How to create an Encrypted Volume File System
Abstract
This article provides a detail example of the installation of the basic install and configuration procedure of the HP-UX 11i Encrypted Volume File System or EVS for short.
Contents
- 1 Abstract
- 2 Install EVFS product
- 3 Configuring an EVFS pseudouser
- 4 Configuring alternative key database directories
- 5 Checking EVFS global parameters
- 6 Starting the EVFS subsystem
- 7 Creating user key pairs
- 8 Configuring an EVFS volume
- 9 Creating and mounting a file system on an EVFS volume
- 10 Verifying the configuration and the data encryption
- 11 Reference
- 12 Authors
Install EVFS product
EVFS v1.1.1 is supported on HP-UX 11i v2 Update 2 and 11i v3. Software can be obtained at:
For systems running 11i v2 Update 2, the following information may apply:
On systems with PHCO_32488 installed, you must install the patch PHCO_37228. HP strongly recommends that you install the patch PHKL_37146.
Patches on your system from a previous installation of EVFS remain valid.
After you have completed the install of all prerequisites, install the HP-UX 11i Encrypted Volume and File System Software.
# swinstall -s /var/tmp/EVFS_A.01.01.01_HP-UX_B.11.23_IA_PA.depot \*
======= 12/03/08 14:18:53 PST BEGIN install AGENT SESSION (pid=4468)
(jobid=<hostname>-0696)
* Agent session started for user "root@<hostname>".
(pid=4468)
* Beginning Analysis Phase.
* Source:
<hostname>:/var/tmp/EVFS_A.01.01.01_HP-UX_B.11.23_IA_PA.depot
* Target: <hostname>:/
* Target logfile: <hostname>:/var/adm/sw/swagent.log
* Reading source for product information.
* Reading source for file information.
* Executing preDSA command.
NOTE: The used disk space on filesystem "/" is estimated to increase
by 152 Kbytes.
This will leave 1337704 Kbytes of available user disk space
after the installation.
NOTE: The used disk space on filesystem "/stand" is estimated to
increase by 12393 Kbytes.
This will leave 206055 Kbytes of available user disk space
after the installation.
NOTE: The used disk space on filesystem "/usr" is estimated to
increase by 6992 Kbytes.
This will leave 5214912 Kbytes of available user disk space
after the installation.
NOTE: The used disk space on filesystem "/var" is estimated to
increase by 50 Kbytes.
This will leave 8500737 Kbytes of available user disk space
after the installation.
* Summary of Analysis Phase:
* 5 of 5 filesets had no Errors or Warnings.
* The Analysis Phase succeeded.
* Beginning the Install Execution Phase.
* Filesets: 5
* Files: 52
* Kbytes: 6916
* Installing bundle "EVFS,r=A.01.01.01" .
NOTE: Saving the current system file at "/stand/system" to
"/stand/system.prev"
* The current configuration (including any changes being held for
next boot) has been exported to /tmp/get_sysfile.4521.
NOTE: The template file has been extracted from "/stand/vmunix"
It has been placed in "/stand/system" where it will be used
to build a new kernel.
* Installing fileset "EVFS-KRN.EVFS-KRN-RUN,r=A.01.01.01" (1 of
5).
* The automatic 'backup' configuration has been updated.
* /stand/system has been imported. The changes have been applied
to the currently running system.
* Installing fileset "EVFS-EVS.EVFS-EVS-64SLIB,r=A.01.01.01" (2
of 5).
* Installing fileset "EVFS-EVS.EVFS-EVS-MAN,r=A.01.01.01" (3 of
5).
* Installing fileset "EVFS-EVS.EVFS-EVS-RUN,r=A.01.01.01" (4 of
5).
NOTE: A new version of "/etc/evfs/evfs.conf" has been installed on
the system.
NOTE: A new version of "/etc/evfs/evfs_cryptx.conf" has been
installed on the system.
NOTE: A new version of "/etc/evfs/evfstab" has been installed on the
system.
NOTE: A new version of "/etc/rc.config.d/evfs" has been installed on
the system.
* Installing fileset "EVFS-SG.EVFS-SG-RUN,r=A.01.01.01" (5 of
5).
