Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
51525354555657585960
CAUTION: The following two operations render the volume data irrecoverable.
evfsvol create –f Use this command to recreate the EMD on the volume.
evfsvol destroy Use this command to remove the EMD header from the volume.
The percentage of progress is reported after every 1 MB of data is processed. When the entire
volume is converted successfully, a message is displayed.
If the option -f is specified, we force the operation without prompting.
Suspending an ongoing inline encryption
HP does not recommend suspending an ongoing inline encryption. However, inline encryption
can be a long operation which can take many hours for a large volume. The following common
signals used to stop a process are handled by evfsvol iencrypt:
SIGTERM
SIGHUP
SIGQUIT
SIGABRT
SIGINT
When one of these signals is received by evfsvol iencrypt, the user is shown the following
prompt:
Are you sure you want to abort inline-encrypting "/dev/evfs/vg00/lvolxx"?
Interrupting this operation is not recommended! Answer [yes/no]:
NOTE: Do not use the SIGKILL signal to terminate an evfsvol iencrypt process (do not use
the command kill -KILL evfsvol-iencrypt-pid).
Re-starting a suspended inline encryption
To resume a previously stopped inline encryption, use the following command:
# evfsvol iencrypt [-k keyname] evfs_volume_path
The f and c options are not valid for a resumed inline encryption. The volume owner key is
needed to resume an operation, and you will be prompted for a passphrase.
Step 3: Verifying the configuration
Use the following commands to verify your EVFS configuration:
evfsadm stat -a
evfsvol display evfs_volume_path
evfsadm stat -a
After you access data or mount a file system on an EVS volume that is correctly configured, the
output for the evfsadm stat -a command shows nonzero values for the number of blocks read
(bpr), written (bpw), decrypted (bpd), and encrypted (bpe). The output is similar to the following:
# evfadm stat -a
----- EVFS statistics -----
Total EVFS Volumes: 1
EVFS Subsystem Status: up
Active Encryption Threads: 2
---- EVFS Volume Name ----|--- State ---|---------------- Queues -------------|
orr owr odr oer
/dev/evfs/vg01/lvol5 enabled 0 0 0 0
Option 2: Converting a volume with existing data to an EVS volume (inline encryption) 57