Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
d. (Optional) Add recovery keys and authorized user keys.
e. Enable the EVS volume.
Step 1a: Creating an LVM or VxVM volume for EVFS
Skip this step if you are not using LVM or VxVM (if you are directly accessing the whole physical
disk as a physical volume). You will create the EVS volume directly above the physical volume in
the next step.
If you are using LVM or VxVM (you are not directly accessing the physical disk as a physical
volume), use the lvcreate or vxassist command to create a new LVM or VxVM volume to
use for the EVS volume. Include 1 MB for the EVFS Encryption Metadata (EMD) area. Ffor more
information, see lvcreate(1M) or vxassist(1M).
Mirrored volumes
To use an LVM or VxVM mirrored volume for the EVS volume, create or enable mirroring on the
volume before configuring EVFS on the volume. Use the appropriate LVM command (lvcreate
-m or lvextend -m) or VxVM command (vxassist mirror or vxplex att).
CAUTION: You cannot create an LVM or VxVM volume above an EVS volume.
You can create an EVS volume on an existing LVM, VxVM, or physical volume, but any existing
data on the volume is rendered unusable.
Examples
In the following example, the user creates a new LVM volume in the vg01 volume group:
# lvcreate -L 64 -n lvol5 vg01
Logical volume "/dev/vg01/lvol5" has been successfully created with
character device "/dev/vg01/rlvol5".
Volume Group configuration for /dev/vg01 has been saved in
/etc/lvmconf/vg01.conf
In the following example, the user creates a new VxVM volume in the rootdg disk group:
# vxassist -g rootdg make vol05 64m
Step 1b: Creating EVS volume device files
Use the evfsadm map command to create the EVS volume device files by mapping the LVM,
VxVM, or physical volume to EVFS .
You cannot use EVFS with the following objects:
Files or disk areas used during system boot. This includes the following objects:
the root disk (/)
the boot disk
the HP-UX kernel directory (/stand)
the /usr directory"
EVFS cannot decrypt the kernel or other data before the system boots.
CAUTION: Encrypting the boot disk makes the boot disk unusable and prevents you from
booting the system.
Swap space (swap devices or file swap space).
CAUTION: Encrypting swap space can cause the system to panic.
Dump devices.
46 Configuring an EVS volume