dracut.cmdline.7: add NOTE about how dracut pipes key to cryptsetup

author Amadeusz Żołnowski <aidecoe@aidecoe.name>

Tue, 31 Jul 2012 10:23:18 +0000 (12:23 +0200)

committer Harald Hoyer <harald@redhat.com>

Tue, 31 Jul 2012 10:28:55 +0000 (12:28 +0200)
author Amadeusz Żołnowski <aidecoe@aidecoe.name>
Tue, 31 Jul 2012 10:23:18 +0000 (12:23 +0200)
committer Harald Hoyer <harald@redhat.com>
Tue, 31 Jul 2012 10:28:55 +0000 (12:28 +0200)
diff --git a/dracut.cmdline.7.asc b/dracut.cmdline.7.asc

index 0b1b8a2..884b223 100644 (file)
--- a/dracut.cmdline.7.asc
+++ b/dracut.cmdline.7.asc
@@ -233,6 +233,29 @@ rd.luks.key=/foo/bar.key
  ----
  +
  As you see, you can skip colons in such a case.
++
+[NOTE]
+===============================
+Dracut pipes key to cryptsetup with _-d -_ argument, therefore you need to pipe
+to crypsetup luksFormat with _-d -_, too!
+
+Here follows example for key encrypted with GPG:
+
+----
+gpg --quiet --decrypt rootkey.gpg \
+| cryptsetup -d - -v \
+--cipher serpent-cbc-essiv:sha256 \
+--key-size 256 luksFormat /dev/sda3
+----
+
+If you use plain keys, just add path to _-d_ option:
+
+----
+cryptsetup -d rootkey.key -v \
+--cipher serpent-cbc-essiv:sha256 \
+--key-size 256 luksFormat /dev/sda3
+----
+===============================
  
  MD RAID
  ~~~~~~~
author	Amadeusz Żołnowski <aidecoe@aidecoe.name>
	Tue, 31 Jul 2012 10:23:18 +0000 (12:23 +0200)
committer	Harald Hoyer <harald@redhat.com>
	Tue, 31 Jul 2012 10:28:55 +0000 (12:28 +0200)