NAME<\/a> systemd-cryptsetup@.service, systemd-cryptsetup \u2212 Full disk decryption logic<\/p>\n systemd\u2212cryptsetup@.service<\/p>\n \/usr\/lib\/systemd\/systemd\u2212cryptsetup<\/p>\n systemd\u2212cryptsetup@.service is a service responsible for setting up encrypted block devices. It is instantiated for each device that requires decryption for access.<\/p>\n systemd\u2212cryptsetup@.service will ask for hard disk passwords via the password agent logic<\/font><\/b> [1]<\/font><\/small> , in order to query the user for the password using the right mechanism at boot and during runtime.<\/font><\/p>\n At early boot and when the system manager configuration is reloaded, \/etc\/crypttab is translated into systemd\u2212cryptsetup@.service units by systemd-cryptsetup-generator<\/b>(8).<\/font><\/p>\n In order to unlock a volume a password or binary key is required. systemd\u2212cryptsetup@.service tries to acquire a suitable password or binary key via the following mechanisms, tried in order:<\/font><\/p>\n 1. If a key file is explicitly configured (via the third column in \/etc\/crypttab), a key read from it is used. If a PKCS#11 token is configured (using the pkcs11\u2212uri=<\/i> option) the key is decrypted before use.<\/font><\/p>\n 2. If no key file is configured explicitly this way, a key file is automatically loaded from \/etc\/cryptsetup\u2212keys.d\/volume<\/i>.key and \/run\/cryptsetup\u2212keys.d\/volume<\/i>.key, if present. Here too, if a PKCS#11 token is configured, any key found this way is decrypted before use.<\/font><\/p>\n 3. If the try\u2212empty\u2212password<\/i> option is specified it is then attempted to unlock the volume with an empty password.<\/font><\/p>\n 4. The kernel keyring is then checked for a suitable cached password from previous attempts.<\/font><\/p>\n 5. Finally, the user is queried for a password, possibly multiple times.<\/font><\/p>\n If no suitable key may be acquired via any of the mechanisms describes above, volume activation fails.<\/font><\/p>\n systemd<\/b>(1), systemd-cryptsetup-generator<\/b>(8), crypttab<\/b>(5), cryptsetup<\/b>(8)<\/font><\/p>\n 1.<\/font><\/p>\n<\/td>\n password agent logic<\/font><\/p>\n<\/td>\n https:\/\/systemd.io\/PASSWORD_AGENTS\/<\/font><\/p>\n systemd-cryptsetup@.service, systemd-cryptsetup \u2212 Full disk decryption logic <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,4,294],"class_list":["post-3150","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-man8","tag-systemd-cryptsetup"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3150"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3150\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
SYNOPSIS<\/a>
DESCRIPTION<\/a>
SEE ALSO<\/a>
NOTES<\/a> <\/p>\n
\nNAME <\/a> <\/h2>\n
SYNOPSIS <\/a> <\/h2>\n
DESCRIPTION <\/a> <\/h2>\n
SEE ALSO <\/a> <\/h2>\n
NOTES <\/a> <\/h2>\n
\n
\n <\/td>\n \n <\/td>\n \n <\/td>\n<\/tr>\n<\/table>\n
\n","protected":false},"excerpt":{"rendered":"