* Running install clean command /usr/lbin/sw/install_clean.
NOTE: tlinstall is searching filesystem - please be patient
NOTE: Successfully completed
* Beginning the Configure Execution Phase.
* Summary of Execution Phase:
* 5 of 5 filesets had no Errors or Warnings.
* The Execution Phase succeeded.
======= 12/03/08 14:20:07 PST END install AGENT SESSION (pid=4468)
(jobid=<hostname>-0696)
Configuring an EVFS pseudouser
Ccheck if EVFS is installed. Check that the evfs user and group exist on the system. In addition, you will configure an alternative EVFS pseudo user if require.
In a rare instance, if you need to reinstall the evfs application, you cannot use the existing user name and group evfs. You will need to create the new user and group, and configure the user attribute in the /etc/evfs/evfs.conf file. In this article, tasks 3 to 5 will give you the opportunity to do this.
Task 1: Verify EVFS installation
1. Verify the installation of evfs using the swlist command.
# swlist -l product EVFS
# Initializing...
# Contacting target "rx26-209"...
#
# Target: rx26-209:/
#
# EVFS A.01.00.01 HP-UX Encrypted Volume and File System (EVFS)
EVFS.EVFS-EVS A.01.00.01 HP-UX Encrypted Volume System
EVFS.EVFS-SG A.01.00.01 HP-UX EVFS Toolkit for MC/ServiceGuard
EVFS.EVFS-KRN A.01.00.01 HP-UX EVFS Kernel Pseudo-Device Driver
Task 2: Check evfs user and group on the system
When you install EVFS, it attempts to create a user evfs and a group evfs. The evfs application uses the evfs user name and evfs internal group.
1. Verify if the user evfs exists on the system.
# pwget –n evfs evfs:*:107:101:EVFS pseudo-user -- Do not delete or use -- Needed by HP-UX EVFS:/home/evfs:/sbin/false
# grget -g 101 evfs::101:
Task 3: Create the group
1. Create a user group reserved for the EVFS pseudouser.
# groupadd my_evfs_group
Task 4: Create the EVFS pseudouser account
1. Create a user to be used exclusively for the evfs subsystem.
# useradd -g my_evfs_group -c "EVFS pseudo-user" -d /home/my_evfs_user -s /usr/bin/false my_evfs_usr
Task 5: Set the evfs_user attribute
1. Verify the default evfs_user attribute in the /etc/evfs/evfs.conf file.
# grep evfs_user /etc/evfs/evfs.conf evfs_user = evfs_usr
2. Set the evfs_user attribute to my_evfs_user using the vi editor or any suitable editor.
Locate the evfs_user parameter in the /etc/evfs/evfs.conf file and change its value to my_evfs_user. Save the file.
# vi /etc/evfs/evfs.conf ... evfs_user = my_evfs_user
Configuring alternative key database directories
This section, shows you how to check the default key locations for the public and private keys, and the passphrase for the owner and the users. Also how to get the structure of the configuration parameters for public/private key and the passphrase, and how to configure them.
Task 1: Examine the default public and private key directories
1. Examine the default directory and the action for the public key in the /etc/evfs/evfs.conf file using the grep command.
# grep pub_key /etc/evfs/evfs.conf pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:continue]
2. Examine the default directory and the action for the private key in the /etc/evfs/evfs.conf file using the grep command.
# grep priv_key /etc/evfs/evfs.conf priv_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:continue]
3. Verify the default public key in the /etc/evfs/evfs.conf file using the grep command.
# grep pass_key /etc/evfs/evfs.conf pass_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:continue]
4. Check and understand the format of the three parameters.
pub_key = library[pkeydir:key_directory,onfail:action]... priv_key = library[pkeydir:key_directory,onfail:action]... pass_key = library[pkeydir:key_directory,onfail:action]...
