Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
• EFS Secure Session
In order to use EFS, a user needs to be in an EFS secure session (see evfsauth(1)) This session
contains all the necessary credential for a user to access and operate on encrypted files.
Secure session credentials are inherited by its child processes.
• Key Management
EVFS provides its own local key management system. It supports encryption keys for both EVS
and EFS. The concept of key manager is introduced in EVFS 2.0.
Supported software
Software used with EVFS can be categorized into three types:
Type 1 Applications without kernel components. EVFS volumes configured in EVS mode support
Type 1 software. EVFS volumes configured in EFS mode support Type 1 software if the
data is accessed using the evfsxfr command or in a secure session. Examples of
Type 1 software include FTP, rcp, CIFS Server, and Oracle® Database 10g. (This list
is not exhaustive and is included only to provide examples of Type 1 software.)
Type 2 Software with kernel modules that access the file system (Virtual File System, VFS, or
HFS or VxFS). EVFS volumes configured in EVS mode support Type 2 software. EVFS
volumes configured in EFS mode do not support Type 2 software, unless specifically
stated. The NFS server daemon is an example of Type 2 software. Therefore, the NFS
client and server cannot be used with EFS volumes.
Type 3 Software with kernel components that directly access physical volumes and implement
file system or volume management functionality. EVFS does not supprt Type 3 software.
Examples of Type 3 software include Oracle Automatic Storage Management (ASM),
and file systems other than HFS and VxFS, such as Veritas Cluster File System (CFS)
and Clearcase Multiversion File System (MVFS). (This is not an exhaustive list and is
included only to provide examples of Type 3 software.)
Figure 2 illustrates the data paths for the software types described in the preceding list.
Supported software 17