X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fcrypttab.xml;h=9dbf1546b1b9c85b25ad6a8c0542c6b1da7f7543;hp=fae39e71b0bed06a5eb6410dd605c03f246b78d4;hb=ee43f49b7889b546fe05a141459d7f1ddf129bd4;hpb=fa7abba2328eb2d23a7e27708f86f5013059ddcf diff --git a/man/crypttab.xml b/man/crypttab.xml index fae39e71b..9dbf1546b 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -109,10 +109,10 @@ comma-delimited list of options. The following options are recognized: - + - discard + Allow discard requests to be passed through the encrypted block device. This @@ -121,7 +121,7 @@ - cipher= + Specifies the cipher to use. See cryptsetup8 @@ -132,7 +132,7 @@ - hash= + Specifies the hash to use for password hashing. See @@ -142,7 +142,7 @@ - keyfile-offset= + Specifies the number of bytes to skip at the start of the key file. See @@ -152,7 +152,7 @@ - keyfile-size= + Specifies the maximum number of bytes to read from the key file. See @@ -164,25 +164,39 @@ - luks + + + Specifies the key slot to + compare the passphrase or key against. + If the key slot does not match the given + passphrase or key, but another would, the + setup of the device will fail regardless. + This option implies . See + cryptsetup8 + for possible values. The default is to try + all key slots in sequential order. + + + + Force LUKS mode. When this mode is used, the following options are ignored since they are provided by the LUKS header on the - device: cipher=, - hash=, - size=. + device: , + , + . - noauto + This device will not be automatically unlocked on boot. - nofail + The system will not wait for the device to show up and be unlocked at boot, and @@ -190,20 +204,20 @@ - plain + Force plain encryption mode. - read-onlyreadonly + Set up the encrypted block device in read-only mode. - size= + Specifies the key size in bits. See @@ -213,33 +227,33 @@ - swap + The encrypted block device will be used as a swap device, and will be formatted accordingly after setting up the encrypted block device, with mkswap8. - This option implies plain. + This option implies . - WARNING: Using the swap + WARNING: Using the option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified correctly. - tcrypt + Use TrueCrypt encryption mode. When this mode is used, the following options are ignored since they are provided by the TrueCrypt header on the device or do not apply: - cipher=, - hash=, - keyfile-offset=, - keyfile-size=, - size=. + , + , + , + , + . When this mode is used, the passphrase is read from the key file given in the third field. @@ -250,7 +264,7 @@ passphrase and key files to derive a password for the volume. Therefore, the passphrase and all key files need to be provided. Use - tcrypt-keyfile= to provide + to provide the absolute path to all key files. When using an empty passphrase in combination with one or more key files, use /dev/null @@ -258,10 +272,10 @@ - tcrypt-hidden + Use the hidden TrueCrypt volume. - This implies tcrypt. + This option implies . This will map the hidden volume that is inside of the volume provided in the second @@ -273,36 +287,29 @@ - tcrypt-keyfile= + Specifies the absolute path to a key file to use for a TrueCrypt volume. This - implies tcrypt and can be + implies and can be used more than once to provide several key files. - See the entry for tcrypt + See the entry for on the behavior of the passphrase and key files when using TrueCrypt encryption mode. - tcrypt-system + Use TrueCrypt in system - encryption mode. This implies - tcrypt. - - Please note that when using this mode, the - whole device needs to be given in the second - field instead of the partition. For example: if - /dev/sda2 is the system - encrypted TrueCrypt patition, /dev/sda - has to be given. + encryption mode. This option implies + . - timeout= + Specifies the timeout for querying for a password. If no unit is @@ -312,22 +319,22 @@ - tmp + The encrypted block device will be prepared for using it as /tmp; it will be formatted using mke2fs8. - This option implies plain. + This option implies . - WARNING: Using the tmp + WARNING: Using the option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified correctly. - tries= + Specifies the maximum number of times the user is queried for a password. @@ -336,7 +343,7 @@ - verify + If the encryption password is read from console, it has to be entered twice to @@ -362,9 +369,7 @@ luks UUID=2505567a-9e27-4efe-a4d5-15ad146c258b swap /dev/sda7 /dev/urandom swap truecrypt /dev/sda2 /etc/container_password tcrypt -hidden /mnt/tc_hidden /null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile - Note that the default hash algorithm is ripemd160. If you use your system - in FIPS mode, please specify supported hash algorithm (e.g.: hash=sha1). +hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfile