Encrypted Volume and File System v1.1 Administrator's Guide
Step 5: (Optional) Configuring the Autostart Feature
The EVFS autostart feature allows you to enable and mount EVFS volumes automatically at
system startup without manual intervention. You must use the autostart feature for EVFS volumes
that have file systems mounted at system startup (file systems with entries in the /etc/fstab
file).
CAUTION: Using the autostart feature requires you to store passphrases, and stored passphrases
are security risks.
Use the following procedure to configure the autostart feature:
a. Enable EVFS in the /etc/rc.config.d/evfs file. Change the value for EVFS_ENABLED
to 1 as follows:
EVFS_ENABLED = 1
b. Modify the entries in the /etc/evfs/evfstab file for the EVFS volumes that you want
enabled at system startup. You must add a key ID and the boot_local or boot_remote
option. The syntax for each entry is as follows:
v volume_path evfs_volume_path user_name.key_name options
where:
v Specifies that the entry is for an EVFS volume. The EVFS
subsystem automatically adds this field to the
/etc/evfs/evfstab file when you create the EVFS volume
device files.
volume_path The path for the underlying LVM, VxVM, or physical volume
block device file, such as /dev/vg01/lvol5,
/dev/vx/dsk/rootdg/vol05, or /dev/dsk/c2t0d1. The
EVFS subsystem automatically adds this field to the
/etc/evfs/evfstab file when you create the EVFS volume
device files.
evfs_volume_path Specifies the absolute pathname for the EVFS volume block
device file, such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or
/dev/evfs/dsk/c2t0d1. The EVFS subsystem automatically
adds this field to the /etc/evfs/evfstab file when you
create the EVFS volume device file.
user_name.key_name A valid key ID (user name and key pair name) for this EVFS
volume. The key pair must have a stored passphrase.
EVFS uses the stored passphrase to decrypt the private key,
then uses the private key to enable the EVFS volume.
options Following are the valid options for the autostart feature:
boot_local Causes EVFS to enable the EVFS volume
before local file systems in /etc/fstab are
mounted and before NFS and other
networking subsystems are started. Use this
flag if the private key and stored passphrase
used to enable the volume are located on the
root disk of the local system.
boot_local2 Enable the EVFS volume after local file
systems in /etc/fstab are mounted and
before NFS and other networking
subsystems are started. Use this flag if the
private key and stored passphrase used to
62 Configuring an EVFS Volume