The following lists the definitions of these parameters.
pub_key | Indicates that the attribute statement specifies EVFS behavior for the user.s public keys. |
priv_key | Indicates that the attribute statement specifies EVFS behavior for the user.s private keys. |
pass_key | Indicates that the attribute statement specifies EVFS behavior for the passphrases that secure the users private keys. |
Library | Specifies the fully qualified pathname of the encryption and storage library. The valid values are:
|
[ | Literal left square bracket. |
key_directory | Specifies the fully qualified pathname of the base directory in which to store key data, such as /etc/evfs/pkey. |
action | Specifies the EVFS action if attempts to write to or read from the key_directory fail. There are two actions, as described below.
|
] | Literal right square bracket |
Task 2: Create fallback directories for nonprivileged users
1. Create the directory /opt/evfskeys.
# mkdir /opt/evfskeys
2. Save the evfs.conf file as evfs.conf.org.
# cp /etc/evfs/evfs.conf /etc/evfs/evfs.conf.org
3. Edit the /etc/evfs/evfs.conf file using vi and change the parameters for the three keys as shown below. Library specifications should be separated by a space. After making the changes, save the configuration file.
pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]
priv_key =/usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]
pass_key =/usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.sopkeydir:/opt/evfskeys,onfail:stop]
Notice that we configured two pkeydir so that nonprivileged users can store their public and private keys in the /opt/evfskeys directory.
4. Verify the changes.
# egrep "pub_key| priv_key| pass_key" /etc/evfs/evfs.conf
pub_key = /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]
priv_key =/ usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/opt/evfskeys,onfail:stop]
pass_key =/usr/lib/evfs/hpux64/libevfs_pkey.so[pkeydir:/etc/evfs/pkey,onfail:
continue] /usr/lib/evfs/hpux64/libevfs_pkey.sopkeydir:/opt/evfskeys,onfail:stop]
Checking EVFS global parameters
To check the global parameters follow this tasks:
Task 1: Examine the Encryption algorithm
1. Examine the default value of the data_cipher parameter in the /etc/evfs/evfs.conf file.
# grep data_cipher /etc/evfs/evfs.conf data_cipher = aes-128-cbc #aes-192-cbc or aes-256-cbc
Task 2: Examine the EMD location
1. Examine the default EMD backup location set using the emd_backup parameter in the /etc/evfs/evfs.conf file.
# grep emd_backup /etc/evfs/evfs.conf emd_backup = /etc/evfs/emd/
For a complete list of global parameters, see evfs.conf(4).
Starting the EVFS subsystem
This section will help you to start the evfs subsystem properly.
Task 1: Start the EVFS subsystem
1. Check the number of processors in the system.
# ioscan –fnkC processor Class I H/W Path Driver S/W State H/W Type Description =================================================================== processor 0 120 processor CLAIMED PROCESSOR Processor processor 1 121 processor CLAIMED PROCESSOR Processor
2. Start evfs with the # processor -1 as the argument as in the multiprocessor environment.
The number of threads for the evfs process is the same as the number of processors in system -1.
# evfsadm start –n 1 EVFS subsystem started.
On single-processor systems, 1 is the only valid thread value. In contrast, on multiprocessor systems, the maximum number of threads is the number of processors in the system minus 1.
Task 2: Verify if the EVFS subsystem is running
1. Check if evfsevold is running on the system.
# ps –ef |grep evfsevold root 11438 11419 0 17:40:05 pts/0 0:00 grep evfs root 25741 0 0 Aug 9 ? 0:02 evfsevold #
Creating user key pairs
Task1: Create keys for EVFS volume owners
1. For creating the key pair for volume owners you can use root as the volume owner.
After you enter the following command, enter the passphrase twice. Then, when prompted to enter a unique passphrase, you can enter the passphrase “evfsevfs”.
# evfspkey keygen –k rootkey1 Enter passphrase:(enter a passphrase) evfsevfs and press <Enter> Re-enter passphrase:(re-enter the passphrase to confirm it)evfsevfs Public/Private key pair "root.rootkey1" has been successfully generated
2. Display the key pair.
# evfspkey lookup –k rootkey1 Key ID: root.rootkey1 Key Cipher: rsa-1536 Public Key Fingerprint: 0f75b8b03f348791bb204e656ac281063ce70a96 Private Key Keywrap: evfs-pbe1 Private Key Fingerprint: 3945e2406f6d95f4ef551d64a595a26d78bc0cc5 Passphrase Keywrap: n/a Passphrase Fingerprint: n/a
Task 2: Create recovery keys
1. It is optional to create a recovery key but safe to create one.
Storing the user's private key is essential because, by default, the key is stored in the present working directory. Copy the key to offline media for safety. When prompted, use the passphrase "evfsevfs".
