTEMD-CRYPTSETUP-GENERATOR(8)-cryptsetup-generator-CRYPTSETUP-GENERATOR(8)

NAME         top

       systemd-cryptsetup-generator - Unit generator for /etc/crypttab

SYNOPSIS         top

       /usr/lib/systemd/system-generators/systemd-cryptsetup-generator

DESCRIPTION         top

       systemd-cryptsetup-generator is a generator that translates
       /etc/crypttab into native systemd units early at boot and when
       configuration of the system manager is reloaded. This will create
       systemd-cryptsetup@.service(8) units as necessary.

       systemd-cryptsetup-generator implements systemd.generator(7).

KERNEL COMMAND LINE         top

       systemd-cryptsetup-generator understands the following kernel command
       line parameters:

       luks=, rd.luks=
           Takes a boolean argument. Defaults to "yes". If "no", disables
           the generator entirely.  rd.luks= is honored only by initial RAM
           disk (initrd) while luks= is honored by both the main system and
           the initrd.

       luks.crypttab=, rd.luks.crypttab=
           Takes a boolean argument. Defaults to "yes". If "no", causes the
           generator to ignore any devices configured in /etc/crypttab
           (luks.uuid= will still work however).  rd.luks.crypttab= is
           honored only by initial RAM disk (initrd) while luks.crypttab= is
           honored by both the main system and the initrd.

       luks.uuid=, rd.luks.uuid=
           Takes a LUKS superblock UUID as argument. This will activate the
           specified device as part of the boot process as if it was listed
           in /etc/crypttab. This option may be specified more than once in
           order to set up multiple devices.  rd.luks.uuid= is honored only
           by initial RAM disk (initrd) while luks.uuid= is honored by both
           the main system and the initrd.

           If /etc/crypttab contains entries with the same UUID, then the
           name, keyfile and options specified there will be used.
           Otherwise, the device will have the name "luks-UUID".

           If /etc/crypttab exists, only those UUIDs specified on the kernel
           command line will be activated in the initrd or the real root.

       luks.name=, rd.luks.name=
           Takes a LUKS super block UUID followed by an "=" and a name. This
           implies rd.luks.uuid= or luks.uuid= and will additionally make
           the LUKS device given by the UUID appear under the provided name.

           rd.luks.name= is honored only by initial RAM disk (initrd) while
           luks.name= is honored by both the main system and the initrd.

       luks.options=, rd.luks.options=
           Takes a LUKS super block UUID followed by an "=" and a string of
           options separated by commas as argument. This will override the
           options for the given UUID.

           If only a list of options, without an UUID, is specified, they
           apply to any UUIDs not specified elsewhere, and without an entry
           in /etc/crypttab.

           rd.luks.options= is honored only by initial RAM disk (initrd)
           while luks.options= is honored by both the main system and the
           initrd.

       luks.key=, rd.luks.key=
           Takes a password file name as argument or a LUKS super block UUID
           followed by a "=" and a password file name.

           For those entries specified with rd.luks.uuid= or luks.uuid=, the
           password file will be set to the one specified by rd.luks.key= or
           luks.key= of the corresponding UUID, or the password file that
           was specified without a UUID.

           It is also possible to specify an external device which should be
           mounted before we attempt to unlock the LUKS device.
           systemd-cryptsetup will use password file stored on that device.
           Device containing password file is specified by appending colon
           and a device identifier to the password file path. For example,
           rd.luks.uuid=b40f1abf-2a53-400a-889a-2eccc27eaa40
           rd.luks.key=b40f1abf-2a53-400a-889a-2eccc27eaa40=/keyfile:LABEL=keydev.
           Hence, in this case, we will attempt to mount file system
           residing on the block device with label "keydev". This syntax is
           for now only supported on a per-device basis, i.e. you have to
           specify LUKS device UUID.

           rd.luks.key= is honored only by initial RAM disk (initrd) while
           luks.key= is honored by both the main system and the initrd.

SEE ALSO         top

       systemd(1), crypttab(5), systemd-cryptsetup@.service(8),
       cryptsetup(8), systemd-fstab-generator(8)

COLOPHON         top

       This page is part of the systemd (systemd system and service manager)
       project.  Information about the project can be found at 
       ⟨http://www.freedesktop.org/wiki/Software/systemd⟩.  If you have a bug
       report for this manual page, see
       ⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨https://github.com/systemd/systemd.git⟩ on 2020-06-09.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-06-09.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not part
       of the original manual page), send a mail to man-pages@man7.org

systemd 245                                  SYSTEMD-CRYPTSETUP-GENERATOR(8)

Pages that refer to this page: crypttab(5)30-systemd-environment-d-generator(7)kernel-command-line(7)systemd.directives(7)systemd.generator(7)systemd.index(7)systemd-cryptsetup(8)systemd-cryptsetup.service(8)systemd-cryptsetup@.service(8)systemd-fstab-generator(8)