Manualshelf

Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
71727374757677787980
-u username Specifies the name of the user for the key pair that corresponds to the passphrase
you want to modify. If you do not specify this argument, evfsvol uses your
user name. You must have superuser or appropriate privileges to specify a
different user.
-k keyname Specifies the name of the key pair that corresponds to the passphrase you want
to modify. If you do not specify this option, evfsvol uses the user name as
the key name.
Recovering from EMD corruption
EVFS stores one backup image of the EMD for each EVS volume. When you change the owner of
an EVS volume, or add or delete user keys for a volume, EVFS updates the EMD. Before EVFS
updates the EMD, it stores a backup copy of the current EMD. The evfsvol restore command
restores the backup copy of the EMD for an EVS volume.
Use the following procedure to restore a backup copy of an EMD:
1. For data consistency, stop all applications accessing the data. You can use the fuser -cu
command to determine the processes accessing files, and the fuser -cku command to
terminate the processes. For more information, see fuser(1M).
If the data is used by system processes, you might need to terminate the processes by changing
the system runlevel to single-user level with the shutdown utility. For more information, see
shutdown(1M).
2. (Optional) Create a cleartext backup copy of the data, or copy the cleartext data from the
EVS volume to another disk device using a utility such as fbackup, cp, or tar.
3. If you have a file system mounted on the EVS volume, use the umount command to unmount
the file system. For more information, see umount(1M).
4. Use the following command to disable encryption and decryption on the target volume:
evfsvol disable [-k keyname] evfs_volume_path
For more information, see “Disabling encryption and decryption access to EVS volumes
(page 64).
5. Use the following evfsvol restore command to restore the EMD:
evfsvol restore evfs_volume_path
where:
evfs_volume_path Specifies the absolute pathname for the EVS volume device file,
such as /dev/evfs/vg01/lvol5,
/dev/evfs/vx/dsk/rootdg/vol05, or /dev/evfs/dsk/
c2t0d1.
6. Use the following command to enable EVFS operation for the volume:
evfsvol enable [-k keyname] evfs_volume_path
For more information, see “Enabling encryption and decryption access to EVS volumes
(page 64).
7. If you had a file system mounted on the EVS volume, use the mount command to remount the
file system. For more information, see mount(1M).
8. restart applications, as necessary.
EMD backup directory
By default, EVFS stores EMD backup images in the directory /etc/evfs/emd. See “Step 3:
(Optional) Modifying EVFS global parameters (page 32) information about changing this directory
path. Ensure there is enough space in this directory to store all the system's backup EMDs from the
encrypted volumes. The storage requirement is approximately 1 MB per encrypted volume.
Recovering from EMD corruption 71