Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
For more information, see “Step 6: (Optional) Configuring the autostart feature” (page 34).
6. Back up your configuration. Back up all files in the /etc/evfs directory and all subdirectories
below it.
Option 2: Converting an existing volume into an EVS volume (inline encryption)
1. Prepare the file system and data.
1. Verify the file systems or volumes you want to secure with EVFS are suitable for encryption.
2. For data consistency, stop all applications accessing the data.
3. Back up the data on the volume.
4. Unmount the file system:
# umount file_system
5. Extend the volume if there is no spare disk space at the end of the volume. Inline encryption
requires 3MB of spare disk space.
6. Map the volume to an EVFS volume:
# evfsadm map volume_name
2. Perform inline encryption.
1. Start inline encryption:
# evfsvol iencrypt [-f] [-k keyname] [-c cipher] evfs_volume_path
2. Enable the EVS volume:
# evfsvol enable evfs_volume_path
3. Mount the file system to the EVS volume:
# mount evfs_volume_path file_system
3. Verify EVS operation. Use the following commands:
• evfsadm stat -a
• evfsvol display evfs_volume_path
4. (Optional) Configure the EVFS autostart feature. The autostart feature enables you to enable
EVFS encryption and mount file systems on EVS volumes at system startup without manual
intervention. You must have stored passphrases to use the autostart feature.
To configure the autostart feature, edit the /etc/rc.config.d/evfs file to contain the
following entry:
EVFS_ENABLED = 1
You must also edit the /etc/evfs/evfstab file. The syntax for each entry is as follows:
v volume_path evfs_volume_path user_name.key_name options
The options field must contain the keyword boot_local, boot_local2, or boot_remote.
For more information, see “Step 6: (Optional) Configuring the autostart feature” (page 34).
5. Back up your configuration. Back up all files in the /etc/evfs directory and all subdirectories
below it.
Configuring EVS 163