evfsvol.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

evfsvol(1M) evfsvol(1M)

(EVFS Software Required)

EXAMPLES

The following command creates a new EMD area on

/dev/evfs/vg01/lvol1

using the key rootkey

owned by the user executing the command:

% evfsvol create -k rootkey -c aes-256-cbc /dev/evfs/vg01/lvol1

The following command destroys the EMD area of

/dev/evfs/vg01/lvol1

. (You must be the EVFS

volume owner to execute this command):

% evfsvol destroy /dev/evfs/vg01/lvol1

The following command adds a new key record to the EMD of

/dev/evfs/vg01/lvol1

. This opera-

tion will allow the user

root2 to have encryption/decryption access to

/dev/evfs/vg01/lvol1

using

his key named

adminkey key:

% evfsvol add -u root2 -k adminkey /dev/evfs/vg01/lvol1

The following command removes access to /dev/evfs/vg01/lvol1

by the user root2 using the key

named

adminkey (only the EVFS volume owner can execute this command):

% evfsvol delete -u root2 -k adminkey /dev/evfs/vg01/lvol1

The following command changes the owner of

/dev/evfs/vg01/lvol1

. The new owner will be

root2 with his rootkey key. (Only the current EVFS volume owner or the holder of the private

recovery key ﬁle can execute this command):

% evfsvol assign -u root2 -k rootkey /dev/evfs/vg01/lvol1

The following command restores the EMD area for /dev/evfs/vg01/lvol1

. (Only users with

superuser capabilities or the appropriate permissions for the device ﬁle can execute this command):

% evfsvol restore /dev/evfs/vg01/lvol1

The following command veriﬁes the integrity of the EMD, owner and recovery records of

/dev/evfs/vg01/lvol1

% evfsvol check /dev/evfs/vg01/lvol1

The following command attempts to recover an EVFS volume that has been corrupted from an accidental

shutdown (

/dev/evfs/vg01/lvol1

) by resetting the EMD dirty bit:

% evfsvol check -r /dev/evfs/vg01/lvol1

The following command enables EVFS encryption/decryption access to

/dev/evfs/vg01/lvol1:

% evfsvol enable -k adminkey /dev/evfs/vg01/lvol1

The following command disables EVFS encryption/decryption access to

/dev/evfs/vg01/lvol1:

% evfsvol disable -k adminkey /dev/evfs/vg01/lvol1

The following command performs an inline encryption on EVFS volume /dev/evfs/vg01/lvol1

% evfsvol iencrypt /dev/evfs/vg01/lvol1

The following command displays all EMD information for conﬁgured encrypted volumes:

% evfsvol display -a

The above command produces the following report:

EVFS Volume Name: /dev/evfs/vg01/lvol5

Mapped Volume Name: /dev/vg01/lvol5

EVFS Volume State: enabled

EMD Size (Kbytes): 520

Max User Envelopes: 1024

Data Encryption Cipher: aes-128-cbc

Digest: sha1

Owner Key ID: root.rootkey1

Recovery Agent Key IDs: evfs.evfs

Total Recovery Agent Keys: 1

User Key IDs: init.initkey

Total User Keys: 1

Fields are deﬁned as follows:

4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010