The Red Hat version has been written by Miloslav Trmac <mitr@redhat.com>.
-->
-<refentry id="crypttab">
+<refentry id="crypttab" conditional='HAVE_LIBCRYPTSETUP'>
<refentryinfo>
<title>crypttab</title>
describes encrypted block devices that are set up
during system boot.</para>
- <para>Empty lines and lines starting with the #
+ <para>Empty lines and lines starting with the <literal>#</literal>
character are ignored. Each of the remaining lines
describes one encrypted block device, fields on the
line are delimited by white space. The first two
underlying block device, or a specification of a block
device via <literal>UUID=</literal> followed by the
UUID. If the block device contains a LUKS signature,
- it is opened as a LUKS encrypted partition; otherwise
+ it is opened as a LUKS encrypted partition; otherwise,
it is assumed to be a raw dm-crypt partition.</para>
<para>The third field specifies the encryption
password. If the field is not present or the password
is set to none, the password has to be manually
- entered during system boot. Otherwise the field is
+ entered during system boot. Otherwise, the field is
interpreted as a path to a file containing the
- encryption password. For swap encryption
+ encryption password. For swap encryption,
<filename>/dev/urandom</filename> or the hardware
device <filename>/dev/hw_random</filename> can be used
as the password file; using
comma-delimited list of options. The following
options are recognized:</para>
- <variablelist>
+ <variablelist class='crypttab-options'>
<varlistentry>
<term><varname>cipher=</varname></term>
</varlistentry>
<varlistentry>
- <term><varname>read-only</varname></term>
+ <term><varname>read-only</varname></term><term><varname>readonly</varname></term>
<listitem><para>Set up the encrypted
block device in read-only
<listitem><para>Specify the timeout
for querying for a password. If no
unit is specified seconds is used.
- Supported units are s, ms,
- us, min, h, d.</para></listitem>
+ Supported units are s, ms, us, min, h,
+ d. A timeout of 0 waits indefinitely
+ (which is the
+ default).</para></listitem>
</varlistentry>
<varlistentry>
<listitem><para>The system will not
wait for the device to show up and be
unlocked at boot, and not fail the
- boot if it doesn't show
+ boot if it does not show
up.</para></listitem>
</varlistentry>
</variablelist>
<para>At early boot and when the system manager
- configuration is reloaded this file is translated into
+ configuration is reloaded, this file is translated into
native systemd units
by <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</refsect1>