proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2025-07-26 23:28:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
663996b3bb
systemd/man/crypttab.html
Michael Stapelberg 663996b3bb Imported Upstream version 204
2014-04-26 10:08:46 +02:00

135 lines
13 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>crypttab</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
a.headerlink {
color: #c60f0f;
font-size: 0.8em;
padding: 0 4px 0 4px;
text-decoration: none;
visibility: hidden;
}
a.headerlink:hover {
background-color: #c60f0f;
color: white;
}
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
visibility: visible;
}
</style><a href="index.html">Index </a>·
<a href="systemd.directives.html">Directives </a>·
<a href="../python-systemd/index.html">Python </a>·
<a href="../libudev/index.html">libudev </a>·
<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 204</span><hr><div class="refentry"><a name="crypttab"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>crypttab — Configuration for encrypted block devices</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><code class="filename">/etc/crypttab</code></p></div><div class="refsect1"><a name="idm259801426064"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description"></a></h2><p>The <code class="filename">/etc/crypttab</code> file
describes encrypted block devices that are set up
during system boot.</p><p>Empty lines and lines starting with the #
character are ignored. Each of the remaining lines
describes one encrypted block device, fields on the
line are delimited by white space. The first two
fields are mandatory, the remaining two are
optional.</p><p>The first field contains the name of the
resulting encrypted block device; the device is set up
within <code class="filename">/dev/mapper/</code>.</p><p>The second field contains a path to the
underlying block device, or a specification of a block
device via <code class="literal">UUID=</code> followed by the
UUID. If the block device contains a LUKS signature,
it is opened as a LUKS encrypted partition; otherwise
it is assumed to be a raw dm-crypt partition.</p><p>The third field specifies the encryption
password. If the field is not present or the password
is set to none, the password has to be manually
entered during system boot. Otherwise the field is
interpreted as a path to a file containing the
encryption password. For swap encryption
<code class="filename">/dev/urandom</code> or the hardware
device <code class="filename">/dev/hw_random</code> can be used
as the password file; using
<code class="filename">/dev/random</code> may prevent boot
completion if the system does not have enough entropy
to generate a truly random encryption key.</p><p>The fourth field, if present, is a
comma-delimited list of options. The following
options are recognized:</p><div class="variablelist"><dl class="variablelist"><dt id="cipher="><span class="term"><code class="varname">cipher=</code></span><a class="headerlink" title="Permalink to this term" href="#cipher="></a></dt><dd><p>Specifies the cipher
to use; see
<a href="cryptsetup.html"><span class="citerefentry"><span class="refentrytitle">cryptsetup</span>(8)</span></a>
for possible values and the default
value of this option. A cipher with
unpredictable IV values, such as
<code class="literal">aes-cbc-essiv:sha256</code>,
is recommended. </p></dd><dt id="size="><span class="term"><code class="varname">size=</code></span><a class="headerlink" title="Permalink to this term" href="#size="></a></dt><dd><p>Specifies the key size
in bits; see
<a href="cryptsetup.html"><span class="citerefentry"><span class="refentrytitle">cryptsetup</span>(8)</span></a>
for possible values and the default
value of this
option. </p></dd><dt id="keyfile-size="><span class="term"><code class="varname">keyfile-size=</code></span><a class="headerlink" title="Permalink to this term" href="#keyfile-size="></a></dt><dd><p>Specifies the maximum number
of bytes to read from the keyfile; see
<a href="cryptsetup.html"><span class="citerefentry"><span class="refentrytitle">cryptsetup</span>(8)</span></a>
for possible values and the default
value of this option. This option is ignored
in plain encryption mode, as the keyfile-size is then given by the key size.</p></dd><dt id="keyfile-offset="><span class="term"><code class="varname">keyfile-offset=</code></span><a class="headerlink" title="Permalink to this term" href="#keyfile-offset="></a></dt><dd><p>Specifies the number
of bytes to skip at the start of
the keyfile; see
<a href="cryptsetup.html"><span class="citerefentry"><span class="refentrytitle">cryptsetup</span>(8)</span></a>
for possible values and the default
value of this option.</p></dd><dt id="hash="><span class="term"><code class="varname">hash=</code></span><a class="headerlink" title="Permalink to this term" href="#hash="></a></dt><dd><p>Specifies the hash to
use for password hashing; see
<a href="cryptsetup.html"><span class="citerefentry"><span class="refentrytitle">cryptsetup</span>(8)</span></a> for possible values and
the default value of this
option. </p></dd><dt id="tries="><span class="term"><code class="varname">tries=</code></span><a class="headerlink" title="Permalink to this term" href="#tries="></a></dt><dd><p>Specifies the maximum
number of times the user is queried
for a password.</p></dd><dt id="verify"><span class="term"><code class="varname">verify</code></span><a class="headerlink" title="Permalink to this term" href="#verify"></a></dt><dd><p> If the encryption
password is read from console, it has
to be entered twice (to prevent
typos). </p></dd><dt id="read-only"><span class="term"><code class="varname">read-only</code>, </span><span class="term"><code class="varname">readonly</code></span><a class="headerlink" title="Permalink to this term" href="#read-only"></a></dt><dd><p>Set up the encrypted
block device in read-only
mode.</p></dd><dt id="allow-discards"><span class="term"><code class="varname">allow-discards</code></span><a class="headerlink" title="Permalink to this term" href="#allow-discards"></a></dt><dd><p>Allow discard requests
to be passed through the encrypted
block device. This improves
performance on SSD storage but has
security
implications.</p></dd><dt id="luks"><span class="term"><code class="varname">luks</code></span><a class="headerlink" title="Permalink to this term" href="#luks"></a></dt><dd><p>Force LUKS mode.</p></dd><dt id="plain"><span class="term"><code class="varname">plain</code></span><a class="headerlink" title="Permalink to this term" href="#plain"></a></dt><dd><p>Force plain encryption
mode.</p></dd><dt id="timeout="><span class="term"><code class="varname">timeout=</code></span><a class="headerlink" title="Permalink to this term" href="#timeout="></a></dt><dd><p>Specify the timeout
for querying for a password. If no
unit is specified seconds is used.
