Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
11121314151617181920
Product limitations and precautions
The EVFS product has the following limitations:
EVFS operates with LVM, VxVM and physical volumes only. Each EVFS volume is mapped to
an underlying LVM, VxVM or physical volume.
You can use an alternate link to specify an LVM or VxVM volume or an alternate device path
to specify a whole disk for the evfsadm map command. However, when creating EVFS
volumes, do not:
Create multiple EVFS volumes that reference the same LVM or VxVM volume
Create multiple EVFS volumes that reference the same physical disk when using whole
disk access
Specify different multipaths to the same physical disk when using whole disk access
Specify persistent and legacy device files that point to the same physical disk
CAUTION: If you create multiple EVFS volumes that reference the same LVM or VxVM volume
or the same whole disk device, data corruption can occur.
You enable EVFS encryption and decryption for an EVFS volume as a single unit. When you
enable EVFS encryption and decryption for a volume, EVFS encrypts and decrypts the data
blocks as the blocks are accessed, and all read operations through the EVFS volume receive
decrypted data as output, and users can access individual files in cleartext. You must use
normal HP-UX file system permissions and access control to restrict access to the data.
You cannot encrypt the following objects:
Files or disk areas used during system boot. This includes the following objects:
the root file system (/)
the HP-UX kernel directory (/stand)
the /usr directory
EVFS cannot decrypt the kernel or other data before the system boots.
CAUTION: Encrypting the boot disk can cause the boot disk to become unusable and
prevent you from booting the system.
Dump devices.
Swap space (swap devices or file swap space).
CAUTION: Encrypting swap space can cause the system to panic.
EVFS does not automatically convert existing volume data to encrypted data. To encrypt
existing volume data, use the inline encryption feature in this release of EVFS.
CAUTION: If you improperly configure EVFS on a volume that already contains data, the
existing data will be unusable.
IMPORTANT: To use inline encryption, 3 MB of spare disk space are required at the end of
the volume, and the minimum volume size must be 4 MB. If the entire volume is used, extend
the volume using lvextend for LVM, or vxassist for VxVM.
To mount a file system on an EVFS volume configured in EVS mode, the EVFS volume must be
enabled and the data transfer to and from the file system must be in cleartext (unencrypted)
Product limitations and precautions 17