Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
31323334353637383940
On multiprocessor systems, the default is the number of processors in
the system minus 1. Setting the number of threads to a lower value can
decrease EVFS throughput.
The evfsadm start command starts the EVFS subsystem by initializing the EVFS pseudo-driver
and starting the evfsevold process. The evfsevold process starts kernel threads for data
encryption and decryption. You must start the EVFS subsystem to generate EVFS user keys and
enable EVFS volumes. This command is automatically executed at system startup if EVFS is enabled
in the /etc/rc.config.d/evfs file. For more information about enabling EVFS to automatically
start at system startup, see “Step 6: (Optional) Configuring the autostart feature” (page 34).
CAUTION: Do not write to an encrypted volume when the EVFS subsystem is not running. Doing
so will cause data corruption.
Example
# evfsadm start
EVFS subsystem started.
Step 6: (Optional) Configuring the autostart feature
The EVFS autostart feature allows you to enable and mount EVFS volumes automatically at system
startup without manual intervention. You must use the autostart feature for EVFS volumes that have
file systems mounted at system startup (file systems with entries in the /etc/fstab file).
CAUTION: Using the autostart feature requires you to store passphrases, and stored passphrases
are security risks.
Use the following procedure to configure the autostart feature:
a. Enable EVFS in the /etc/rc.config.d/evfs file. Change the value for EVFS_ENABLED
to 1 as follows:
EVFS_ENABLED = 1
b. Modify the entries in the /etc/evfs/evfstab file for the EVS volumes that you want
enabled at system startup. You must add a key ID and the boot_local or boot_remote
option. The syntax for each entry is as follows:
v volume_path evfs_volume_path user_name.key_name options
where:
v Specifies that the entry is for an EVFS volume. The EVFS
subsystem automatically adds this field to the /etc/evfs/
evfstab file when you create the EVFS volume device files.
volume_path The path for the underlying LVM, VxVM, or physical volume
block device file, such as /dev/vg01/lvol5, /dev/vx/dsk/
rootdg/vol05, or /dev/dsk/c2t0d1. The EVFS subsystem
automatically adds this field to the /etc/evfs/evfstab file
when you create the EVFS volume device files.
evfs_volume_path Specifies the absolute pathname for the EVFS volume block
device file, such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or
/dev/evfs/dsk/c2t0d1. The EVFS subsystem automatically
adds this field to the /etc/evfs/evfstab file when you create
the EVFS volume device file.
user_name.key_name A valid key ID (user name and key pair name) for this EVFS
volume. The key pair must have a stored passphrase.
34 Preparing EVFS for configuration