Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
51525354555657585960
CAUTION: Encrypting the boot disk makes the boot disk unusable and prevents you
from booting the system.
Swap space (swap devices or file swap space).
CAUTION: Encrypting swap space can cause the system to panic.
Dump devices.
b. For data consistency, stop all applications accessing the data. You can use the fuser -cu
command to determine the processes accessing files, and the fuser -cku command to
terminate the processes. For more information, see fuser(1M).
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. For more information, see
shutdown(1M).
c. Back up the data on the volume. This ensures data recovery is possible if an unexpected event
occurs before completion of the operation.
d. Unmount the file system:
# umount file_system
e. Extend the volume if there is no spare disk space at the end of the volume. 3 MB of spare disk
space are required at the end of the volume. Extend the volume by using the lvextend
command on an LVM volume, or the vxassist command on a VxVM volume. If you do not
know if there is spare disk space at the end of the volume, you can check if there is still space
available for you to extend the volume by using the vgdisplay command on a LVM volume
group, or the vxdg command on a VxVM disk group that the volume belongs to.
f. Map the regular volume to an EVS volume:
# evfsadm map volume_name
Step 2: Performing inline encryption
a. Start inline encryption:
# evfsvol iencrypt [-f] [-k keyname] [-c cipher] evfs_volume_path
For more information about the evfsvol iencrypt command, see “iencrypt: Inline
encryption” (page 56).
b. Enable the EVS volume:
# evfsvol enable evfs_volume_path
c. Mount the file system to the EVS volume:
# mount evfs_volume_path file_system
For more information about mounting file systems, see “Step 2: Creating and mounting a file
system on an EVS volume” (page 50).
iencrypt: Inline encryption
When the EVS volume state is iencrypt in progress or iencrypt suspended, the volume
is not accessible.
When the EVS volume state is iencrypt suspended, only the following commands can be
applied to the EVS volume:
evfsvol iencrypt Use this command to resume the inline encryption operation.
evfsvol display Use this command to display the status of the volume.
56 Configuring an EVS volume