<variablelist class='crypttab-options'>
<varlistentry>
- <term><varname>allow-discards</varname></term>
+ <term><varname>discard</varname></term>
<listitem><para>Allow discard requests to be
passed through the encrypted block device. This
given by the key size.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>key-slot=</varname></term>
+
+ <listitem><para>Specifies the key slot to
+ compare the passphrase or key against.
+ If the key slot does not match the given
+ passphrase or key, but another would, the
+ setup of the device will fail regardless.
+ This option implies <varname>luks</varname>. See
+ <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for possible values. The default is to try
+ all key slots in sequential order.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>luks</varname></term>
<listitem><para>Force LUKS mode. When this mode
- is used the following options are ignored since
+ is used, the following options are ignored since
they are provided by the LUKS header on the
device: <varname>cipher=</varname>,
<varname>hash=</varname>,
<term><varname>tcrypt</varname></term>
<listitem><para>Use TrueCrypt encryption mode.
- When this mode is used the following options are
+ When this mode is used, the following options are
ignored since they are provided by the TrueCrypt
header on the device or do not apply:
<varname>cipher=</varname>,
<term><varname>tcrypt-hidden</varname></term>
<listitem><para>Use the hidden TrueCrypt volume.
- This implies <varname>tcrypt</varname>.</para>
+ This option implies <varname>tcrypt</varname>.</para>
<para>This will map the hidden volume that is
inside of the volume provided in the second
<term><varname>tcrypt-system</varname></term>
<listitem><para>Use TrueCrypt in system
- encryption mode. This implies
- <varname>tcrypt</varname>.</para>
-
- <para>Please note that when using this mode, the
- whole device needs to be given in the second
- field instead of the partition. For example: if
- <literal>/dev/sda2</literal> is the system
- encrypted TrueCrypt patition, <literal>/dev/sda</literal>
- has to be given.</para></listitem>
+ encryption mode. This option implies
+ <varname>tcrypt</varname>.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>tries=</varname></term>
<listitem><para>Specifies the maximum number of
- times the user is queried for a password.</para></listitem>
+ times the user is queried for a password.
+ The default is 3. If set to 0, the user is
+ queried for a password indefinitely.</para></listitem>
</varlistentry>
<varlistentry>
~ianmdlvl / elogind.git / blobdiff