HP-UX Encrypted Volume and File System Performance and Tuning
3
EVFS Architecture
EVFS consists of user-space tools, key generation and management utilities, and a pseudo-driver. The
heart of EVFS is the pseudo-driver, which encrypts and decrypts data. In Figure 1, the EVFS modules
are colored green.
Figure 1 – EVFS Architecture
The EVFS Subsystem Management module is used to create EVFS keys prior to logical volume
configuration and the EVFS tools are used during the logical volume configuration process. There is
very little system impact from these modules.
The data paths that are tested and documented here originate with user space applications and then
traverse the HP-UX file system – in this case VxFS (JFS) – and then the EVFS Encryption Pseudo-Driver.
Therefore, these tests utilize file system resources such as buffer cache. Note in the diagram above
that there is an arrow that originates at the System Call Interface and bypasses VFS and VxFS to go
directly to the EVFS Encryption Pseudo-Driver. This scenario represents direct disk access through a
device file. This scenario is not profiled for performance in this paper.
The Trusted Platform Module is a companion product to EVFS to provide enhanced key security. It
does not have a performance effect upon EVFS when reading and writing data.
File system | Volume
Trusted Platform
Module (TPM)
Non
-
EVFS Componen
ts
EVFS Components
Encrypted Files and Volumes
Legend:
System call interface
Volume Manager
LVM, VxVM
EVFS Encryption
Pseudo-Driver
EVFS Subsystem
Management
(Key, EMD, Crypto)
Trusted Computing
Platform Services
(TPCS)
Kernel
Hardware
VFS
Physical File System HFS, VxFS
User Space
Kernel
Applications
evfspkey
evfsvol
Public/Private Key
Database
evfsadm