diff options
-rw-r--r-- | crypttab.5 | 132 |
1 files changed, 0 insertions, 132 deletions
diff --git a/crypttab.5 b/crypttab.5 deleted file mode 100644 index f7afa69a..00000000 --- a/crypttab.5 +++ /dev/null @@ -1,132 +0,0 @@ -.\" A man page for /etc/crypttab. -.\" -.\" Copyright (C) 2006 Red Hat, Inc. All rights reserved. -.\" -.\" This copyrighted material is made available to anyone wishing to use, -.\" modify, copy, or redistribute it subject to the terms and conditions of the -.\" GNU General Public License v.2. -.\" -.\" This program is distributed in the hope that it will be useful, but WITHOUT -.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -.\" more details. -.\" -.\" You should have received a copy of the GNU General Public License along -.\" with this program; if not, write to the Free Software Foundation, Inc., -.\" 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -.\" -.\" Author: Miloslav Trmac <mitr@redhat.com> -.TH crypttab 5 "Jul 2006" - -.SH NAME -/etc/crypttab - encrypted block device table - -.SH DESCRIPTION -The -.B /etc/crypttab -file describes encrypted block devices that are set up during system boot. - -Empty lines and lines starting with the -.B # -character are ignored. -Each of the remaining lines describes one encrypted block device, -fields on the line are delimited by white space. -The first two fields are mandatory, the remaining two are optional. - -The first field contains the -.I name -of the resulting encrypted block device; -the device is set up at -\fB/dev/mapper/\fIname\fR. - -The second field contains a path to the underlying block device, -or a specification of a block device via UUID=<device uuid>. -If the block device contains a LUKS signature, -it is opened as a LUKS encrypted partition; -otherwise it is assumed to be a raw dm-crypt partition. - -The third field specifies the encryption password. -If the field is not present or the password is set to \fBnone\fR, -the password has to be manually entered during system boot. -Otherwise the field is interpreted as a path to a file -containing the encryption password. -For swap encryption -.B /dev/urandom -or the hardware device -.B /dev/hw_random -can be used as the password file; -using -.B /dev/random -may prevent boot completion -if the system does not have enough entropy -to generate a truly random encryption key. - -The fourth field, if present, is a comma-delimited list of options. -The following options are recognized: -.TP -\fBcipher=\fIcipher\fR -Specifies the cipher to use; see -.BR cryptsetup (8) -for possible values and the default value of this option. -A cipher with unpredictable IV values, such as -\fBaes-cbc-essiv:sha256\fR, is recommended. - -.TP -\fBsize=\fIsize\fR -Specifies the key size in bits; see -.BR cryptsetup (8) -for possible values and the default value of this option. - -.TP -\fBhash=\fIhash\fR -Specifies the hash to use for password hashing; see -.BR cryptsetup (8) -for possible values and the default value of this option. - -.TP -\fBverify\fR -If the the encryption password is read from console, -it has to be entered twice (to prevent typos). - -.TP -\fBnoauto\fR -This device will not be automatically unlocked on boot. - -.TP -\fBswap\fR -The encrypted block device will be used as a swap partition, -and will be formatted as a swap partition -after setting up the encrypted block device. -The underlying block device -will be formatted again as an unencrypted swap partition -after destroying the encrypted block device. -(This allows sharing a single swap partition between operating -system installations, -with some of them encrypting the swap partitions and some of them not.) - -\fIWARNING\fR: Using the -.B swap -option will destroy the contents of the named partition during every boot, so -make sure the underlying block device is specified correctly. - -.TP -\fBtmp\fR -The encrypted block device will be prepared for using it as tmp partition: -it will be formatted using -.B mke2fs -and its root directory will be set to mode 01777. -The warning about the -.B swap -option applies here as well. - -.PP -No options can be specified for LUKS encrypted partitions. - -.SH COMPATIBILITY -The -.B /etc/crypttab -file format is based on the Debian cryptsetup package, -and is intended to be compatible. - -.SH SEE ALSO -.BR cryptsetup (8) |