X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fcrypttab.xml;h=9dbf1546b1b9c85b25ad6a8c0542c6b1da7f7543;hp=5f386e55f8cb52222582e6f38805c9dc898d520b;hb=ee43f49b7889b546fe05a141459d7f1ddf129bd4;hpb=b4a11878f2fdf5b07f895863747153de632ff4e6 diff --git a/man/crypttab.xml b/man/crypttab.xml index 5f386e55f..9dbf1546b 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -109,10 +109,10 @@ comma-delimited list of options. The following options are recognized: - + - discard + Allow discard requests to be passed through the encrypted block device. This @@ -121,7 +121,7 @@ - cipher= + Specifies the cipher to use. See cryptsetup8 @@ -132,7 +132,7 @@ - hash= + Specifies the hash to use for password hashing. See @@ -142,7 +142,7 @@ - keyfile-offset= + Specifies the number of bytes to skip at the start of the key file. See @@ -152,7 +152,7 @@ - keyfile-size= + Specifies the maximum number of bytes to read from the key file. See @@ -164,39 +164,39 @@ - key-slot= + Specifies the key slot to compare the passphrase or key against. If the key slot does not match the given passphrase or key, but another would, the setup of the device will fail regardless. - This implies luks. See + This option implies . See cryptsetup8 for possible values. The default is to try all key slots in sequential order. - luks + Force LUKS mode. When this mode is used, the following options are ignored since they are provided by the LUKS header on the - device: cipher=, - hash=, - size=. + device: , + , + . - noauto + This device will not be automatically unlocked on boot. - nofail + The system will not wait for the device to show up and be unlocked at boot, and @@ -204,20 +204,20 @@ - plain + Force plain encryption mode. - read-onlyreadonly + Set up the encrypted block device in read-only mode. - size= + Specifies the key size in bits. See @@ -227,33 +227,33 @@ - swap + The encrypted block device will be used as a swap device, and will be formatted accordingly after setting up the encrypted block device, with mkswap8. - This option implies plain. + This option implies . - WARNING: Using the swap + WARNING: Using the option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified correctly. - tcrypt + Use TrueCrypt encryption mode. When this mode is used, the following options are ignored since they are provided by the TrueCrypt header on the device or do not apply: - cipher=, - hash=, - keyfile-offset=, - keyfile-size=, - size=. + , + , + , + , + . When this mode is used, the passphrase is read from the key file given in the third field. @@ -264,7 +264,7 @@ passphrase and key files to derive a password for the volume. Therefore, the passphrase and all key files need to be provided. Use - tcrypt-keyfile= to provide + to provide the absolute path to all key files. When using an empty passphrase in combination with one or more key files, use /dev/null @@ -272,10 +272,10 @@ - tcrypt-hidden + Use the hidden TrueCrypt volume. - This implies tcrypt. + This option implies . This will map the hidden volume that is inside of the volume provided in the second @@ -287,36 +287,29 @@ - tcrypt-keyfile= + Specifies the absolute path to a key file to use for a TrueCrypt volume. This - implies tcrypt and can be + implies and can be used more than once to provide several key files. - See the entry for tcrypt + See the entry for on the behavior of the passphrase and key files when using TrueCrypt encryption mode. - tcrypt-system + Use TrueCrypt in system - encryption mode. This implies - tcrypt. - - Please note that when using this mode, the - whole device needs to be given in the second - field instead of the partition. For example: if - /dev/sda2 is the system - encrypted TrueCrypt patition, /dev/sda - has to be given. + encryption mode. This option implies + . - timeout= + Specifies the timeout for querying for a password. If no unit is @@ -326,22 +319,22 @@ - tmp + The encrypted block device will be prepared for using it as /tmp; it will be formatted using mke2fs8. - This option implies plain. + This option implies . - WARNING: Using the tmp + WARNING: Using the option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified correctly. - tries= + Specifies the maximum number of times the user is queried for a password. @@ -350,7 +343,7 @@ - verify + If the encryption password is read from console, it has to be entered twice to @@ -376,7 +369,7 @@ luks UUID=2505567a-9e27-4efe-a4d5-15ad146c258b swap /dev/sda7 /dev/urandom swap truecrypt /dev/sda2 /etc/container_password tcrypt -hidden /mnt/tc_hidden /null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile +hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile