summaryrefslogtreecommitdiff
path: root/man/crypttab.xml
Commit message (Collapse)AuthorAgeFilesLines
* crypttab: Support for VeraCrypt PIM and detached headers for ↵Klaus Zipfel2023-05-061-5/+23
| | | | | TrueCrypt/VeraCrypt (#27548) * Added veracrypt-pim=<PIM> LUKS option for crypttab
* man: document the new crypttab measurement optionsLennart Poettering2023-01-171-0/+22
|
* tree-wide: fix typoYu Watanabe2022-12-021-1/+1
|
* tree-wide: replace "plural(s)" by "plurals"Zbigniew Jędrzejewski-Szmek2022-10-171-1/+1
| | | | | | | | (s) is just ugly with a vibe of DOS. In most cases just using the normal plural form is more natural and gramatically correct. There are some log_debug() statements left, and texts in foreign licenses or headers. Those are not touched on purpose.
* tree-wide: use the term "initrd" at most places we so far used "initramfs"Lennart Poettering2022-09-231-3/+3
| | | | | | | | | | | | In most cases we refernced the concept as "initrd". Let's convert most remaining uses of "initramfs" to "initrd" too, to stay internally consistent. This leaves "initramfs" only where it's relevant to explain historical concepts or where "initramfs" is part of the API (i.e. in /run/initramfs). Follow-up for: b66a6e1a5838b874b789820c090dd6850cf10513
* cryptsetup: hook up signed PCR policiesLennart Poettering2022-09-081-0/+15
|
* man/crypttab: rework formatting in "key acquisition section"Zbigniew Jędrzejewski-Szmek2022-08-231-18/+19
| | | | | | <example> without <title> was rendered as "Example 1.", which did not look good. While at it, the text is rewored to be, I hope, a bit easier to read.
* cryptsetup: support keyfile-timeout for using a device as the key fileChih-Hsuan Yen2022-08-081-2/+2
| | | | Closes https://github.com/systemd/systemd/issues/21993
* cryptsetup: add manual TPM2 PIN configurationGrigori Goronzy2022-03-151-0/+8
| | | | | | Handle the case where TPM2 metadata is not available and explicitly provided in crypttab. This adds a new "tpm2-pin" option to crypttab options for this purpose.
* man: document new token-timeout= settingLennart Poettering2021-10-111-7/+15
|
* tree-wide: fix "the the" and "a a"Yu Watanabe2021-06-301-1/+1
|
* Rename crypttab opt silent to password-echoSebastian Blunt2021-06-071-5/+13
| | | | | | | | | | Use the option name 'password-echo' instead of the generic term 'silent'. Make the option take an argument for better control over echoing behavior. Related discussion in https://github.com/systemd/systemd/pull/19619
* Respect option 'silent' on cryptsetup FIDO2 pin entrySebastian Blunt2021-05-311-2/+3
| | | | | Makes the silent flags behavior consistent between regular password entry and FIDO2 pin entry.
* tpm2: support "+" as separator for TPM PCR listsLennart Poettering2021-05-251-3/+3
| | | | | | | | | | | | | | Previously, we supported only "," as separator. This adds support for "+" and makes it the documented choice. This is to make specifying PCRs in crypttab easier, since commas are already used there for separating volume options, and needless escaping sucks. "," continues to be supported, but in order to keep things minimal not documented. Fixe: #19205
* Add crypttab option silentSebastian Blunt2021-05-151-0/+7
| | | | | | Adds a crypttab option 'silent' that enables the AskPasswordFlag ASK_PASSWORD_SILENT. This allows usage of systemd-cryptsetup to default to silent mode, rather than requiring the user to press tab every time.
* cryptsetup: add 'headless' parameter to skip password/pin queryLuca Boccassi2021-05-071-0/+7
| | | | | | On headless setups, in case other methods fail, asking for a password/pin is not useful as there are no users on the terminal, and generates unwanted noise. Add a parameter to /etc/crypttab to skip it.
* cryptsetup: add support for workqueue optionsJonathan G. Underwood2020-12-231-0/+19
| | | | | | | | This commit adds support for disabling the read and write workqueues with the new crypttab options no-read-workqueue and no-write-workqueue. These correspond to the cryptsetup options --perf-no_read_workqueue and --perf-no_write_workqueue respectively.
* man: document new featuresLennart Poettering2020-12-171-41/+240
|
* tree-wide: fix typosYu Watanabe2020-12-021-1/+1
|
* man: drop comment about ECC vs. RSA and YubikeyLennart Poettering2020-12-011-1/+0
| | | | | | | | The comment is pointless, ECC systematically doesn't allow encryption/decryption directly, only RSA does that. If you want to use ECC for asymmetric encryption/decryption you have to combine it with key exchange scheme and symmetric scheme. This all is not a limitation of the Yubikey, hence don't claim so. It's just how ECC is.
* man: document how cryptsetup keys may be acquired via AF_UNIX socketsLennart Poettering2020-12-011-19/+58
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* Merge pull request #16444 from oniko/luks-detached-headerLennart Poettering2020-10-211-1/+6
|\ | | | | Add support for detached LUKS header on kernel cmd line
| * cryptsetup-generator: Add support for header device in crypttabOndrej Kozina2020-09-251-1/+6
| |
* | man: describe comma escaping in crypttab(5)Zbigniew Jędrzejewski-Szmek2020-09-251-13/+15
|/
* tree-wide: fixes for assorted grammar and spelling issuesZbigniew Jędrzejewski-Szmek2020-07-061-4/+7
| | | | Fixes #16363. Also includes some changes where I generalized the pattern.
