diff options
Diffstat (limited to 'debian/initramfs/conf-hook')
| -rw-r--r-- | debian/initramfs/conf-hook | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/debian/initramfs/conf-hook b/debian/initramfs/conf-hook new file mode 100644 index 0000000..8a6a474 --- /dev/null +++ b/debian/initramfs/conf-hook @@ -0,0 +1,39 @@ +# +# Configuration file for the cryptroot initramfs hook. +# + +# +# CRYPTSETUP: [ y | n ] +# +# Add cryptsetup and its dependencies to the initramfs image, regardless +# of _this_ machine configuration. By default, they're only added when +# a device is detected that needs to be unlocked at initramfs stage +# (such as root or resume devices or ones with explicit 'initramfs' flag +# in /etc/crypttab). +# Note: Honoring this setting will be deprecated in the future. Please +# uninstall the 'cryptsetup-initramfs' package if you don't want the +# cryptsetup initramfs integration. +# + +#CRYPTSETUP= + +# +# KEYFILE_PATTERN: ... +# +# The value of this variable is interpreted as a shell pattern. +# Matching key files from the crypttab(5) are included in the initramfs +# image. The associated devices can then be unlocked without manual +# intervention. (For instance if /etc/crypttab lists two key files +# /etc/keys/{root,swap}.key, you can set KEYFILE_PATTERN="/etc/keys/*.key" +# to add them to the initrd.) +# +# If KEYFILE_PATTERN if null or unset (default) then no key file is +# copied to the initramfs image. +# +# WARNING: If the initramfs image is to include private key material, +# you'll want to create it with a restrictive umask in order to keep +# non-privileged users at bay. For instance, set UMASK=0077 in +# /etc/initramfs-tools/initramfs.conf +# + +#KEYFILE_PATTERN= |