systemd-cryptsetup@.service instances are part of the system-systemd\x2dcryptsetup.slice slice, which is destroyed only very late in the shutdown procedure. This allows the encrypted devices to remain up until filesystems have been unmounted.
systemd-cryptsetup@.service will ask for hard disk passwords via the password agent logic, in order to query the user for the password using the right mechanism at boot and during runtime.
At early boot and when the system manager configuration is reloaded, /etc/crypttab is translated into systemd-cryptsetup@.service units by systemd-cryptsetup-generator(8).
In order to unlock a volume a password or binary key is required. systemd-cryptsetup@.service tries to acquire a suitable password or binary key via the following mechanisms, tried in order:
If no suitable key may be acquired via any of the mechanisms describes above, volume activation fails.
- password agent logic