Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
51525354555657585960
Step 1: Configuring an EVFS Volume
Use the following procedure to configure an EVFS volume.
a. Create an LVM or VxVM volume for the EVFS volume if you are not using whole disk access.
b. Create EVFS volume device files by mapping the LVM, VxVM, or physical volume to EVFS.
c. Create the EMD area on the EVFS volume.
d. (Optional) Add recovery keys and authorized user keys.
e. Enable the EVFS volume.
Step 1a: Creating an LVM or VxVM Volume for EVFS
Skip this step if you are not using LVM or VxVM (if you are directly accessing the whole
physical disk as a physical volume). You will create the EVFS volume directly above the physical
volume in the next step.
If you are using LVM or VxVM (you are not directly accessing the physical disk as a physical
volume), use the lvcreate or vxassist command to create a new LVM or VxVM volume to
use for the EVFS volume. Include 1 MB for the EVFS Encryption Metadata (EMD) area. See
lvcreate(1M) or vxassist(1M) for more information.
Mirrored Volumes To use an LVM or VxVM mirrored volume for the EVFS volume, create or
enable mirroring on the volume before configuring EVFS on the volume. Use the appropriate
LVM command (lvcreate -m or lvextend -m) or VxVM command (vxassist mirror or
vxplex att).
CAUTION: You cannot create an LVM or VxVM volume above an EVFS volume.
You can create an EVFS volume on an existing LVM, VxVM, or physical volume, but any existing
data on the volume is rendered unusable.
Examples
In the following example, the user creates a new LVM volume in the vg01 volume group:
# lvcreate -L 64 -n lvol5 vg01
Logical volume "/dev/vg01/lvol5" has been successfully created with
character device "/dev/vg01/rlvol5".
Volume Group configuration for /dev/vg01 has been saved in
/etc/lvmconf/vg01.conf
In the following example, the user creates a new VxVM volume in the rootdg disk group:
# vxassist -g rootdg make vol05 64m
Step 1b: Creating EVFS Volume Device Files
Use the evfsadm map command to create the EVFS volume device files by mapping the LVM,
VxVM, or physical volume to EVFS .
You cannot use EVFS with the following objects:
Files or disk areas used during system boot. This includes the following objects:
the root disk (/)
the boot disk
the HP-UX kernel directory (/stand)
the /usr directory"
EVFS cannot decrypt the kernel or other data before the system boots.
Option 1: Creating a New EVFS Volume 51