X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fcrypttab.xml;h=42caf34308b210ae6c98d24fc813a51bdd7ddc48;hp=668e51dc0628ee25da1bcf5362111a7873e96ff2;hb=e0104622b33f39ea8fd54f0a286d938401c08e3d;hpb=dc968941bfc9be464e1df15afa05693dec3ec192 diff --git a/man/crypttab.xml b/man/crypttab.xml index 668e51dc0..42caf3430 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -109,10 +109,10 @@ comma-delimited list of options. The following options are recognized: - + - discard + Allow discard requests to be passed through the encrypted block device. This @@ -121,7 +121,7 @@ - cipher= + Specifies the cipher to use. See cryptsetup8 @@ -132,7 +132,7 @@ - hash= + Specifies the hash to use for password hashing. See @@ -142,7 +142,7 @@ - keyfile-offset= + Specifies the number of bytes to skip at the start of the key file. See @@ -152,7 +152,7 @@ - keyfile-size= + Specifies the maximum number of bytes to read from the key file. See @@ -164,39 +164,39 @@ - key-slot= + Specifies the key slot to compare the passphrase or key against. If the key slot does not match the given passphrase or key, but another would, the setup of the device will fail regardless. - This option implies luks. See + This option implies . See cryptsetup8 for possible values. The default is to try all key slots in sequential order. - luks + Force LUKS mode. When this mode is used, the following options are ignored since they are provided by the LUKS header on the - device: cipher=, - hash=, - size=. + device: , + , + . - noauto + This device will not be automatically unlocked on boot. - nofail + The system will not wait for the device to show up and be unlocked at boot, and @@ -204,20 +204,20 @@ - plain + Force plain encryption mode. - read-onlyreadonly + Set up the encrypted block device in read-only mode. - size= + Specifies the key size in bits. See @@ -227,33 +227,33 @@ - swap + The encrypted block device will be used as a swap device, and will be formatted accordingly after setting up the encrypted block device, with - mkswap8. - This option implies plain. + mkswap8. + This option implies . - WARNING: Using the swap + WARNING: Using the option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified correctly. - tcrypt + Use TrueCrypt encryption mode. When this mode is used, the following options are ignored since they are provided by the TrueCrypt header on the device or do not apply: - cipher=, - hash=, - keyfile-offset=, - keyfile-size=, - size=. + , + , + , + , + . When this mode is used, the passphrase is read from the key file given in the third field. @@ -264,7 +264,7 @@ passphrase and key files to derive a password for the volume. Therefore, the passphrase and all key files need to be provided. Use - tcrypt-keyfile= to provide + to provide the absolute path to all key files. When using an empty passphrase in combination with one or more key files, use /dev/null @@ -272,10 +272,10 @@ - tcrypt-hidden + Use the hidden TrueCrypt volume. - This option implies tcrypt. + This option implies . This will map the hidden volume that is inside of the volume provided in the second @@ -287,29 +287,29 @@ - tcrypt-keyfile= + Specifies the absolute path to a key file to use for a TrueCrypt volume. This - implies tcrypt and can be + implies and can be used more than once to provide several key files. - See the entry for tcrypt + See the entry for on the behavior of the passphrase and key files when using TrueCrypt encryption mode. - tcrypt-system + Use TrueCrypt in system encryption mode. This option implies - tcrypt. + . - timeout= + Specifies the timeout for querying for a password. If no unit is @@ -319,22 +319,37 @@ - tmp + + + Specifies how long + systemd should wait for a device to + show up before giving up on the + entry. The argument is a time in + seconds or explicitly specifified + units of s, + min, + h, + ms. + + + + + The encrypted block device will be prepared for using it as /tmp; it will be formatted using - mke2fs8. - This option implies plain. + mke2fs8. + This option implies . - WARNING: Using the tmp + WARNING: Using the option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified correctly. - tries= + Specifies the maximum number of times the user is queried for a password. @@ -343,7 +358,7 @@ - verify + If the encryption password is read from console, it has to be entered twice to @@ -369,7 +384,7 @@ luks UUID=2505567a-9e27-4efe-a4d5-15ad146c258b swap /dev/sda7 /dev/urandom swap truecrypt /dev/sda2 /etc/container_password tcrypt -hidden /mnt/tc_hidden /null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile +hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile @@ -380,8 +395,8 @@ hidden /mnt/tc_hidden /null tcrypt-hidden,tcrypt-keyfile systemd-cryptsetup@.service8, systemd-cryptsetup-generator8, cryptsetup8, - mkswap8, - mke2fs8 + mkswap8, + mke2fs8