Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Encrypted Volume and Filesystem (EVFS)
71727374757677787980
Starting and Stopping EVFS
This section describes the following procedures for enabling and disabling EVFS components:
“Starting the EVFS Subsystem” (page 80)
“Enabling Encryption and Decryption Access to EVFS Volumes” (page 80)
“Disabling Encryption/Decryption Access to EVFS Volumes” (page 81)
“Stopping the EVFS Subsystem” (page 82)
“Opening Raw Access to EVFS Volumes” (page 83)
“Closing Raw Access to EVFS Volumes” (page 83)
Starting the EVFS Subsystem
The following evfsadm start command starts the EVFS subsystem by initializing the EVFS
pseudo-driver and starting the evfsevold process. The evfsevold process starts kernel threads
for data encryption and decryption. You must start the EVFS subsystem to generate user keys
and enable EVFS volumes. This command is executed automatically at system startup if EVFS
is enabled in the /etc/rc.config.d/evfs file, as described in “Step 5: (Optional) Configuring
the Autostart Feature” (page 62).
evfsadm start [-n number]
where:
-n number
Specifies the number of threads to create for EVFS encryption and decryption
processing.
Range: On single-processor systems, 1 is the only valid value.
On multiprocessor systems, the maximum number of threads is the number of
processors in the system.
Default: On single-processor systems, the default is 1.
On multiprocessor systems, the default is the number of processors in the system
minus 1. Setting the number of threads to a lower value can decrease EVFS
throughput.
Enabling Encryption and Decryption Access to EVFS Volumes
The following evfsvol enable commands enable EVFS encryption and decryption access to
EVFS volumes. The EVFS volumes must already be configured, as described in “Preparing EVFS
for Configuration” (page 35). You can use the evfsvol enable command in the following
ways:
To enable a single EVFS volume without a stored passphrase:
evfsvol enable [-k keyname] evfs_volume_path
You must be the volume owner or an authorized user for the volume to execute this
command.
To enable a single EVFS volume with a stored passphrase and an entry in the
/etc/evfs/evfstab file:
evfsvol enable -p evfs_volume_path
To enable EVFS encryption and decryption for all volumes in the file /etc/evfs/evfstab
that include a key ID field:
evfsvol enable -a
where:
-a
Causes EVFS to enable encryption and decryption for all volumes in
the /etc/evfs/evfstab file.
80 Administering EVFS