SYSTEMD−CRYPTSETUP−GENERATOR - Online Linux Manual PageSection : 8
Updated :
Source : systemd 253
Note : systemd-cryptsetup-generator

NAMEsystemd-cryptsetup-generator − Unit generator for /etc/crypttab

SYNOPSIS/usr/lib/systemd/system−generators/systemd−cryptsetup−generator

DESCRIPTIONsystemd−cryptsetup−generator is a generator that translates /etc/crypttab into native systemd units early at boot and when configuration of the system manager is reloaded​. This will create systemd-cryptsetup@.service(8) units as necessary​. systemd−cryptsetup−generator implements systemd.generator(7)​.

KERNEL COMMAND LINEsystemd−cryptsetup−generator understands the following kernel command line parameters: luks=, rd​.luks= Takes a boolean argument​. Defaults to "yes"​. If "no", disables the generator entirely​. rd​.luks= is honored only in the initrd while luks= is honored by both the main system and in the initrd​. luks​.crypttab=, rd​.luks​.crypttab= Takes a boolean argument​. Defaults to "yes"​. If "no", causes the generator to ignore any devices configured in /etc/crypttab (luks​.uuid= will still work however)​. rd​.luks​.crypttab= is honored only in initrd while luks​.crypttab= is honored by both the main system and in the initrd​. luks​.uuid=, rd​.luks​.uuid= Takes a LUKS superblock UUID as argument​. This will activate the specified device as part of the boot process as if it was listed in /etc/crypttab​. This option may be specified more than once in order to set up multiple devices​. rd​.luks​.uuid= is honored only in the initrd, while luks​.uuid= is honored by both the main system and in the initrd​. If /etc/crypttab contains entries with the same UUID, then the name, keyfile and options specified there will be used​. Otherwise, the device will have the name "luks−UUID"​. If /etc/crypttab exists, only those UUIDs specified on the kernel command line will be activated in the initrd or the real root​. luks​.name=, rd​.luks​.name= Takes a LUKS super block UUID followed by an "=" and a name​. This implies rd​.luks​.uuid= or luks​.uuid= and will additionally make the LUKS device given by the UUID appear under the provided name​. This parameter is the analogue of the first crypttab(5) field volume−name​. rd​.luks​.name= is honored only in the initrd, while luks​.name= is honored by both the main system and in the initrd​. luks​.data=, rd​.luks​.data= Takes a LUKS super block UUID followed by a "=" and a block device specification for device hosting encrypted data​. For those entries specified with rd​.luks​.uuid= or luks​.uuid=, the data device will be set to the one specified by rd​.luks​.data= or luks​.data= of the corresponding UUID​. LUKS data device parameter is useful for specifying encrypted data devices with detached headers specified in luks​.options entry containing "header=" argument​. For example, rd​.luks​.uuid=b40f1abf−2a53−400a−889a−2eccc27eaa40 rd​.luks​.options=b40f1abf−2a53−400a−889a−2eccc27eaa40=header=/path/to/luks​.hdr rd​.luks​.data=b40f1abf−2a53−400a−889a−2eccc27eaa40=/dev/sdx​. Hence, in this case, we will attempt to unlock LUKS device assembled from data device "/dev/sdx" and LUKS header (metadata) put in "/path/to/luks​.hdr" file​. This syntax is for now only supported on a per−device basis, i​.e​. you have to specify LUKS device UUID​. This parameter is the analogue of the second crypttab(5) field encrypted−device​. rd​.luks​.data= is honored only in the initrd, while luks​.data= is honored by both the main system and in the initrd​. luks​.key=, rd​.luks​.key= Takes a password file name as argument or a LUKS super block UUID followed by a "=" and a password file name​. For those entries specified with rd​.luks​.uuid= or luks​.uuid=, the password file will be set to the one specified by rd​.luks​.key= or luks​.key= of the corresponding UUID, or the password file that was specified without a UUID​. It is also possible to specify an external device which should be mounted before we attempt to unlock the LUKS device​. systemd−cryptsetup will use password file stored on that device​. Device containing password file is specified by appending colon and a device identifier to the password file path​. For example, rd​.luks​.uuid=b40f1abf−2a53−400a−889a−2eccc27eaa40 rd​.luks​.key=b40f1abf−2a53−400a−889a−2eccc27eaa40=/keyfile:LABEL=keydev​. Hence, in this case, we will attempt to mount file system residing on the block device with label "keydev"​. This syntax is for now only supported on a per−device basis, i​.e​. you have to specify LUKS device UUID​. This parameter is the analogue of the third crypttab(5) field key−file​. rd​.luks​.key= is honored only in the initrd, while luks​.key= is honored by both the main system and in the initrd​. luks​.options=, rd​.luks​.options= Takes a LUKS super block UUID followed by an "=" and a string of options separated by commas as argument​. This will override the options for the given UUID​. If only a list of options, without an UUID, is specified, they apply to any UUIDs not specified elsewhere, and without an entry in /etc/crypttab​. This parameter is the analogue of the fourth crypttab(5) field options​. It is possible to specify an external device which should be mounted before we attempt to unlock the LUKS device​. systemd−cryptsetup will assemble LUKS device by combining data device specified in luks​.data with detached LUKS header found in "header=" argument​. For example, rd​.luks​.uuid=b40f1abf−2a53−400a−889a−2eccc27eaa40 rd​.luks​.options=b40f1abf−2a53−400a−889a−2eccc27eaa40=header=/luks​.hdr:LABEL=hdrdev rd​.luks​.data=b40f1abf−2a53−400a−889a−2eccc27eaa40=/dev/sdx​. Hence, in this case, we will attempt to mount file system residing on the block device with label "hdrdev", and look for "luks​.hdr" on that file system​. Said header will be used to unlock (decrypt) encrypted data stored on /dev/sdx​. This syntax is for now only supported on a per−device basis, i​.e​. you have to specify LUKS device UUID​. rd​.luks​.options= is honored only by initial RAM disk (initrd) while luks​.options= is honored by both the main system and in the initrd​.

SEE ALSOsystemd(1), crypttab(5), systemd-cryptsetup@.service(8), systemd-cryptenroll(1), cryptsetup(8), systemd-fstab-generator(8)
0
Johanes Gumabo
Data Size   :   19,154 byte
man-systemd-cryptsetup-generator.8Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   4 / 186,458
Visitor ID   :     :  
Visitor IP   :   52.14.234.146   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.