diff options
author | Klaus Zipfel <30482165+systemofapwne@users.noreply.github.com> | 2023-05-06 22:55:05 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-06 21:55:05 +0100 |
commit | 703902400df2eced5374ab396ff5199f29a5db96 (patch) | |
tree | 0ba2d4229e0a89dfbcdd9bb82b57a01e7b8a4a4a /man | |
parent | 3be6943e07c1abfb0b10b62a265ac784b9751e8e (diff) | |
download | systemd-703902400df2eced5374ab396ff5199f29a5db96.tar.gz |
crypttab: Support for VeraCrypt PIM and detached headers for TrueCrypt/VeraCrypt (#27548)
* Added veracrypt-pim=<PIM> LUKS option for crypttab
Diffstat (limited to 'man')
-rw-r--r-- | man/crypttab.xml | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/man/crypttab.xml b/man/crypttab.xml index d587f85289..f977fd694d 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -172,12 +172,11 @@ <varlistentry> <term><option>header=</option></term> - <listitem><para>Use a detached (separated) metadata device or - file where the LUKS header is stored. This option is only - relevant for LUKS devices. See + <listitem><para>Use a detached (separated) metadata device or file + where the header containing the master key(s) is stored. This + option is only relevant for LUKS and TrueCrypt/VeraCrypt devices. See <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> - for possible values and the default value of this - option.</para> + for possible values and the default value of this option.</para> <para>Optionally, the path may be followed by <literal>:</literal> and an <filename>/etc/fstab</filename> device specification (e.g. starting with <literal>UUID=</literal> or @@ -484,6 +483,25 @@ </varlistentry> <varlistentry> + <term><option>veracrypt-pim=</option></term> + + <listitem><para>Specifies a custom Personal Iteration Multiplier (PIM) + value, which can range from 0..2147468 for standard veracrypt volumes + and 0..65535 for veracrypt system volumes. A value of 0 will imply the + VeraCrypt default. + + This option is only effective when <option>tcrypt-veracrypt</option> is + set.</para> + + <para>Note that VeraCrypt enforces a minimal allowed PIM value depending on the + password strength and the hash algorithm used for key derivation, however + <option>veracrypt-pim=</option> is not checked against these bounds. + <ulink url="https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20%28PIM%29.html">See + documentation</ulink> for more information.</para> + </listitem> + </varlistentry> + + <varlistentry> <term><option>timeout=</option></term> <listitem><para>Specifies the timeout for querying for a |