Step 3: Verifying the Configuration

Use the following commands to verify your EVFS configuration:

evfsadm stat -a

evfsvol display evfs_volume_path

evfsadm stat -a

After you access data or mount a file system on an EVFS volume that is correctly configured, the output for the evfsadm stat -acommand shows nonzero values for the number of blocks read (bpr), written (bpw), decrypted (bpd), and encrypted (bpe). The output is similar to the following:

# evfadm stat -a

 

----- EVFS statistics -----

 

Total EVFS Volumes:

1

EVFS Subsystem Status:

up

Active Encryption Threads:

2

----EVFS Volume Name ------- State ------------------- Queues -------------

orr owr odr oer

/dev/evfs/vg01/lvol5

enabled

0

0

0

0

----EVFS Volume Name ------- State ----------------- Counters -------------

bpr bpw bpd bpe

/dev/evfs/vg01/lvol5

enabled

2074

52441

362

52345

----EVFS Volume Name ------- State ------------------- Rates --------------

kbpsr kbpsw dkbps ekbps

/dev/evfs/vg01/lvol5

enabled

25

3

362

34

For descriptions of the output fields, see “Displaying I/O and Encryption Statistics (evfsadm stat)” (page 130) .

evfsvol display evfs_volume_path

The evfsvol display evfs_volume_path command displays information about the EVFS volume, including the name of the underlying LVM, VxVM, or physical volume device file, and the names of the keys configured for the EVFS volume. The output for the evfsvol display evfs_volume_path is similar to the following:

#evfsvol display /dev/evfs/vg01/lvol5

EVFS Volume Name:

/dev/evfs/vg01/lvol5

Mapped Volume Name:

/dev/vg01/lvol5

EVFS Volume State:

enabled

EMD Size (Kbytes):

520

Max User Envelopes:

1024

Data Encryption Cipher:

aes-128-cbc

Digest:

sha1

Owner Key ID:

root.rootkey1

Recovery Agent Key IDs:

evfs.evfs

Total Recovery Agent Keys:

1

User Key IDs:

init.initkey

Total User Keys:

1

See “Displaying EVFS Volume Keys and Operating Parameters (evfsvol display)” (page 131) for more information.

Verifying Data Encryption

You can use the following procedure to verify that EVFS is encrypting data before it is written to the underlying LVM, VxVM, or physical volume:

1.Write text (a character string) to a file on an enabled EVFS volume.

2.Use the strings utility to search the EVFS volume device file. The text is stored in the underlying LVM, VxVM or physical volume as encrypted data, but the strings utility is

Option 1: Creating a New EVFS Volume 59

Page 59
Image 59
HP UX Encrypted Volume and Filesystem (EVFS) Verifying the Configuration, Evfsadm stat -a, Evfsvol display evfsvolumepath