From f1a20afacdf19fe9e1a4fd7e4aefc44115b9d36b Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Fri, 12 Jun 2020 10:44:57 +0000 Subject: [PATCH] man: Document the crypttab keyfile syntax specifying a device Feature introduced in 50d2eba27b9bfc77ef6b40e5721713846815418b. Also documented as part of the kernel parameter syntax in systemd-cryptsetup-generator(8), but should also be documented here as part of the overall file syntax. --- man/crypttab.xml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/man/crypttab.xml b/man/crypttab.xml index 2046911c78..4cdc52dcb8 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -60,13 +60,15 @@ device or file, or a specification of a block device via UUID= followed by the UUID. - The third field specifies an absolute path to a file to read the encryption key from. If the field - is not present or set to none or -, a key file named after the - volume to unlock (i.e. the first column of the line), suffixed with .key is - automatically loaded from the /etc/cryptsetup-keys.d/ and - /run/cryptsetup-keys.d/ directories, if present. Otherwise, the password has to be - manually entered during system boot. For swap encryption, /dev/urandom may be used - as key file. + The third field specifies an absolute path to a file to read the encryption key from. Optionally, + the path may be followed by : and an fstab device specification (e.g. starting with + LABEL= or similar); in which case, the path is relative to the device file system + root. If the field is not present or set to none or -, a key file + named after the volume to unlock (i.e. the first column of the line), suffixed with + .key is automatically loaded from the /etc/cryptsetup-keys.d/ + and /run/cryptsetup-keys.d/ directories, if present. Otherwise, the password has to + be manually entered during system boot. For swap encryption, /dev/urandom may be + used as key file. The fourth field, if present, is a comma-delimited list of options. The following options are recognized: