Set further mount options. mount.crypt will take out its own options it
recognizes and passes any remaining options on to the underlying mount
program. See below for possible options.
Do not update /etc/mtab. Note that this makes it impossible to unmount the
volume by naming the container - you will have to pass the mountpoint to
Set up the loop device (if necessary) and crypto device in read-only mode.
(The mount itself will necessarily also be read-only.) Note that doing a
remount using `mount /mnt -o remount,rw` will not make the mount
readwrite. The crypto and loop devices will have to be disassociated first.
Turn on debugging and be a bit more verbose.
The cryptsetup cipher used for the encrypted volume. This option is mandatory
for PLAIN (non-LUKS) volumes. pmt-ehd(8) defaults to creating volumes with
"aes-cbc-essiv:sha256" as a cipher.
Wait at most this many seconds for udev to create /dev/mapper/name after
calling cryptsetup(8). The default value is 0 seconds.
Run fsck on the container before mounting it.
The OpenSSL cipher used for the filesystem key. The special keyword "none" can
be used to bypass decryption and pass the file contents directly to
The OpenSSL hash used for producing key and IV.
The exact type of filesystem in the encrypted container. The default is to let
the kernel autodetect.
The cryptsetup hash used for the encrypted volume. This defaults to no hashing,
because pam_mount assumes EHD volumes with strong and simple fskey generation.
The path to the key file. This option is mandatory for "normal" crypto volumes
and should not be used for LUKS volumes.
Causes the filesystem to be remounted with new options. Note that mount.crypt
cannot switch the underlying loop device (if applies) or the crypto device
between read-only and read-write once it is created; only the actual filesystem
mount can be changed, with limits. If the loop device is read-only, the crypto
device will be read-only, and changing the mount to read-write is impossible.
Similarly, going from rw to ro will only mark the mount read-only, but not the
crypto or loop device, thus making it impossible to set the filesystem the
crypto container is located on to read-only.
Same as the -r option.
Same as the -v option.
Obsolete mount options
This section is provided for reference.
This option used to set up a loop device, because cryptsetup(8) expects a block
device. The option is ignored because mount.crypt can figure this out on its