Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
1 Overview
HP-UX Encrypted Volume and File System (EVFS) is an application-transparent technology providing
protection of data at rest.
With EVFS, critical files and data at rest (on disk) are stored in encrypted form on disk. EVFS
safeguards against compromised use of and unauthorized access to data due to physical theft of
storage devices. The data encryption is based on a secret-key cryptosystem and runs as an integrated
kernel service transparent to the user. On IA, EVFS is integrated with HP-UX KCM (Kernel Crypto
Module). On IA, HP-UX EVFS is FIPS-compliant when used with HPUX-KCM 2.1. For more information
about configuring EVFS for FIPS compliance, see “Step 4: Configuring FIPS compliant EVFS”
(page 33).
With HP-UX EVFS, disks and volumes can be configured to be used in one of two modes:
volume-level encryption (EVS) or file-level encryption (EFS).
NOTE:
• EVS is supported with HP-UX 11i v2 update 2 and later.
• EFS is supported with HP-UX 11i v3 and later.
• You can use a volume or a disk for either EFS or EVS, but not both.
This chapter discusses the following topics:
• “EVFS architecture” (page 14)
• “Features and benefits” (page 15)
• “Supported software” (page 17)
• “Product limitations and precautions” (page 18)
EVFS architecture
Figure 1 shows the EVFS architecture. It illustrates how the encryption is done for the data that is
stored in volume (EVS) and files (EFS).
14 Overview