Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
61626364656667686970
-k keyname Specifies the name of the key pair that corresponds to the passphrase you want
to modify. If you do not specify this option, evfsvol uses the user name as
the key name.
Recovering from EMD corruption
EVFS stores one backup image of the EMD for each EVS volume. When you change the owner of
an EVS volume, or add or delete user keys for a volume, EVFS updates the EMD. Before EVFS
updates the EMD, it stores a backup copy of the current EMD. The evfsvol restore command
restores the backup copy of the EMD for an EVS volume.
Use the following procedure to restore a backup copy of an EMD:
1. For data consistency, stop all applications accessing the data. You can use the fuser -cu
command to determine the processes accessing files, and the fuser -cku command to
terminate the processes. See fuser(1M) for more information.
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more
information.
2. (Optional) Create a cleartext backup copy of the data, or copy the cleartext data from the
EVS volume to another disk device using a utility such as fbackup, cp, or tar.
3. If you have a file system mounted on the EVS volume, use the umount command to unmount
the file system. See umount(1M) for more information.
4. Use the following command to disable encryption and decryption on the target volume:
evfsvol disable [-k keyname] evfs_volume_path
See “Disabling encryption and decryption access to EVS volumes” (page 62) for more
information.
5. Use the following evfsvol restore command to restore the EMD:
evfsvol restore evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/
c2t0d1.
6. Use the following command to enable EVFS operation for the volume:
evfsvol enable [-k keyname] evfs_volume_path
See “Enabling encryption and decryption access to EVS volumes” (page 62) for more
information.
7. If you had a file system mounted on the EVS volume, use the mount command to remount the
file system. See mount(1M) for more information.
8. restart applications, as necessary.
EMD backup directory
By default, EVFS stores EMD backup images in the directory /etc/evfs/emd. See “Step 3:
(Optional) Modifying EVFS global parameters (page 30) information about changing this directory
path. Ensure there is enough space in this directory to store all the system's backup EMDs from the
encrypted volumes. The storage requirement is approximately 1 MB per encrypted volume.
Removing a volume from the EVFS subsystem
Use the following procedure to deconfigure EVFS on a volume and remove it from the EVFS
subsystem.
Recovering from EMD corruption 69