123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- CLEVIS-LUKS-UNLOCKERS(7)
- ========================
- :doctype: manpage
- == NAME
- clevis-luks-unlockers - Overview of clevis luks unlockers
- == OVERVIEW
- Clevis provides unlockers for LUKS volumes which can use LUKS policy:
- * clevis-luks-unlock - Unlocks manually using the command line.
- * dracut - Unlocks automatically during early boot.
- * systemd - Unlocks automatically during late boot.
- * udisks2 - Unlocks automatically in a GNOME desktop session.
- Once a LUKS volume is bound using *clevis luks bind*, it can be unlocked using
- any of the above unlockers without using a password.
- == MANUAL UNLOCKING
- You can unlock a LUKS volume manually using the following command:
- $ sudo clevis luks unlock -d /dev/sda
- For more information, see link:clevis-luks-unlock.1.adoc[*clevis-luks-unlock*(1)].
- == EARLY BOOT UNLOCKING
- If Clevis integration does not already ship in your initramfs, you may need to
- rebuild your initramfs with this command:
- $ sudo dracut -f
- Once Clevis is integrated into your initramfs, a simple reboot should unlock
- your root volume. Note, however, that early boot integration only works for the
- root volume. Non-root volumes should use the late boot unlocker.
- Dracut will bring up your network using DHCP by default. If you need to specify
- additional network parameters, such as static IP configuration, please consult
- the dracut documentation.
- == LATE BOOT UNLOCKING
- You can enable late boot unlocking by executing the following command:
- $ sudo systemctl enable clevis-luks-askpass.path
- After a reboot, Clevis will attempt to unlock all devices listed in
- */etc/crypttab* that have clevis bindings when systemd prompts for their passwords.
- == DESKTOP UNLOCKING
- When the udisks2 unlocker is installed, your GNOME desktop session should
- unlock LUKS removable devices configured with Clevis automatically. You may
- need to restart your desktop session after installation for the unlocker to be
- loaded.
- == SEE ALSO
- link:clevis-luks-unlock.1.adoc[*clevis-luks-unlock*(1)]
- link:clevis-luks-bind.1.adoc[*clevis-luks-bind*(1)]
|