oracular (8) mount.crypto_LUKS.8.gz

Provided by: libpam-mount-bin_2.20-3build2_amd64 bug

Name

       mount.crypt - mount a dm-crypt encrypted volume

Syntax

       mount.crypt [-nrv] [-o options] device directory

Options

       -o options
              Set  further mount options. mount.crypt will take out its own options it recognizes
              and passes any remaining options on to the underlying mount program. See below  for
              possible options.

       -n     Do  not  update /etc/mtab. Note that this makes it impossible to unmount the volume
              by naming the container - you will have to pass the mountpoint to umount.crypt.

       -r     Set up the loop device (if necessary) and crypto device in  read-only  mode.   (The
              mount  itself  will necessarily also be read-only.) Note that doing a remount using
              `mount /mnt -o remount,rw` will not make the mount readwrite. The crypto  and  loop
              devices will have to be disassociated first.

       -v     Turn on debugging and be a bit more verbose.

Mount options

       header A detached (separated) metadata file where the LUKS header is stored. It correlates
              with the `cryptsetup --header` option. If omitted, the detached LUKS header feature
              is not used.

       allow_discard
              Enables  discard  passthrough support. This option does not cause the filesystem to
              be mounted with discard enabled, but does allow fstrim to be manually run.

       no_read_workqueue
              Bypass internal workqueue and process read requests synchronously.

       no_write_workqueue
              Bypass internal workqueue and process write requests synchronously.

       cipher The cryptsetup cipher used for the encrypted volume. This option is  mandatory  for
              PLAIN   (non-LUKS)   volumes.   pmt-ehd(8)   defaults   to  creating  volumes  with
              "aes-cbc-essiv:sha256" as a cipher.

       crypto_name
              Select the name for the crypto device (optional). This  option  is  currently  only
              usable with dm-crypt systems.

       fsck   Run fsck on the container before mounting it.

       fsk_cipher
              The  OpenSSL  cipher used for the filesystem key. The special keyword "none" can be
              used to bypass decryption and pass the file contents directly to libcryptsetup.

       fsk_hash
              The OpenSSL hash used for producing key and IV.

       fstype The exact type of filesystem in the encrypted container. The default is to let  the
              kernel autodetect.

       hash   The  cryptsetup  hash  used  for the encrypted volume. This defaults to no hashing,
              because pam_mount assumes EHD volumes with strong and simple fskey generation.

       keyfile
              The path to the key file. This option is mandatory for "normal" crypto volumes  and
              should not be used for LUKS volumes.

       remount
              Causes  the  filesystem  to  be  remounted  with new options. Note that mount.crypt
              cannot switch the underlying loop device (if applies) or the crypto device  between
              read-only  and  read-write once it is created; only the actual filesystem mount can
              be changed, with limits. If the loop device is read-only, the crypto device will be
              read-only,  and  changing  the mount to read-write is impossible.  Similarly, going
              from rw to ro will only mark the mount  read-only,  but  not  the  crypto  or  loop
              device,  thus  making  it  impossible to set the filesystem the crypto container is
              located on to read-only.

       ro     Same as the -r option.

       verbose
              Same as the -v option.

Obsolete mount options

       This section is provided for reference.

       loop   This option used to set up a loop device, because  cryptsetup(8)  expects  a  block
              device. The option is ignored because mount.crypt can figure this out on its own.