]>
Commit | Line | Data |
---|---|---|
db7bd829 JR |
1 | .\" A man page for /etc/crypttab. |
2 | .\" | |
3 | .\" Copyright (C) 2006 Red Hat, Inc. All rights reserved. | |
4 | .\" | |
5 | .\" This copyrighted material is made available to anyone wishing to use, | |
6 | .\" modify, copy, or redistribute it subject to the terms and conditions of the | |
7 | .\" GNU General Public License v.2. | |
8 | .\" | |
9 | .\" This program is distributed in the hope that it will be useful, but WITHOUT | |
10 | .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
11 | .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | |
12 | .\" more details. | |
13 | .\" | |
14 | .\" You should have received a copy of the GNU General Public License along | |
15 | .\" with this program; if not, write to the Free Software Foundation, Inc., | |
16 | .\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
17 | .\" | |
18 | .\" Author: Miloslav Trmac <mitr@redhat.com> | |
19 | .TH crypttab 5 "Jul 2006" | |
20 | ||
21 | .SH NAME | |
22 | /etc/crypttab - encrypted block device table | |
23 | ||
24 | .SH DESCRIPTION | |
25 | The | |
26 | .B /etc/crypptab | |
27 | file describes encrypted block devices that are set up during system boot. | |
28 | ||
29 | Empty lines and lines starting with the | |
30 | .B # | |
31 | character are ignored. | |
32 | Each of the remaining lines describes one encrypted block device, | |
33 | fields on the line are delimited by white space. | |
34 | The first two fields are mandatory, the remaining two are optional. | |
35 | ||
36 | The first field contains the | |
37 | .I name | |
38 | of the resulting encrypted block device; | |
39 | the device is set up at | |
40 | \fB/dev/mapper/\fIname\fR. | |
41 | ||
42 | The second field contains a path to the underlying block device. | |
43 | If the block device contains a LUKS signature, | |
44 | it is opened as a LUKS encrypted partition; | |
45 | otherwise it is assumed to be a raw dm-crypt partition. | |
46 | ||
47 | The third field specifies the encryption password. | |
48 | If the field is not present or the password is set to \fBnone\fR, | |
49 | the password has to be manually entered during system boot. | |
50 | Otherwise the field is interpreted as a path to a file | |
51 | containing the encryption password. | |
52 | For swap encryption | |
53 | .B /dev/urandom | |
54 | can be used as the password file; | |
55 | using | |
56 | .B /dev/random | |
57 | may prevent boot completion | |
58 | if the system does not have enough entropy | |
59 | to generate a truly random encryption key. | |
60 | ||
61 | The fourth field, if present, is a comma-delimited list of options. | |
62 | The following options are recognized: | |
63 | .TP | |
64 | \fBcipher=\fIcipher\fR | |
65 | Specifies the cipher to use; see | |
66 | .BR cryptsetup (8) | |
67 | for possible values and the default value of this option. | |
68 | A cipher with unpredictable IV values, such as | |
69 | \fBaes-cbc-essiv:sha256\fR, is recommended. | |
70 | ||
71 | .TP | |
72 | \fBsize=\fIsize\fR | |
73 | Specifies the key size in bits; see | |
74 | .BR cryptsetup (8) | |
75 | for possible values and the default value of this option. | |
76 | ||
77 | .TP | |
78 | \fBhash=\fIhash\fR | |
79 | Specifies the hash to use for password hashing; see | |
80 | .BR cryptsetup (8) | |
81 | for possible values and the default value of this option. | |
82 | ||
83 | .TP | |
84 | \fBverify\fR | |
85 | If the the encryption password is read from console, | |
86 | it has to be entered twice (to prevent typos). | |
87 | ||
88 | .TP | |
89 | \fBswap\fR | |
90 | The encrypted block device will be used as a swap partition, | |
91 | and will be formatted as a swap partition | |
92 | after setting up the encrypted block device. | |
93 | The underlying block device | |
94 | will be formatted again as an unencrypted swap partition | |
95 | after destroying the encrypted block device. | |
96 | (This allows sharing a single swap partition between operating | |
97 | system installations, | |
98 | with some of them encrypting the swap partitions and some of them not.) | |
99 | ||
100 | \fIWARNING\fR: Using the | |
101 | .B swap | |
102 | option will destroy the contents of the named partition during every boot, so | |
103 | make sure the underlying block device is specified correctly. | |
104 | ||
105 | .TP | |
106 | \fBtmp\fR | |
107 | The encrypted block device will be prepared for using it as tmp partition: | |
108 | it will be formatted using | |
109 | .B mke2fs | |
110 | and its root directory will be set to mode 01777. | |
111 | The warning about the | |
112 | .B swap | |
113 | option applies here as well. | |
114 | ||
115 | .PP | |
116 | No options can be specified for LUKS encrypted partitions. | |
117 | ||
118 | .SH COMPATIBILITY | |
119 | The | |
120 | .B /etc/crypptab | |
121 | file format is based on the Debian cryptsetup package, | |
122 | and is intended to be compatible. | |
123 | ||
124 | .SH SEE ALSO | |
125 | .BR cryptsetup (8) |