Encrypted Volume and File System v2.0 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

Encrypted Volume and File System v2.0

Release Notes

HP-UX 11i v3

HP Part Number: 5992-5031

Published: August 2009

Summary of content (13 pages)

PAGE 1
Encrypted Volume and File System v2.
PAGE 2
© Copyright 2009 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Table of Contents Encrypted Volume and File System...................................................................................5 EVFS Documentation..............................................................................................................................5 1 EVFS.................................................................................................................................7 1.1 Features.................................................................................
PAGE 4
PAGE 5
Encrypted Volume and File System This document provides information about the Encrypted Volume and File System (EVFS) version 2.0 (A.02.00.00) only. EVFS Documentation For more information on EVFS, refer to these documents: : • Encrypted Volume and File System v2.0 Administrator's Guide • Backing Up and Restoring Data on HP-UX EVFS Volumes Using HP OpenView Storage Data Protector 6.0 You can find these documents at: http://docs.hp.com The EVFS product is available only in the English language.
PAGE 6
PAGE 7
1 EVFS EVFS (Encrypted Volume and File System) is an application-transparent technology providing protection of data at rest. With EVFS, critical files and data at rest (on disk) are stored in encrypted form on disk. EVFS safeguards against compromised use of and unauthorized access to data due to physical theft of storage devices. The data encryption is based on a secret-key cryptosystem and runs as an integrated kernel service transparent to the user.
PAGE 8
EVFS uses public/private encryption key to protect volume and file encryption keys. EVFS supports the following public/private key encryption algorithms: — — — • 1024-bit key Rivest-Shamir-Adelman (RSA) 1536-bit key RSA 2048-bit key RSA Passphrase storage and retrieval for automatic start (autostart). EVFS encrypts private keys with passphrases. In normal operation, EVFS prompts the user for the passphrase to decrypt and retrieve the private key.
PAGE 9
• • • • Process management cumulative patch: PHKL_38650 Process-specific Data cumulative patch: PHKL_38800 The fs_spec cumulative patch: PHKL_38936 The fs_util cumulative patch: PHKL_38937 You can download patches from the HP IT Resource Center at: http://www2.itrc.hp.com/service/patch/mainPage.do 1.4 Limitations The EVFS product has the following limitations: • • EVFS operates with LVM, VxVM and physical volumes only. Each EVFS volume is mapped to an underlying LVM, VxVM or physical volume.
PAGE 10
EVFS cannot decrypt the kernel or other data before the system boots. CAUTION: Encrypting the boot disk can cause the boot disk to become unusable and prevent you from booting the system. — — Dump devices. Swap space (swap devices or file swap space). CAUTION: • Encrypting swap space can cause the system to panic. EVFS does not automatically convert existing volume data to encrypted data. To encrypt existing volume data, use the inline encryption feature in this release of EVFS.
PAGE 11
• • • • • • ServiceGuard version A.11.18 or later using modular packages supports EVFS volumes without a file system. On an EFS volume, the file size is limited to a maximum file size minus the size of the EMD (4k). EVFS is not supported with ServiceGuard/SGeRAC shared activation. The following features on ServiceGuard version A.11.
PAGE 12
1.7.1 Creation of VxFS Filesystem Using mkfs on the EVFS (VxVM) Volume Failed. Defect number: QXCR1000900650 Symptom Using the mkfs command to create a VxFS file system on a VxVM volume configured for EVS mode does not work. Solution Install patch PHCO_39474 to get the new mkfs binary. Workaround If you cannot install patch PHCO_39474, use the newfs command instead of the mkfs command to create a VxFS file system. 1.7.
PAGE 13
1.7.4 vxresize -F Can Cause Data Loss or Corruption The vxresize –F command resizes a VxVM volume and the file system mounted on the volume. The vxresize command has no knowledge of EVFS, so if you configure EVFS on a VxVM volume and then execute the vxresize –F command, vxresize does not allocate space for the EVFS data structure (the EMD) on the volume. The vxresize -F command completes, but file operations might fail; data might be lost or corrupted.