Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
31323334353637383940
aes-192-cbc (192-bit AES CBC)
aes-256-cbc (256-bit AES CBC)
A longer key length provides more security, but slows data transfer rates.
Default file cipher for PA: aes-128-cfb
Default file cipher for IA: aes-128-cbc
emd_backup
The emd_backup attribute specifies the directory EVFS uses to store backup images of EMD
data.
Default: /etc/evfs/emd
pbe
The pbe attribute specifies the encryption library EVFS uses to secure EVFS private keys. On
systems with HP-UX Trusted Computing Services (TCS), you can modify this attribute so that
EVFS uses TCS to secure EVFS private keys.
For more information about using TCS with EVFS, see the HP-UX TCS product documentation.
For a complete list of global parameters, see evfs.conf(4).
Step 4: Configuring FIPS compliant EVFS
TIP: Skip this step if you do not want EVFS to be FIPS compliant.
If you want EVFS to be FIPS compliant,
a. Configure HP-UX KCM to enable FIPS mode.
b. Restrict HP-UX EVFS using FIPS qualified cipher suites.
Step 4a: Configure HP-UX KCM to enable FIPS mode
For the steps to configure HP-UX KCM to enable FIPS mode, see Configuring HP-UX KCM section
in the HP-UX Kernel Cryptographic Module User Guide.
Step 4b: Restrict HP-UX EVFS using FIPS qualified cipher suites
You must edit the /etc/evfs/evfs.conf file to set fips attribute to 1. fips is a flag to restrict
EVFS using FIPS qualified cipher suites only.
Step 5: Starting the EVFS subsystem
You must start the EVFS subsystem to create EVFS keys and volumes. Starting the EVFS subsystem
does not enable encryption of the EVFS volume. You must still create the EVFS volumes and enable
EVFS for each volume.
To start the EVFS subsystem, enter the following command:
evfsadm start [-n number_threads]
where:
-n number_threads Specifies the number of threads to create for EVFS encryption and
decryption processing.
Range: On single-processor systems, 1 is the only valid value.
On multiprocessor systems, the maximum number of threads is the
number of processors in the system.
Default: On single-processor systems, the default is 1.
Step 4: Configuring FIPS compliant EVFS 33