Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
31323334353637383940
emd_backup
The emd_backup attribute specifies the directory EVFS uses to store backup images of EMD
data.
Default: /etc/evfs/emd
pbe
The pbe attribute specifies the encryption library EVFS uses to secure EVFS private keys. On
systems with HP-UX Trusted Computing Services (TCS), you can modify this attribute so that
EVFS uses TCS to secure EVFS private keys.
For more information about using TCS with EVFS, see the HP-UX TCS product documentation.
For a complete list of global parameters, see evfs.conf(4).
Step 4: Starting the EVFS subsystem
You must start the EVFS subsystem to create EVFS keys and volumes. Starting the EVFS subsystem
does not enable encryption of the EVFS volume. You must still create the EVFS volumes and enable
EVFS for each volume.
To start the EVFS subsystem, enter the following command:
evfsadm start [-n number_threads]
where:
-n number_threads Specifies the number of threads to create for EVFS encryption and
decryption processing.
Range: On single-processor systems, 1 is the only valid value.
On multiprocessor systems, the maximum number of threads is the
number of processors in the system.
Default: On single-processor systems, the default is 1.
On multiprocessor systems, the default is the number of processors in
the system minus 1. Setting the number of threads to a lower value can
decrease EVFS throughput.
The evfsadm start command starts the EVFS subsystem by initializing the EVFS pseudo-driver
and starting the evfsevold process. The evfsevold process starts kernel threads for data
encryption and decryption. You must start the EVFS subsystem to generate EVFS user keys and
enable EVFS volumes. This command is automatically executed at system startup if EVFS is enabled
in the /etc/rc.config.d/evfs file. See “Step 5: (Optional) Configuring the autostart feature
(page 31) for more information about enabling EVFS to automatically start at system startup.
CAUTION: Do not write to an encrypted volume when the EVFS subsystem is not running. Doing
so will cause data corruption.
Example
# evfsadm start
EVFS subsystem started.
Step 5: (Optional) Configuring the autostart feature
The EVFS autostart feature allows you to enable and mount EVFS volumes automatically at system
startup without manual intervention. You must use the autostart feature for EVFS volumes that have
file systems mounted at system startup (file systems with entries in the /etc/fstab file).
CAUTION: Using the autostart feature requires you to store passphrases, and stored passphrases
are security risks.
Step 4: Starting the EVFS subsystem 31