Manualshelf

Encrypted Volume and File System v1.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
81828384858687888990
Recovering from EMD Corruption
EVFS stores one backup image of the EMD for each EVFS volume. When you change the owner
of an EVFS volume, or add or delete user keys for a volume, EVFS updates the EMD. Before
EVFS updates the EMD, it stores a backup copy of the current EMD. The evfsvol restore
command restores the backup copy of the EMD for an EVFS volume.
Use the following procedure to restore a backup copy of an EMD:
1. For data consistency, stop all applications accessing the data. You can use the fuser -cu
command to determine the processes accessing files, and the fuser -cku command to
terminate the processes. See fuser(1M) for more information.
If the data is used by system processes, you might need to terminate the processes by
changing the system runlevel to single-user level with the shutdown utility. See shutdown(1M)
for more information.
2. (Optional) Create a cleartext backup copy of the data, or copy the cleartext data from the
EVFS volume to another disk device using a utility such as fbackup, cp, or tar.
3. If you have a file system mounted on the EVFS volume, use the umount command to
unmount the file system. See umount(1M) for more information.
4. Use the following command to disable encryption and decryption on the target volume:
evfsvol disable [-k keyname] evfs_volume_path
See “Disabling Encryption/Decryption Access to EVFS Volumes” (page 81) for more
information.
5. Use the following evfsvol restore command to restore the EMD:
evfsvol restore evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVFS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or
/dev/evfs/dsk/c2t0d1.
6. Use the following command to enable EVFS operation for the volume:
evfsvol enable [-k keyname] evfs_volume_path
See “Enabling Encryption and Decryption Access to EVFS Volumes” (page 80) for more
information.
7. If you had a file system mounted on the EVFS volume, use the mount command to remount
the file system. See mount(1M) for more information.
8. restart applications, as necessary.
EMD Backup Directory
By default, EVFS stores EMD backup images in the directory /etc/evfs/emd. See “Step 3:
(Optional) Modifying EVFS Global Parameters” (page 42) information about changing this
directory path. Ensure there is enough space in this directory to store all the system's backup
EMDs from the encrypted volumes. The storage requirement is approximately 1 MB per encrypted
volume.
Recovering from EMD Corruption 89