Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

Use the following procedure to configure the autostart feature:

a. Enable EVFS in the /etc/rc.config.d/evfs file. Change the value for EVFS_ENABLED

to 1 as follows:

EVFS_ENABLED = 1

b. Modify the entries in the /etc/evfs/evfstab file for the EVS volumes that you want

enabled at system startup. You must add a key ID and the boot_local or boot_remote

option. The syntax for each entry is as follows:

v volume_path evfs_volume_path user_name.key_name options

where:

v Specifies that the entry is for an EVFS volume. The EVFS

subsystem automatically adds this field to the /etc/evfs/

evfstab file when you create the EVFS volume device files.

volume_path The path for the underlying LVM, VxVM, or physical volume

block device file, such as /dev/vg01/lvol5, /dev/vx/dsk/

rootdg/vol05, or /dev/dsk/c2t0d1. The EVFS subsystem

automatically adds this field to the /etc/evfs/evfstab file

when you create the EVFS volume device files.

evfs_volume_path Specifies the absolute pathname for the EVFS volume block

device file, such as /dev/evfs/vg01/lvol5,

/dev/evfs/vx/dsk/rootdg/vol05, or

/dev/evfs/dsk/c2t0d1. The EVFS subsystem automatically

adds this field to the /etc/evfs/evfstab file when you create

the EVFS volume device file.

user_name.key_name A valid key ID (user name and key pair name) for this EVFS

volume. The key pair must have a stored passphrase.

EVFS uses the stored passphrase to decrypt the private key, then

uses the private key to enable the EVFS volume.

options Following are the valid options for the autostart feature:

boot_local Causes EVFS to enable the EVFS volume

before local file systems in /etc/fstab are

mounted and before NFS and other

networking subsystems are started. Use this

flag if the private key and stored passphrase

used to enable the volume are located on the

root disk of the local system.

boot_local2 Enable the EVFS volume after local file

systems in /etc/fstab are mounted and

before NFS and other networking subsystems

are started. Use this flag if the private key

and stored passphrase used to enable the

volume are located on a nonroot disk of the

local system.

If you specify the boot_local2 option, the

system will be unable to automatically mount

a file system on the EVFS volume as part of

the system startup procedure and you must

manually mount the file system.

boot_remote Enable the EVFS volume after NFS and other

networking subsystems are started. Use this

flag if the private key or stored passphrase

32 Preparing EVFS for configuration