Supported units are s, ms, us, min, h,
d. A timeout of 0 waits indefinitely
(which is the
default).</p></dd><dt id="noauto"><span class="term"><code class="varname">noauto</code></span><a class="headerlink" title="Permalink to this term" href="#noauto"></a></dt><dd><p> This device will not
be automatically unlocked on
boot. </p></dd><dt id="nofail"><span class="term"><code class="varname">nofail</code></span><a class="headerlink" title="Permalink to this term" href="#nofail"></a></dt><dd><p>The system will not
wait for the device to show up and be
unlocked at boot, and not fail the
boot if it doesn't show
up.</p></dd><dt id="swap"><span class="term"><code class="varname">swap</code></span><a class="headerlink" title="Permalink to this term" href="#swap"></a></dt><dd><p> The encrypted block
device will be used as a swap
partition, and will be formatted as a
swap partition after setting up the
encrypted block device, with
<a href="mkswap.html"><span class="citerefentry"><span class="refentrytitle">mkswap</span>(8)</span></a>.</p><p>WARNING: Using the
<code class="varname">swap</code> option will
destroy the contents of the named
partition during every boot, so make
sure the underlying block device is
specified
correctly. </p></dd><dt id="tmp"><span class="term"><code class="varname">tmp</code></span><a class="headerlink" title="Permalink to this term" href="#tmp"></a></dt><dd><p>The encrypted block
device will be prepared for using it
as <code class="filename">/tmp</code>
partition: it will be formatted using
<a href="mke2fs.html"><span class="citerefentry"><span class="refentrytitle">mke2fs</span>(8)</span></a>.</p><p>WARNING: Using the
<code class="varname">tmp</code> option will
destroy the contents of the named
partition during every boot, so make
sure the underlying block device is
specified
correctly. </p></dd></dl></div><p>At early boot and when the system manager
configuration is reloaded this file is translated into
native systemd units
by <a href="systemd-cryptsetup-generator.html"><span class="citerefentry"><span class="refentrytitle">systemd-cryptsetup-generator</span>(8)</span></a>.</p></div><div class="refsect1"><a name="idm259801562096"></a><h2 id="Example">Example<a class="headerlink" title="Permalink to this headline" href="#Example"></a></h2><div class="example"><a name="idm259801561424"></a><p class="title"><b>Example 1. /etc/crypttab example</b></p><div class="example-contents"><p>Set up two encrypted block devices with
LUKS: one normal one for storage, and another
one for usage as swap device.</p><pre class="programlisting">luks-2505567a-9e27-4efe-a4d5-15ad146c258b UUID=2505567a-9e27-4efe-a4d5-15ad146c258b - timeout=0
swap /dev/sda7 /dev/urandom swap</pre></div></div><br class="example-break"></div><div class="refsect1"><a name="idm259801559136"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also"></a></h2><p>
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
<a href="systemd-cryptsetup@.service.html"><span class="citerefentry"><span class="refentrytitle">systemd-cryptsetup@.service</span>(8)</span></a>,
<a href="systemd-cryptsetup-generator.html"><span class="citerefentry"><span class="refentrytitle">systemd-cryptsetup-generator</span>(8)</span></a>,
<a href="cryptsetup.html"><span class="citerefentry"><span class="refentrytitle">cryptsetup</span>(8)</span></a>,
<a href="mkswap.html"><span class="citerefentry"><span class="refentrytitle">mkswap</span>(8)</span></a>,
<a href="mke2fs.html"><span class="citerefentry"><span class="refentrytitle">mke2fs</span>(8)</span></a>
</p></div></div></body></html>
Reference in New Issue View Git Blame Copy Permalink