- <term><varname>allow-discards</varname></term>
-
- <listitem><para>Allow discard requests
- to be passed through the encrypted
- block device. This improves
- performance on SSD storage but has
- security
- implications.</para></listitem>
+ <term><varname>tcrypt</varname></term>
+
+ <listitem><para>Use TrueCrypt encryption mode.
+ When this mode is used, the following options are
+ ignored since they are provided by the TrueCrypt
+ header on the device or do not apply:
+ <varname>cipher=</varname>,
+ <varname>hash=</varname>,
+ <varname>keyfile-offset=</varname>,
+ <varname>keyfile-size=</varname>,
+ <varname>size=</varname>.</para>
+
+ <para>When this mode is used, the passphrase is
+ read from the key file given in the third field.
+ Only the first line of this file is read,
+ excluding the new line character.</para>
+
+ <para>Note that the TrueCrypt format uses both
+ passphrase and key files to derive a password
+ for the volume. Therefore, the passphrase and
+ all key files need to be provided. Use
+ <varname>tcrypt-keyfile=</varname> to provide
+ the absolute path to all key files. When using
+ an empty passphrase in combination with one or
+ more key files, use <literal>/dev/null</literal>
+ as the password file in the third field.</para></listitem>