evfsvol.1m (2010 09)
e
evfsvol(1M) evfsvol(1M)
(EVFS Software Required)
Any user with encryption access to the EVFS volume and appropriate file permissions for
the device file can execute this command.
close Closes raw access to an EVFS volume. After you close raw access, all access to the EVFS
volume is disabled. To enable encrypted/decrypted access to the volume, use the
evfsvol
enable command.
create Generates a volume encryption key and creates an EMD header in the initial blocks of the
volume. Any existing data on the volume will become unusable.
evfsvol checks if an
EMD header already exists on the volume. If it does, and the user did not specify the
-f
(force) option, the operation will fail. This operation also backs up the EMD area for
recovery purposes.
delete Removes a key record from the EMD. Only the EVFS volume owner can execute this com-
mand. The owner of the deleted key record will no longer be able to perform EVFS
encryption/decryption operations on the volume.
destroy Removes an EMD header from an EVFS volume. This operation also removes the EMD
backup. If this operation is successful, the EMD and encrypted data are irrecoverable.
Use this command with caution. You must be the EVFS volume owner to execute this com-
mand.
disable Disables encrypted/decrypted access to the EVFS volume. If the EVFS volume is in use (for
example, if it has a mounted file system), the operation will fail.
You must be the EVFS volume owner or a user with a user key record in the EMD and
appropriate access permissions for the device file to execute this command.
display Prints information about EVFS volume EMDs. Any user with appropriate file permissions
for the device file can execute this command.
enable Enables encrypted/decrypted access to the EVFS volume. EVFS will encrypt all data written
to the EVFS volume and decrypt all data read from the EVFS volume.
You must be the EVFS volume owner or a user with a user key record in the EMD and
appropriate access permissions for the device file to execute this command. If the EVFS
volume is opened for raw access, you must close raw access using the
evfsvol close
command before enabling it.
export Removes an encrypted volume mapping and its EMD backup file. This operation does not
remove the EMD from the volume. Use it in conjunction with the LVM vgexport com-
mand.
iencrypt Converts an existing clear-text volume to an encrypted volume. This operation generates a
volume encryption key, creates an EMD, and encrypts data on the volume. This operation
requires a volume that is at least 4 mega-bytes in size and has at least 3 mega-bytes of
unused disk space at the end of the volume. If there is no unused disk space at the end, the
volume must be extended using lvextend (1M) for LVM or vxassist (1M) for VXVM. If you use
this operation without enough unused disk space, data corruption can occur.
This operation fails if the volume is already encrypted. Once started, the volume is not
accessible until the operation is completed.
If this operation is suspended, you can restart by using the iencrypt command.
Caution: Back up the volume before applying this command as a precaution against any
unexpected events (such as power failure) that can cause data corruption during the conver-
sion.
import Registers a logical volume to the EVFS subsystem. This operation is similar to the
evfsadm map operation, except that that the imported volume already contains an EMD.
Use this command in conjunction with the LVM vgimport command.
raw Opens the EVFS volume for raw access. EVFS will not decrypt data read from the volume
and will not encrypt data written to the volume. Entities reading data from the EVFS
volume will receive encrypted data. Entities writing data to the EVFS volume will write
directly to the underlying disk; EVFS will not encrypt the text. This operation is useful
when creating encrypted backup media and restoring encrypted backup media.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010