Encrypted Volume and File System v2.2 Release Notes (777845-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

Encrypted Volume and File System v2.2

Release Notes

HP-UX 11i v3

HP Part Number: 777845-001

Published: April 2014

Summary of content (12 pages)

PAGE 1
Encrypted Volume and File System v2.
PAGE 2
© Copyright 2009, 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Contents HP secure development lifecycle......................................................................4 Encrypted Volume and File System...................................................................5 EVFS documentation.................................................................................................................5 1 EVFS.........................................................................................................6 Features............................................
PAGE 4
HP secure development lifecycle Starting with HP-UX 11i v3 March 2013 update release, HP secure development lifecycle provides the ability to authenticate HP-UX software. Software delivered through this release has been digitally signed using HP's private key. You can now verify the authenticity of the software before installing the products, delivered through this release. To verify the software signatures in signed depot, the following products must be installed on your system: • B.11.31.
PAGE 5
Encrypted Volume and File System This document provides information about the EVFS (Encrypted Volume and File System) version 2.2 (A.02.02.00) only. EVFS documentation For more information about EVFS, see these documents: • Encrypted Volume and File System v2.2 Administrator Guide • Backing Up and Restoring Data on HP-UX EVFS Volumes Using HP OpenView Storage Data Protector 6.0 You can find these documents at: EVFS documentation. The EVFS product is available only in the English language.
PAGE 6
1 EVFS EVFS (Encrypted Volume and File System) is an application-transparent technology providing protection of data at rest. With EVFS, critical files and data at rest (on disk) are stored in encrypted form on disk. EVFS safeguards against compromised use of and unauthorized access to data due to physical theft of storage devices. The data encryption is based on a secret-key cryptosystem and runs as an integrated kernel service transparent to the user.
PAGE 7
EVFS encrypts file data using a unique symmetric encryption key, referred to as the file encryption key.
PAGE 8
Installation requirements EVFS v2.2 requires approximately 12 MB of disk space and has the following software requirements: • HP-UX 11i v3 for HP 9000 servers and HP Integrity servers. • If your system does not automatically reboot when migrating from EVFS version 1.0, you must manually reboot to load the DLKM module. You do not need to reboot if there is no previous version of EVFS installed. • Veritas File System 5.0 (VxFS 5.0). • HP-UX KCM (HP-UX Kernel Crypto Module)—required only for IA.
PAGE 9
• You cannot encrypt the following objects: ◦ Files or disk areas used during system boot. This includes the following objects: – the root file system (/) – the HP-UX kernel directory (/stand) – the /usr directory EVFS cannot decrypt the kernel or other data before the system boots. CAUTION: Encrypting the boot disk can cause the boot disk to become unusable and prevent you from booting the system. ◦ Dump devices. ◦ Swap space (swap devices or file swap space).
PAGE 10
• The evfsadm trace command is intended for use by support personnel only. HP does not support this feature on customer environments. • During inline encryption, the volume is not accessible until the entire operation is completed. • The Multi Volume File System feature of Veritas, which is not supported by EVFS. • EVFS is currently available in English only. • Secure Sessions limit: 16K secure sessions per system. • Volume limit: 1023 encrypted volumes per system. • ServiceGuard version A.11.
PAGE 11
Workaround If you cannot install patch PHCO_39474, use the newfs command instead of the mkfs command to create a VxFS file system. Creation of HFS Filesystem exhibits an unexpected behavior Defect number: QXCR1000900954 Symptom You can successfully create an HFS file system on a physical device or volume (for example, /dev/vg01/lvol1) using the mkfs or newfs command, even though the corresponding EVFS device (/dev/evfs/vg01/lvol1) is already mounted.
PAGE 12
Workaround Resize the VxVM volume and file system in separate operations. Use the vxassist command to increase or decrease the VxVM volume size (or the vxresize command without the –F option). Use the extendfs or fsadm command to resize the file system. Renaming VxVM volumes with EVFS enabled makes the volume unusable The vxedit rename command renames a VxVM volume.