# evfspkey keygen –c rsa-2048 –r Enter passphrase:(enter a passphrase) evfsevfs and press <Enter> Re-enter passphrase:(re-enter the passphrase to confirm # -r option signifies recovery key and –c option signifies cipher type Public/Private key pair "evfs_usr.evfs_usr" has been successfully generated
Task 3: Create keys for authorized users
You need to create key pairs for evfs volumes so that other users can access, mount, and modify these volumes. The evfs volumes are useful for autostarting the evfs at boot time.
1. Create the key for the user bin.
# evfspkey keygen -s -u bin -k binkey # -s option created a passphrase automatically and stores in the passphrase directory since key is created for user bin we can use auto passphrase generate and store feature of this command. Public/Private key pair "bin.binkey" has been successfully generated Encrypted Volume and File System
Configuring an EVFS volume
You need to identify an unused available disk. You will use this disk to create an LVM logical volume and an evfs volume, and then add the evfs keys into the emd area.
Task 1: Create an LVM or VxVM volume for EVFS
Identify an available unused disk from the system because converting a volume or disk with data to evfs will render it unusable (there are other ways to convert regular vxfs filseystems to evfs); also, evfs cannot encrypt /root, /boot, /stand and swap and dump.
1. Identify available disks in the system using the ioscan command.
# ioscan –fnkC disk
Class I H/W Path Driver S/W State H/W Type Description
============================================================================
disk 0 0/0/2/0.0.0.0 sdisk CLAIMED DEVICE TEAC DV-28E-C
/dev/dsk/c0t0d0 /dev/rdsk/c0t0d0
disk 1 0/1/1/0.0.0 sdisk CLAIMED DEVICE HP 73.4GST373453LC
/dev/dsk/c2t0d0 /dev/rdsk/c2t0d0
disk 2 0/1/1/0.1.0 sdisk CLAIMED DEVICE HP 73.4GST373453LC
/dev/dsk/c2t1d0 /dev/rdsk/c2t1d0
/dev/dsk/c2t1d0s1 /dev/rdsk/c2t1d0s1
/dev/dsk/c2t1d0s2 /dev/rdsk/c2t1d0s2
/dev/dsk/c2t1d0s3 /dev/rdsk/c2t1d0s3
disk 3 0/1/1/1.2.0 sdisk CLAIMED DEVICE HP 73.4GST373454LC
/dev/dsk/c3t2d0 /dev/rdsk/c3t2d0
2. Determine which disk is used in vg00 if LVM is used using the vgdisplay command.
- vgdisplay –v vg00 |grep "PV Name"
PV Name /dev/dsk/c2t1d0s2
3. Identify the swap disk using the swapinfo command.
# swapinfo
Kb Kb Kb PCT START/ Kb
TYPE AVAIL USED FREE USED LIMIT RESERVE PRI NAME
dev 8388608 0 8388608 0% 0 - 1 /dev/vg00/lvol2
reserve - 520980 -520980
memory 4181816 927308 3254508 22%
It seems that swap is on the same disk as the root disk, and there is no other disk used as swap or dump.
4. From the above output, using an elimination process, identify a potential empty available disk, and then verify that using the pvdisplay command.
# pvdisplay –l /dev/dsk/c3t2d0 /dev/dsk/c3t2d0:LVM_Disk=no
This disk is available, so use it for the volume creation.
5. Create a volume group vg01 using an appropriate series of commands.
# mkdir /dev/vg01 # mknod /dev/vg01/group c 64 0x010000 # pvcreate /dev/rdsk/c3t2d0 # vgcreate /dev/vg01 /dev/dsk/c3t2d0
The c column on the previous the device special file name specifies that the group is a character device file. The 64 column is the major number for the group device file; it will always be 64. The 0xnn0000 column is the minor number for the group file in hexadecimal. Each particular nn must be a unique number across all volume groups.
