Manualshelf

Encrypted Volume and File System v1.1 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
12345678910
EVFS cannot decrypt the kernel or other data before the system boots.
CAUTION: Encrypting the boot disk can cause the boot disk to become unusable and
prevent you from booting the system.
— Dump devices.
— Swap space (swap devices or file swap space).
CAUTION: Encrypting swap space can cause the system to panic.
EVFS does not automatically convert existing volume data to encrypted data. To encrypt
existing volume data, use the inline encryption feature in this release of EVFS.
CAUTION: If you improperly configure EVFS on a volume that already contains data, the
existing data will be unusable.
IMPORTANT: To use inline encryption, 3 MB of spare disk space are required at the end
of the volume, and the minimum volume size must be 4 MB. If the entire volume is used,
extend the volume using lvextend for LVM, or vxassist for VXVM.
To mount a file system on an EVFS volume, EVFS must be enabled and transferring data to
and from the file system in cleartext (unencrypted). Therefore, any executable that uses file
system utilities to read or write data can operate only on cleartext data.
Network file sharing utilities, such as NFS, CIFS, FTP, or rcp, will transmit files in cleartext,
even if the original files reside on an EVFS volume.
If you want to use a backup utility that performs incremental backups or that backs up
individual files, EVFS must be enabled. The backup utility will read the data in cleartext,
even if the original files reside on an EVFS volume. If the target backup device is another
EVFS volume, the target EVFS volume will re-encrypt the data.
If the target backup device is a tape device or other non-EVFS device:
— You must back up the volume as a volume device (as a single unit), not as a file system
or group of files, to create encrypted backup media. You can create encrypted backup
media using block device utilities, such as dd.
— You cannot create encrypted backup media using file-based utilities.
If you use Ignite-UX to create boot or installation media, Ignite-UX will include system files
from the /var, /opt, and /usr directories in the media in addition to the kernel file.
Ignite-UX will read these files in cleartext. If the output media is not an EVFS volume, such
as a tape, Ignite-UX will store these files in cleartext.
EVFS supports alternate links when used with LVM or VxVM. EVFS does not support
alternate links when used with whole disk access.
Executing the command vxresize with the -F option can cause lost or corrupt data. For
more information and a workaround, see “vxresize -F Can Cause Data Loss or Corruption”
(page 8).
Renaming VxVM volumes with EVFS enabled makes the volume unusable. For more
information and a workaround, see “Renaming VxVM Volumes with EVFS Enabled Makes
the Volume Unusable” (page 9).
EVFS is not supported by SAM or SMH.
The evfsadm trace command is intended for use by support personnel only. HP does
not support this feature on customer environments.
During inline encryption, the volume is not accessible until the entire operation is completed.
Known Problems and Limitations 7