Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

Step 3: Verifying the Configuration

Use the following commands to verify your EVFS configuration:

• evfsadm stat -a

• evfsvol display evfs_volume_path

evfsadm stat -a

After you access data or mount a file system on an EVFS volume that is correctly configured, the

output for the evfsadm stat -a command shows nonzero values for the number of blocks

read (bpr), written (bpw), decrypted (bpd), and encrypted (bpe). The output is similar to the

following:

# evfadm stat -a

----- EVFS statistics -----

Total EVFS Volumes: 1

EVFS Subsystem Status: up

Active Encryption Threads: 2

---- EVFS Volume Name ----|--- State ---|---------------- Queues -------------|

orr owr odr oer

/dev/evfs/vg01/lvol5 enabled 0 0 0 0

---- EVFS Volume Name ----|--- State ---|-------------- Counters -------------|

bpr bpw bpd bpe

/dev/evfs/vg01/lvol5 enabled 2074 52441 362 52345

---- EVFS Volume Name ----|--- State ---|---------------- Rates --------------|

kbpsr kbpsw dkbps ekbps

/dev/evfs/vg01/lvol5 enabled 25 3 362 34

For descriptions of the output fields, see “Displaying I/O and Encryption Statistics (evfsadm

stat)” (page 130) .

evfsvol display evfs_volume_path

The evfsvol display evfs_volume_path command displays information about the EVFS

volume, including the name of the underlying LVM, VxVM, or physical volume device file, and

the names of the keys configured for the EVFS volume. The output for the evfsvol display

evfs_volume_path is similar to the following:

# evfsvol display /dev/evfs/vg01/lvol5

EVFS Volume Name: /dev/evfs/vg01/lvol5

Mapped Volume Name: /dev/vg01/lvol5

EVFS Volume State: enabled

EMD Size (Kbytes): 520

Max User Envelopes: 1024

Data Encryption Cipher: aes-128-cbc

Digest: sha1

Owner Key ID: root.rootkey1

Recovery Agent Key IDs: evfs.evfs

Total Recovery Agent Keys: 1

User Key IDs: init.initkey

Total User Keys: 1

See “Displaying EVFS Volume Keys and Operating Parameters (evfsvol display)” (page 131) for

more information.

Verifying Data Encryption

You can use the following procedure to verify that EVFS is encrypting data before it is written

to the underlying LVM, VxVM, or physical volume:

1. Write text (a character string) to a file on an enabled EVFS volume.

2. Use the strings utility to search the EVFS volume device file. The text is stored in the

underlying LVM, VxVM or physical volume as encrypted data, but the strings utility is

Option 1: Creating a New EVFS Volume 59