diff options
| author | Vladimir Panteleev <git@thecybershadow.net> | 2020-06-12 10:44:57 +0000 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-06-14 10:46:41 +0200 |
| commit | f1a20afacdf19fe9e1a4fd7e4aefc44115b9d36b (patch) | |
| tree | 6a570e5b03cf1d01b309a3f38056eb108b188676 /man/crypttab.xml | |
| parent | 550c14fedd9aee8aa3ff3c43b728fc4464eac8ba (diff) | |
| download | systemd-f1a20afacdf19fe9e1a4fd7e4aefc44115b9d36b.tar.gz | |
man: Document the crypttab keyfile syntax specifying a device
Feature introduced in 50d2eba27b9bfc77ef6b40e5721713846815418b. Also documented
as part of the kernel parameter syntax in systemd-cryptsetup-generator(8), but
should also be documented here as part of the overall file syntax.
Diffstat (limited to 'man/crypttab.xml')
| -rw-r--r-- | man/crypttab.xml | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/man/crypttab.xml b/man/crypttab.xml index 2046911c78..4cdc52dcb8 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -60,13 +60,15 @@ device or file, or a specification of a block device via <literal>UUID=</literal> followed by the UUID.</para> - <para>The third field specifies an absolute path to a file to read the encryption key from. If the field - is not present or set to <literal>none</literal> or <literal>-</literal>, a key file named after the - volume to unlock (i.e. the first column of the line), suffixed with <filename>.key</filename> is - automatically loaded from the <filename>/etc/cryptsetup-keys.d/</filename> and - <filename>/run/cryptsetup-keys.d/</filename> directories, if present. Otherwise, the password has to be - manually entered during system boot. For swap encryption, <filename>/dev/urandom</filename> may be used - as key file.</para> + <para>The third field specifies an absolute path to a file to read the encryption key from. Optionally, + the path may be followed by <literal>:</literal> and an fstab device specification (e.g. starting with + <literal>LABEL=</literal> or similar); in which case, the path is relative to the device file system + root. If the field is not present or set to <literal>none</literal> or <literal>-</literal>, a key file + named after the volume to unlock (i.e. the first column of the line), suffixed with + <filename>.key</filename> is automatically loaded from the <filename>/etc/cryptsetup-keys.d/</filename> + and <filename>/run/cryptsetup-keys.d/</filename> directories, if present. Otherwise, the password has to + be manually entered during system boot. For swap encryption, <filename>/dev/urandom</filename> may be + used as key file.</para> <para>The fourth field, if present, is a comma-delimited list of options. The following options are recognized:</para> |