diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml
index f249798171..6d064f6373 100644
--- a/man/kernel-command-line.xml
+++ b/man/kernel-command-line.xml
@@ -237,6 +237,8 @@
rd.luks.crypttab=
luks.uuid=
rd.luks.uuid=
+ luks.key=
+ rd.luks.key=
Configures the LUKS
diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml
index 292e967bea..7950032941 100644
--- a/man/systemd-cryptsetup-generator.xml
+++ b/man/systemd-cryptsetup-generator.xml
@@ -128,7 +128,31 @@
(initrd) while
luks.uuid= is
honored by both the main system and
- the initrd.
+ the initrd.
+ If /etc/crypttab contains entries with
+ the same UUID, then the options for this entry
+ will be used.
+ If /etc/crypttab exists, only those UUID
+ specified on the kernel command line
+ will be activated in the initrd or the real root.
+
+
+
+ luks.key=
+ rd.luks.key=
+
+ Takes a password file as argument.
+ For those entries specified with
+ rd.luks.uuid= or luks.uuid=,
+ the password file will be set to the password file specified by
+ rd.luks.key= or luks.key
+ rd.luks.key=
+ is honored only by initial RAM disk
+ (initrd) while
+ luks.key= is
+ honored by both the main system and
+ the initrd.
+
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index fd2080b539..fd634ae74c 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -233,7 +233,7 @@ static int create_disk(
return 0;
}
-static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) {
+static int parse_proc_cmdline(char ***arg_proc_cmdline_disks, char **arg_proc_cmdline_keyfile) {
char _cleanup_free_ *line = NULL;
char *w = NULL, *state = NULL;
int r;
@@ -300,6 +300,21 @@ static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) {
return log_oom();
}
+ } else if (startswith(word, "luks.key=")) {
+ *arg_proc_cmdline_keyfile = strdup(word + 9);
+ if (! arg_proc_cmdline_keyfile)
+ return log_oom();
+
+ } else if (startswith(word, "rd.luks.key=")) {
+
+ if (in_initrd()) {
+ if (*arg_proc_cmdline_keyfile)
+ free(*arg_proc_cmdline_keyfile);
+ *arg_proc_cmdline_keyfile = strdup(word + 12);
+ if (!arg_proc_cmdline_keyfile)
+ return log_oom();
+ }
+
} else if (startswith(word, "luks.") ||
(in_initrd() && startswith(word, "rd.luks."))) {
@@ -319,6 +334,7 @@ int main(int argc, char *argv[]) {
char **i;
char _cleanup_strv_free_ **arg_proc_cmdline_disks_done = NULL;
char _cleanup_strv_free_ **arg_proc_cmdline_disks = NULL;
+ char _cleanup_free_ *arg_proc_cmdline_keyfile = NULL;
if (argc > 1 && argc != 4) {
log_error("This program takes three or no arguments.");
@@ -334,7 +350,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- if (parse_proc_cmdline(&arg_proc_cmdline_disks) < 0)
+ if (parse_proc_cmdline(&arg_proc_cmdline_disks, &arg_proc_cmdline_keyfile) < 0)
return EXIT_FAILURE;
if (!arg_enabled)
@@ -425,7 +441,7 @@ int main(int argc, char *argv[]) {
if (!name || !device)
return log_oom();
- if (create_disk(name, device, NULL, "timeout=0") < 0)
+ if (create_disk(name, device, arg_proc_cmdline_keyfile, "timeout=0") < 0)
r = EXIT_FAILURE;
}