Encrypted Volume and File System v1.1 Administrator's Guide
reading from the EVFS volume. The EVFS subsystem will provide decrypted data to the
strings utility, and strings will find and display the text string you wrote.
3. Verify that applications that bypass EVFS receive encrypted data. To do this, you must
disable EVFS on the volume. Use the following procedure to disable EVFS on the volume:
a. For data consistency, stop all applications accessing the EVFS volume. You can use the
fuser -cu command to determine the processes accessing files and the fuser -cku
command to terminate the processes. See fuser(1M) for more information.
If the data is used by system processes, you might need to terminate the processes by
changing the system runlevel to single-user level with the shutdown utility. See
shutdown(1M) for more information.
b. Use the umount command to unmount the file system. See umount( (1M)) for more
information.
c. Use the following command to disable encryption and decryption access to the volume:
evfsvol disable [-k keyname] evfs_volume_path
See “Disabling Encryption/Decryption Access to EVFS Volumes” (page 81) for more
information.
4. Use the following command to open the EVFS volume for raw access:
evfsvol raw evfs_volume_path
See “Opening Raw Access to EVFS Volumes” (page 83) and the evfsvol( (1M)) manpage for
more information.
CAUTION: After you open the volume for raw access, any entity reading data from the
EVFS volume receives encrypted data. Any entity writing data to the EVFS volume writes
directly to the underlying disk; EVFS does not encrypt the text. HP recommends that you
use the evfsvol raw command only when creating encrypted backup media or restoring
encrypted backup media.
5. Use the strings utility and try to find the text. The strings utility will not find the text
because it receives data from the EVFS volume in encrypted form.
6. Return the EVFS volume to a working state. Close raw access using the following command:
evfsvol close evfs_volume_path
Enable the volume using the following command:
evfsvol enable –k keyname evfs_volume_path
Remount the file system using the mount command.
Example
In the following example, the administrator writes the string TOP SECRET TOP SECRET to the
EVFS volume. When the administrator uses the strings command to search the EVFS volume
for this string, the search is successful. When the administrator searches the underlying LVM
volume for the same string, the search is unsuccessful.
# echo "TOP SECRET TOP SECRET" > /opt/encrypted_data/my_evfs_test
# strings /dev/evfs/vg01/lvol5 | grep "TOP SECRET"
(The strings command finds the string "TOP SECRET" on the EVFS volume.)
TOP SECRET TOP SECRET
(Disable EVFS so we open raw access to the file)
# fuser -cku /opt/encrypted_data
# umount /opt/encrypted_data
# evfsvol disable /dev/evfs/vg01/lvol5
Enter user passphrase: (enter the passphrase)
# evfsvol raw /dev/evfs/vg01/lvol5 (EVFS will print a warning and ask
if you want to continue)
70 Configuring an EVFS Volume