Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
61626364656667686970
Step 2: Performing Inline Encryption
a. Start inline encryption:
# evfsvol iencrypt [-f] [-k keyname] [-c cipher] evfs_volume_path
For more information about the evfsvol iencrypt command, see “iencrypt: Inline
Encryption” (page 67).
b. Enable the EVFS volume:
# evfsvol enable evfs_volume_path
c. Mount the file system to the EVFS volume:
# mount evfs_volume_path file_system
For more information about mounting file systems, see “Step 2: Creating and Mounting a
File System on an EVFS Volume” (page 56)
iencrypt: Inline Encryption
When the EVFS Volume state is “iencrypt in progress” or “iencrypt suspended”, the volume is
not accessible.
When the EVFS Volume state is “iencrypt suspended”, only the following commands can be
applied to the EVFS volume:
evfsvol iencrypt Use this command to resume the inline encryption operation.
evfsvol display Use this command to display the status of the volume.
CAUTION: The following two operations render the volume data irrecoverable.
evfsvol create –f Use this command to recreate the EMD on the volume.
evfsvol destroy Use this command to remove the EMD header from the volume.
The percentage of progress is reported after every 1 MB of data is processed. When the entire
volume is converted successfully, a message is displayed.
If the option -f is specified, we force the operation without prompting.
Suspending an Ongoing Inline Encryption
HP does not recommend suspending an ongoing inline encryption. However, inline encryption
can be a long operation which can take many hours for a large volume. The following common
signals used to stop a process are handled by evfsvol iencrypt:
SIGTERM
SIGHUP
SIGQUIT
SIGABRT
SIGINT
When one of these signals is received by evfsvol iencrypt, the user is shown the followng
prompt:
Are you sure you want to abort inline-encrypting "/dev/evfs/vg00/lvolxx"? Interrupting this operation is not
recommended! Answer [yes/no]:
NOTE: Do not use the SIGKILL signal to terminate an evfsvol iencrypt process (do not
use the command kill -KILL evfsvol-iencrypt-pid).
Re-starting a Suspended Inline Encryption
To resume a previously stopped inline encryption, use the following command:
# evfsvol iencrypt [-k keyname] evfs_volume_path
Option 2: Converting a Volume with Existing Data to an EVFS Volume (Inline Encryption) 67