Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
4. Run fsck (if necessary):
# fsck -F vxfs /dev/evfs/vg01/rlvol6
5. Modify /etc/fstab to include the EVFS volume:
# /dev/evfs/vg01/lvol6 /opt/my_data vxfs stackfs=sefs,delaylog 0 2
Unlike volume-level encryption, if you want the system to automatically mount this file system
at system startup time, you do not need to modify the /etc/evfs/evfstab file.
6. Mount the encrypted file system:
# mount -F vxfs -o stackfs=sefs /dev/evfs/vg01/lvol6 /opt/my_data
7. Enter a secure session:
# evfsauth login
8. Enable encryption for a directory:
# cd /opt/my_data; evfsfile set .
9. Create an encrypted file:
# echo "this is an encrypted file" > my_file
The content of my_file is now encrypted.
10. Check if the file my_file is encrypted:
# evfsfile list my_file
EVFS tasks and commands
The following tables provide the command syntax for common EVFS administrative tasks.
Table 6 Starting and stopping EVFS
CommandTask
evfsadm start [-n number_threads]Start the EVFS subsystem.
evfsadm stopStop the EVFS subsystem.
Table 7 Managing EVS volumes
CommandTask
evfsadm map volume_pathMap an LVM, VxVM, or physical
volume to EVFS and create EVFS
device files.
evfsadm unmap evfs_volume_pathUnmap an EVS volume.
evfsvol create [-k keyname] [-f] evfs_volume_pathCreate an EVS volume (generates a
volume encryption key and creates
the EMD).
evfsvol destroy [-f] evfs_volume_pathDestroy an EVS volume (you must be
the volume owner, and the data will
be irrecoverable).
evfsvol enable [-k keyname] evfs_volume_pathEnable an EVS volume without a
stored passphrase.
evfsvol enable -p evfs_volume_pathEnable an EVS volume with a stored
passphrase and key ID in /etc/
evfs/evfstab.
evfsvol enable -aEnable all EVS volumes with key IDs
in /etc/evfs/evfstab.
evfsvol disable [-k keyname] evfs_volume_pathDisable an EVFS volume without a
stored passphrase.
EVFS tasks and commands 165