Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
41424344454647484950
evfs_volume_path Specifies the absolute pathname for the EVS volume device file, such as
/dev/evfs/vg01/lvol5, /dev/evfs/vx/dsk/rootdg/vol05,
or /dev/evfs/dsk/c2t0d1.
To enable the EVS volume, the evfsvol utility:
Retrieves the passphrase for the owner or authorized user's private key by prompting the user
for the passphrase or by using system data to decrypt the stored passphrase.
Uses the passphrase to decrypt the owner or authorized user's private key.
Uses the private key to decrypt the volume encryption key in the appropriate key record. EVFS
can now use the volume encryption key to encrypt and decrypt the volume data.
NOTE: On IA, if the algorithm used to create the message digest value for EMD is SHA1, EMD
and its backup are updated with the digest value re-computed using SHA2.
Example
The root user enters the following command to enable the EVS volume:
# evfsvol enable -k rootkey1 /dev/evfs/vg01/lvol5
Enter user passphrase:
(Enter the passphrase for the key rootkey1.)
Encrypted volume "/dev/evfs/vg01/lvol5" has been successfully enabled.
Step 2: Creating and mounting a file system on an EVS volume
Use the following procedure to create and mount a file system on an EVS volume. This procedure
is the same as the one used to create and mount a file system on an LVM, VxVM, or physical
volume except that you specify the EVFS character (raw) and block volume device files instead of
the LVM, VxVM, or physical device files.
a. Use the newfs command to create a new file system on the character (raw) EVS volume.
b. (Optional) Use the fsck command to check the integrity of the file volume.
c. Use the mkdir command to create a mount point for the new file system.
d. Mount the file system on the EVS volume.
e. (Optional) Add an entry to the /etc/fstab file for the encrypted volume.
Step 2a: Creating a new file system with newfs
Use the newfs command to create a new file system on the character (raw) EVS volume. For
example:
newfs [-F file_sys_type] raw_evfs_volume_path
where:
-F file_sys_type Specifies the file system type. This must be a file system type
supported by the underlying LVM, VxVM, or physical volume,
such as hfs or vxfs.
raw_evfs_volume_path Specifies the absolute pathname of the character (raw) EVS volume
device file, such as /dev/evfs/vg01/rlvol5, /dev/evfs/
vx/rdsk/rootdg/vol05, or /dev/evfs/rdsk/c2t0d1.
Example
The following example creates a new file system on the character (raw) EVS volume /dev/evfs/
vg01/rlvol5 (the underlying volume is an LVM volume).
# newfs -F vxfs /dev/evfs/vg01/rlvol5
The following example creates a new file system on the character (raw) EVS volume /dev/evfs/
vx/rdsk/rootdg/vol05 (the underlying volume is a VxVM volume).
# newfs -F vxfs /dev/evfs/vx/rdsk/rootdg/vol05
50 Configuring an EVS volume