xref: /dragonfly/share/man/man5/crypttab.5 (revision 67640b13) 
1.\"
2.\" Copyright (c) 2010
3.\"	The DragonFly Project.  All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in
13.\"    the documentation and/or other materials provided with the
14.\"    distribution.
15.\" 3. Neither the name of The DragonFly Project nor the names of its
16.\"    contributors may be used to endorse or promote products derived
17.\"    from this software without specific, prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
23.\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24.\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
25.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
27.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
29.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.Dd October 22, 2010
33.Dt CRYPTTAB 5
34.Os
35.Sh NAME
36.Nm crypttab
37.Nd encrypted disk device table
38.Sh DESCRIPTION
39The
40.Nm
41file contains a list of the encrypted disk devices of the system. Each
42encrypted volume is described on a separate line; fields on each line are
43separated by tabs or spaces.
44.Pp
45The first field,
46.Pq Fa name ,
47contains the name of the resultant crypto volume device, which will
48be a node in
49.Pa /dev/mapper
50with the given
51.Pa name .
52.Pp
53The second field,
54.Pq Fa device ,
55is the underlying device on which the crypto volume resides and must be
56a full device path to a node in
57.Pa /dev .
58.Pp
59The third field,
60.Pq Fa keyfile ,
61is either the value
62.Pa none
63or the full path on the file system to a keyfile to unlock the crypto
64volume.
65If
66.Pa none
67is specified, the system will prompt for a password during the boot
68sequence.
69.Pp
70The fourth field,
71.Pq Fa options ,
72can contain a comma separated list with the following options on
73.Dx
74or can be set to
75.Pa none .
76.Bl -tag -width keyscript=/script.sh
77.It Va tries=N
78Prompt for the passphrase at most
79.Fa N
80times if the entered passphrase is incorrect.
81.It Va timeout=T
82Time out the interactive passphrase prompt after
83.Fa T
84seconds.
85.It Va keyscript=script
86Run the script pointed at by
87.Fa script
88to get the passphrase. The stdout output of the script will be used as the
89passphrase instead of showing an interactive prompt.
90.El
91.Pp
92Note that the
93.Nm
94file on
95.Dx
96currently only supports LUKS volumes and not raw
97.Xr cryptsetup 8
98volumes.
99.Pp
100If the
101.Xr dm_target_crypt 4
102target is not built-in, make sure to set up
103.Xr loader.conf 5
104to preload it, since
105.Xr dm 4
106is not able to autoload the targets before
107.Pa /boot
108is mounted.
109.Sh FILES
110.Bl -tag -width ".Pa /etc/crypttab" -compact
111.It Pa /etc/crypttab
112The
113.Nm
114file resides in
115.Pa /etc .
116.El
117.Sh EXAMPLES
118The following line specifies a crypto volume without a keyfile, so
119that a password will be prompted during the boot sequence. Upon
120successful entry of the password the device
121.Pa /dev/mapper/vol1
122will be created.
123.Pp
124.Dl "vol1        /dev/da0s1b    none               none"
125.Pp
126The next example is as the one before but using a keyfile on
127.Pa /boot
128instead of an interactive password prompt.
129.Pp
130.Dl "vol1        /dev/da0s1b    /boot/keyfile.0    none"
131.Pp
132The last example shows the use of the options. It will ask at most 2 times
133for a passphrase and time out after 10 seconds.
134.Pp
135.Dl "vol1        /dev/da0s1b    none               tries=2,timeout=10"
136.Sh SEE ALSO
137.Xr cryptsetup 8
138.Sh HISTORY
139The
140.Nm
141file format appeared in
142.Dx 2.9 .
143