[PATCH v3 3/3] docs: Add documentation on detached header option to cryp

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 3/3] docs: Add documentation on detached header option to cryp

From:	Glenn Washburn
Subject:	[PATCH v3 3/3] docs: Add documentation on detached header option to cryptomount
Date:	Wed, 8 Jun 2022 10:34:04 -0500

Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
---
 docs/grub.texi | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/docs/grub.texi b/docs/grub.texi
index 1a7cd8e93..3c7217f0e 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -4526,19 +4526,26 @@ Alias for @code{hashsum --hash crc32 arg @dots{}}. See 
command @command{hashsum}
 @node cryptomount
 @subsection cryptomount
 
-@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile 
[@option{-O} keyoffset] [@option{-S} keysize] ] ] device|@option{-u} 
uuid|@option{-a}|@option{-b}
+@deffn Command cryptomount [ [@option{-p} password] | [@option{-k} keyfile 
[@option{-O} keyoffset] [@option{-S} keysize] ] ] [@option{-H} file] 
device|@option{-u} uuid|@option{-a}|@option{-b}
 Setup access to encrypted device. A passphrase will be requested interactively,
 if neither the @option{-p} nor @option{-k} options are given. The option
 @option{-p} can be used to supply a passphrase (useful for scripts).
 Alternatively the @option{-k} option can be used to supply a keyfile with
 options @option{-O} and @option{-S} optionally supplying the offset and size,
-respectively, of the key data in the given key file.
-
+respectively, of the key data in the given key file. The @option{-H} options 
can
+be used to supply cryptomount backends with an alternative header file (aka
+detached header). Not all backends have headers nor support alternative header
+files (currently only LUKS1 and LUKS2 support them).
 Argument @var{device} configures specific grub device
 (@pxref{Naming convention}); option @option{-u} @var{uuid} configures device
 with specified @var{uuid}; option @option{-a} configures all detected encrypted
 devices; option @option{-b} configures all geli containers that have boot flag 
set.
 
+Devices are not allowed to be given as key files nor as detached header files.
+However, this limitation can be worked around by using blocklist syntax. So
+for instance, @code{(hd1,gpt2)} can not be used, but @code{(hd1,gpt2)0+} will
+achieve the desired result.
+
 GRUB suports devices encrypted using LUKS, LUKS2 and geli. Note that necessary
 modules (@var{luks}, @var{luks2} and @var{geli}) have to be loaded manually
 before this command can be used. For LUKS2 only the PBKDF2 key derivation
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 0/3] Cryptomount detached headers, Glenn Washburn, 2022/06/08
- [PATCH v3 1/3] disk: Allow read hook callback to take read buffer to potentially modify it, Glenn Washburn, 2022/06/08
- [PATCH v3 2/3] cryptodisk: Add support for using detached header files, Glenn Washburn, 2022/06/08
- [PATCH v3 3/3] docs: Add documentation on detached header option to cryptomount, Glenn Washburn <=
- Re: [PATCH v3 0/3] Cryptomount detached headers, Daniel Kiper, 2022/06/09

Prev by Date: [PATCH v3 2/3] cryptodisk: Add support for using detached header files
Next by Date: Re: [PATCH] docs: Document undocumented variables
Previous by thread: [PATCH v3 2/3] cryptodisk: Add support for using detached header files
Next by thread: Re: [PATCH v3 0/3] Cryptomount detached headers
Index(es):
- Date
- Thread