Name
mount.crypt - mount a dm-crypt encrypted volume
Syntax
mount.crypt [-nrv] [-o options] device directory
Options
-o options | |
Set further mount options. mount.crypt will take out its own options it recognizes and passes any remaining options on to the underlying mount program. See below for possible options. | |
-n | Do not update /etc/mtab. Note that this makes it impossible to unmount the volume by naming the container - you will have to pass the mountpoint to umount.crypt. |
-r | Set up the loop device (if necessary) and crypto device in read-only mode. (The mount itself will necessarily also be read-only.) Note that doing a remount using mount /mnt -o remount,rw will not make the mount readwrite. The crypto and loop devices will have to be disassociated first. |
-v | Turn on debugging and be a bit more verbose. |
Mount options
cipher | The cryptsetup cipher used for the encrypted volume. This option is mandatory. pmt-ehd(8) defaults to creating volumes with "aes-cbc-essiv:sha256" as a cipher. |
dm-timeout=seconds | |
Wait at most this many seconds for udev to create /dev/mapper/name after calling cryptsetup(8). The default value is 0 seconds. | |
fsck | Run fsck on the container before mounting it. |
fsk_cipher | |
The OpenSSL cipher used for the filesystem key. The default is "aes-256-cbc". | |
fsk_hash | |
The OpenSSL hash used for producing key and IV. The default is "md5". | |
fstype | The exact type of filesystem in the encrypted container. The default is to let the kernel autodetect. |
keyfile | |
The path to the key file. This option is mandatory for "normal" crypto volumes and should not be used for LUKS volumes. | |
remount | |
Causes the filesystem to be remounted with new options. Note that mount.crypt cannot switch the underlying loop device (if applies) or the crypto device between read-only and read-write once it is created; only the actual filesystem mount can be changed, with limits. If the loop device is read-only, the crypto device will be read-only, and changing the mount to read-write is impossible. Similarly, going from rw to ro will only mark the mount read-only, but not the crypto or loop device, thus making it impossible to set the filesystem the crypto container is located on to read-only. | |
ro | Same as the -r option. |
verbose | |
Same as the -v option. | |
Obsolete mount options
This section is provided for reference.
loop | This option used to set up a loop device, because cryptsetup(8) expects a block device. The option is ignored because mount.crypt can figure this out on its own. |