Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
51525354555657585960
Option 1
Step 1a: Create an EVS volume. If you are using LVM or VxVM, create a new LVM or VxVM volume
to use as the underlying volume. If you reuse an existing LVM or VxVM volume as the underlying
volume, you will lose all existing data. You can skip this step if you are using whole disk access.
# lvcreate -L 64 -n lvol5 /dev/vg01
Step 1b: Map the new LVM or VxVM volume or physical volume to an EVS volume.
# evfsadm map /dev/vg01/lvol5
Step 1c: Create the EMD on the new EVS volume. The root user (the owner of the key named
rootkey1) will be the volume owner. evfsvol prompts for the passphrase to the owner's private
key.
# evfsvol create -k rootkey1 /dev/evfs/vg01/lvol5
Step 1d: Optional – Add a recovery user key. evfsvol prompts for the passphrase to the owner's
private key.
# evfsvol add -r /dev/evfs/vg01/lvol5
Step 1e: Enable the EVS volume. evfsvol prompts for the passphrase for your key named
rootkey1.
# evfsvol enable -k rootkey1 /dev/evfs/vg01/lvol5
Step 2a: Create a new file system on the character/raw EVS volume.
# newfs -F vxfs /dev/evfs/vg01/rlvol5
Step 2b: Verify the file system.
# fsck /dev/evfs/vg01/rlvol5
Step 2c: Create the directory for the new mount point.
# mkdir /opt/my_secure_dir
Step 2d: Mount the new file system.
# mount -F vxfs /dev/evfs/vg01/lvol5 /opt/my_secure_dir
Step 2e: Optional—Add an entry to /etc/fstab. In this example, the administrator used the
echo command, but you can also use an editor to do this
# echo "/dev/evfs/vg01/lvol5 /opt/my_secure_dir vxfs defaults 0 2" >>
/etc/fstab
Step 3: Verify the EVFS configuration.
# evfsadm stat a
# evfsvol display /dev/evfs/vg01/lvol5
Step 4: Migrate any existing data.
To migrate an existing directory of data to the new EVS volume, follow these steps:
Step 4b: Stop all applications accessing the existing data.
# fuser cu /opt/my_data
# fuser cku /opt/my_data
Step 4d: Copy the existing data to the new EVFS directory.
# cp R /opt/my_data /opt/my_secure_dir
Clean up the old data and create a symbolic link to the EVFS data.
Optionally, configure the autostart feature, as described in “Step 6: (Optional) Configuring the
autostart feature” (page 34). Finally, backup your EVFS configuration and user keys, as described
in “Step 4: Backing up your configuration” (page 59).
60 Configuring an EVS volume