Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

161

162

163

164

165

166

167

168

169

170

Option 1: Creating a new EVS volume

1. Configure the EVS volume:

a. Create an LVM or VxVM volume if you are not creating the EVS volume directly above

a whole physical volume:

# lvcreate -L lv_size [options]vgfile (LVM)

# vxassist -g group make volume_name size (VxVM)

b. Create the EVFS device files:

CAUTION: Any data on the underlying LVM, VxVM, or physical volume will be

overwritten in subsequent steps, so HP recommends that you specify an empty volume.

# evfsadm map volume_path

c. Create the EMD and assign an owner for the volume:

# evfsvol create -k keyname [-c cipher]evfs_volume_path

d. (Optional) Add recovery and authorized user keys to the volume:

# evfsvol add -r [-k keyname]evfs_volume_path

# evfsvol add -u user [-k keyname]evfs_volume_path

e. Enable encryption and decryption access for the EVS volume:

# evfsvol enable [-k keyname]evfs_volume_path

2. Create and mount a new file system on the EVS volume:

a. Use the newfs command to create a new file system on the raw EVFS volume device

file:

# newfs [-F file_sys_type ] /dev/evfs/raw_evfs_volume_path

b. (Optional) Use the fsck command to check the integrity of the file system:

# fsck [-F file_sys_type] raw_evfs_volume_path

c. Use the mkdir command to create the mount point:

# mkdir mount_point

d. Mount the file system on the EVS volume:

# mount [-F file_sys_type] evfs_volume_path mount_point

e. Add an entry to the /etc/fstab file for the encrypted volume. The syntax for the entry

is as follows:

evfs_volume_path mount_point file_sys_type [options]

3. Verify EVS operation. Use the following commands:

• evfsadm stat -a

• evfsvol display evfs_volume_path

4. (Optional) Migrate existing data to the EVFS volume by copying data from a non-EVFS volume

to an EVFS volume. For more information, see “Step 4: (Optional) Migrating existing data to

an EVS volume” (page 54)

5. (Optional) Configure the EVFS autostart feature. The autostart feature enables you to enable

EVFS encryption and mount file systems on EVS volumes at system startup without manual

intervention. You must have stored passphrases to use the autostart feature.

To configure the autostart feature, edit the /etc/rc.config.d/evfs file to contain the

following entry:

EVFS_ENABLED = 1

You must also edit the /etc/evfs/evfstab file. The syntax for each entry is as follows:

v volume_path evfs_volume_path user_name.key_name options

The options field must contain the keyword boot_local, boot_local2, or boot_remote.

162 EVFS quick reference