Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

101

102

103

104

105

106

107

108

109

110

10 Creating an EFS volume and file system

This section describes the procedure to configure a new encrypted file system or to convert an

existing file system to an encryption file system:

• Starting the EVFS Subsystem (see “Step 4: Starting the EVFS subsystem” (page 31))

• Creating an LVM or VxVM volume (see “Creating an LVM or VxVM volume” (page 102))

• Mapping the volume to EVFS in EFS mode (see “Mapping the volume to EVFS” (page 102))

• Creating a file system (see “Creating a file system” (page 103))

• Performing operations on an EFS file system (see “Performing operations on an EFS file system”

(page 103))

Creating an LVM or VxVM volume

NOTE: Skip this step if you are not using LVM or VxVM.

Use the lvcreate or vxassist command to create a new LVM or VxVM volume to use for the

file level encryption.

Mapping the volume to EVFS

Similar to volume level encryption, use the evfsadm map command to create the EFS volume

device files by mapping the LVM, VxVM, or physical volume to EVFS. The evfsadm command

stores the EFS volume device files using the same file names as the underlying volume block and

character device files, but in subdirectories under the /dev/evfs directory instead of the /dev

directory.

You cannot use EVFS with the following objects:

• The root disk (/)

• The boot disk

• The HP-UX kernel directory (/stand)

• The /usr directory

• The swap space (swap devices or file swap space)

• Dump devices

• EFS volumes currently cannot be used with NFS

To map an LVM, VxVM, or physical volume to EVFS for file level encryption, enter:

# evfsadm map -f volume_path

The parameters are as follows:

volume_path Specifies the absolute path of the block device file for the underlying LVM,

VxVM, or physical volume, such as /dev/vx/dsk/rootdg/vol01,

/dev/vg01/lvol5, or /dev/dsk/c2d0t0.

-f Specifies file level encryption.

NOTE: A volume can be configured either for file level encryption (EFS) or for volume level

encryption (EVS), but not for both. If you specify the –f option, the volume will have file level

encryption. If you do not specify the –f option, the volume will be used for volume level encryption,

which is the default behavior.

Once the volume is mapped for EFS, the EFS volume is always in the active state. For the evfsvol

command, only the display sub-command is available for the EFS volume. Once the volume is

102 Creating an EFS volume and file system