6. Create a 64MB logical volume on the disk.
# lvcreate –L 64 –n lvol1 vg01 Logical volume "/dev/vg01/lvol1" has been successfully created with character device "/dev/vg01/rlvol1". Volume Group configuration for /dev/vg01 has been saved in /etc/lvmconf/vg01.conf
Task 2: Create EVFS volume device files
EVFS uses its own device files to access the logical volumes. Therefore, you need to map each evfs device file to the respective logical volume.
1. Map the evfs device files to the logical volume lvol1 on the volume group vg01.
# evfsadm map /dev/vg01/lvol1 Logical volume "/dev/vg01/lvol1" has been successfully mapped to encrypted volume "/dev/evfs/vg0l/lvol1".
2. Verify the device files created by evfs in the device directory.
# ls /dev/evfs/* /dev/evfs/admin /dev/evfs/vg01: lvol1 rlvol1
Task 3: Create the EMD
1. Create the EMD area on the EVFS volume and specify the owner key pair. When prompted, enter the owner/root passphrase "evfsevfs".
# evfsvol create –k rootkey1 /dev/evfs/vg01/lvol1 Enter owner passphrase:(Enter the passphrase for rootkey1.) Encrypted volume "/dev/evfs/vg01/lvol1" has been successfully created.
Task 4: Add recovery keys and authorized user keys
1. Add the recovery key to the emd area on the evfs volume using the evfsvol command.
# evfsvol add –r /dev/evfs/vg01/lvol1 # -r option to evfsvol command indicates a recovery key. Enter owner passphrase:(Enter owner passphrase.) Encrypted volume "/dev/evfs/vg01/lvol1" has been successfully created
2. Add the authorized user key to the evfs volume. When prompted, give the passphrase for the owner ("evfsevfs").
# evfsvol add –u bin –k binkey /dev/evfs/vg01/lvol1 Enter owner passphrase: (Enter the passphrase for the owner's key.) Key ID "init.initkey" has been successfully added to encrypted volume "/dev/evfs/vg01/lvol1"
Task 5: Enable the EVFS volume
1. Enable the evfs volume using the root user, which is also the owner. To do this, you need to provide the key id and the passphrase "evfsevfs".
# evfsvol enable -k rootkey1 /dev/evfs/vg01/lvol1 Enter passphrase: (Enter the passphrase for the key rootkey1.) Encrypted volume "/dev/evfs/vg01/lvol1" has been successfully enabled.
Creating and mounting a file system on an EVFS volume
Create a file system on the evfs volume and mount it on the mount point created specifically for the volume.
Task 1: Create a new file system with newfs
1. You can create a file system using the standard newfs command, and use the supported file system type. For the purpose of this article, a vxfs is used.
# newfs -F vxfs /dev/evfs/vg01/rlvol1
Task 2: Create the mount point
1. Create the mount point.
# mkdir /opt/encrypted_data
Task 3: Mount the file system on the EVFS volume
1. Mount the file system using the standard mount command.
# mount –F vxfs /dev/evfs/vg01/lvol1 /opt/encrypted_data
2. Add the following entry to the /etc/fstab to automount the evfs volume at boot time. Assuming that evfs is configured to auto start, add this entry using the vi command and save the file.
/dev/evfs/vg01/lvol1 /opt/encrypted_data vxfs defaults 0 2
Verifying the configuration and the data encryption
Verify the configuration and the data encryption of the evfs volume by creating a file on an encrypted volume and trying to access it from a raw device.
Task 1: Verify the configuration
1. After you access data or mount a file system on an EVFS volume that is correctly configured, the output for the evfsadm stat -a command shows nonzero values for the number of blocks read (bpr), written (bpw), decrypted (bpd), and encrypted (bpe).