* man: Document the crypttab keyfile syntax specifying a deviceVladimir Panteleev2020-06-141-7/+9
| | | | | | Feature introduced in 50d2eba27b9bfc77ef6b40e5721713846815418b. Also documented as part of the kernel parameter syntax in systemd-cryptsetup-generator(8), but should also be documented here as part of the overall file syntax.
* Add 'bitlk' option to mount Bitlocker drives with cryptsetup.Maxim Fomin2020-06-091-0/+7
|
* cryptsetup: support tmp= file system argumentLennart Poettering2020-05-261-10/+9
| | | | | | | | Let's catch up with Debian a bit more. This also changes the default from ext2 to ext4. Fixes: #952
* man: document the newly acquired cryptsetup featuresLennart Poettering2020-05-191-14/+28
|
* man: tweaks to the crypttab(5) man pageLennart Poettering2019-12-171-5/+6
|
* man: document pkcs#11 hookup in /etc/crypttabLennart Poettering2019-12-091-5/+39
|
* crypsetup: introduce x-initrd.attach optionFranck Bui2019-12-051-0/+19
| | | | | | | | | | | | | | | | | This option is an indication for PID1 that the entry in crypttab is handled by initrd only and therefore it shouldn't interfer during the usual start-up and shutdown process. It should be primarily used with the encrypted device containing the root FS as we want to keep it (and thus its encrypted device) until the very end of the shutdown process, i.e. when initrd takes over. This option is the counterpart of "x-initrd.mount" used in fstab. Note that the slice containing the cryptsetup services also needs to drop the usual shutdown dependencies as it's required by the cryptsetup services. Fixes: #14224
* man: small grammatical/word choice fixes to crypttab man pageAnita Zhang2019-11-061-3/+3
| | | | Closes #13608
* cryptsetup: add documentation for keyfile-timeoutshinygold2019-07-171-1/+13
|
* man: use same header for all filesZbigniew Jędrzejewski-Szmek2019-03-141-1/+2
| | | | | | | The "include" files had type "book" for some raeason. I don't think this is meaningful. Let's just use the same everywhere. $ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n "http^gms' man/*.xml
* cryptsetup: add same-cpu-crypt and submit-from-crypt-cpus optionsYu Watanabe2019-03-131-0/+20
| | | | Closes #11946.
* cryptsetup: add support for sector-size= option (#9936)Dimitri John Ledkov2018-08-291-0/+9
| | | | | Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes #8881.
* man: drop unused <authorgroup> tags from man sourcesZbigniew Jędrzejewski-Szmek2018-06-141-15/+0
| | | | | | | | | | | | Docbook styles required those to be present, even though the templates that we use did not show those names anywhere. But something changed semi-recently (I would suspect docbook templates, but there was only a minor version bump in recent years, and the changelog does not suggest anything related), and builds now work without those entries. Let's drop this dead weight. Tested with F26-F29, debian unstable. $ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* man: explain noauto/nofail more carefully in crypttabZbigniew Jędrzejewski-Szmek2017-12-121-5/+12
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1524759
* Add SPDX license identifiers to man pagesZbigniew Jędrzejewski-Szmek2017-11-191-0/+2
|
* man: add a note about _netdev usageZbigniew Jędrzejewski-Szmek2017-10-171-1/+11
|
* units: replace remote-cryptsetup-pre.target with remote-fs-pre.targetZbigniew Jędrzejewski-Szmek2017-10-171-1/+1
| | | | | | | | | | | | | | | | | remote-cryptsetup-pre.target was designed as an active unit (that pulls in network-online.target), the opposite of remote-fs-pre.target (a passive unit, with individual provider services ordering itself before it and pulling it in, for example iscsi.service and nfs-client.target). To make remote-cryptsetup-pre.target really work, those services should be ordered before it too. But this would require updates to all those services, not just changes from systemd side. But the requirements for remote-fs-pre.target and remote-cryptset-pre.target are fairly similar (e.g. iscsi devices can certainly be used for both), so let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses a bit of flexibility, but does away with the requirement for various provider services to know about remote-cryptsetup-pre.target.
* cryptsetup-generator: use remote-cryptsetup.target when _netdev is presentZbigniew Jędrzejewski-Szmek2017-09-051-0/+13
| | | | | | | This allows such devices to depend on the network. Their startup will be delayed similarly to network mount units. Fixes #4642.
* man: order fields alphabetically in crypttab(5)Zbigniew Jędrzejewski-Szmek2017-09-051-47/+46
| | | | | | | | They already were mostly ordered alphabetically, but some disorder snuck in. Also, fix formatting. Some options were described using "--" prefixes, which looks like the text was just copied from crypttab(8).
* man: make crypttab(5) a bit easier to readZbigniew Jędrzejewski-Szmek2017-07-171-1/+4
|
* Implement VeraCrypt volume handling in crypttab (#4501)George Hilliard2016-10-301-0/+11
| | | | This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.