# evfsadm stat –a
Total EVFS Volumes: 1
EVFS Subsystem Status: up
Active Encryption Threads: 1
---- EVFS Volume Name ----|--- State ---|---------------- Queues -------------|
orr owr odr oer
/dev/evfs/vg01/lvol1 enabled 0 0 0 0
---- EVFS Volume Name ----|--- State ---|-------------- Counters -------------|
bpr bpw bpd bpe
/dev/evfs/vg01/lvol1 enabled 214 721 150 1833
---- EVFS Volume Name ----|--- State ---|---------------- Rates --------------|
kbpsr kbpsw dkbps ekbps
/dev/evfs/vg01/lvol1 enabled 30 16 0 166
2. The evfsvol display evfs_volume_path command displays information about the EVFS volume, including the name of the underlying LVM, VxVM, or physical volume device file, and the names of the keys configured for the EVFS volume.
# evfsvol display /dev/evfs/vg01/lvol1
EVFS Volume Name: /dev/evfs/vg01/lvol1
Mapped Volume Name: /dev/vg01/lvol1
EVFS Volume State: enabled
EMD Size (Kbytes): 520
Max User Envelopes: 1024
Data Encryption Cipher: aes-128-cbc
Digest: sha1
Owner Key ID: root.rootkey1
Recovery Agent Key IDs: evfs_usr.evfs_usr
Total Recovery Agent Keys: 1
User Key IDs: bin.binkey
Total User Keys: 1
Task 2: Verify the data encryption
1. Create a file and write text string into the file on the evfs volume mounted on /opt/encrypted_data.
# echo "EVFS TEST LAB" > /opt/encrypted_data/my_evfs_test
2. Use the strings utility to search the EVFS volume device file.
The text is stored in the underlying LVM, VxVM, or physical volume as encrypted data, but the strings utility reads from the EVFS volume. The EVFS subsystem provides decrypted data to the strings utility, and the strings find and display the text string you wrote.
# strings /dev/evfs/vg01/lvol1 | grep "EVFS TEST LAB" EVFS TEST LAB
3. Verify that applications that bypass EVFS receive encrypted data.
To do this, you must disable EVFS on the volume. Use the following procedure to disable EVFS on the volume.
- A. For data consistency, stop all applications accessing the EVFS volume. You can use the fuser -cu command to determine the processes accessing files, and the fuser –cku command to terminate these processes. If the data is used by system processes, you might need to terminate the processes by changing the system runlevel to a single-user level with the shutdown utility.
# fuser -cku /opt/encrypted_data
- B. Use the umount command to unmount the file system.
# umount /opt/encrypted_data
- C. Use the following command to disable encryption and decryption access to the volume, and enter the passphrase “evfsevfs” when prompted.
# evfsvol disable -k rootkey1 /dev/evfs/vg01/lvol1 Enter passphrase: (enter the passphrase)
4. Use the following command to open the EVFS volume for raw access, and when prompted by the question "yes / no", type yes and press Enter.
# evfsvol raw /dev/evfs/vg01/lvol1
Are you sure you want to enable raw access to "/dev/evfs/vg01/lvol1"?
Raw access returns encrypted data to the user.
Answer [yes/no]: yes <Enter>
Successfully enabled raw access to EVFS volume "/dev/evfs/vg01/lvol1"
Encrypted Volume and File System
5. Use the strings utility and try to find the text. The strings utility will not find the text because it receives data from the EVFS volume in encrypted form.
# strings /dev/vg01/lvol1 | grep "EVFS TEST LAB"
6. Return the EVFS volume to a working state. Close the raw access using the following command.
# evfsvol close /dev/evfs/vg01/lvol1 Successfully closed raw access to EVFS volume "/dev/evfs/vg01/lvol1"
7. Enable the volume using the following command, and then enter the passphrase for rootkey1 "evfsevfs" when prompted.
# evfsvol enable -k rootkey1 /dev/evfs/vg01/lvol1 Enter passphrase: (Enter the passphrase for the key rootkey1.) Encrypted volume "/dev/evfs/vg01/lvol1" has been successfully enabled.
8. Mount the file system.
# mount -F vxfs /dev/evfs/vg01/lvol1 /opt/encrypted_data
The EVFS volume is ready for use.
Reference
Authors
- Luis Nassar Mory
- Alejandro Marin Badilla - Editor