HP HP-UX Encrypted Volume and Filesystem Administrator's Guide

Encrypted Volume and File System v1.1 Administrator's Guide

HP-UX 11i v2 Update 2 and 11i v3

HP Part Number: 5992-4122 Published: May 2008

Confidential computersoftware. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial

Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under

vendor's standardcommercial license.The informationcontained hereinis subject to change without notice. The only warranties forHP products

and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as

constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. UNIX is a registered

trademark of The Open Group.

Trademark Notice

Oracle® is a registered US trademark of Oracle Corporation, Redwood City, California.

About This Document.......................................................................................................15

Intended Audience................................................................................................................................15

Document Organization.......................................................................................................................15

Typographic Conventions.....................................................................................................................15

Related Information..............................................................................................................................16

HP Encourages Your Comments..........................................................................................................16

1 EVFS Introduction.........................................................................................................17

Features and Benefits............................................................................................................................17

EVFS Architecture.................................................................................................................................19

EVFS Data Flow...............................................................................................................................20

Encryption Metadata (EMD)...........................................................................................................20

EVFS Encryption Keys.....................................................................................................................20

Volume Encryption Keys...........................................................................................................21

User Keys....................................................................................................................................21

Passphrases...........................................................................................................................21

Using HP-UX Trusted Computing Services with EVFS.............................................................21

How EVFS Uses Keys.................................................................................................................22

Creating an EVFS Volume....................................................................................................22

Enabling an EVFS Volume....................................................................................................22

Key Names and Key IDs..................................................................................................................23

User Key and Passphrase Storage...................................................................................................23

File Names..................................................................................................................................23

Alternate Storage Databases and Distributed Key Storage.......................................................23

User Key Privileges.........................................................................................................................24

User Privileges and Permissions................................................................................................24

EVFS Volume Owner Keys.........................................................................................................24

Recovery Keys............................................................................................................................24

Authorized User Keys................................................................................................................24

Summary of Key Type and Privileged User Capabilities................................................................24

EVFS Commands.............................................................................................................................25

Supported Software..............................................................................................................................26

Product Limitations and Precautions...................................................................................................27

Known Problems...................................................................................................................................29

Possible Device File Collision..........................................................................................................29

Symptoms...................................................................................................................................29

Workaround...............................................................................................................................29

Feedback and Enhancement Requests..................................................................................................30

2 Installation.....................................................................................................................31

Prerequisites..........................................................................................................................................32

Hardware Requirements.................................................................................................................32

Disk Space Requirements...........................................................................................................32

Operating System Requirements.....................................................................................................32

Patch Requirements and Recommendations...................................................................................32

Required Patches........................................................................................................................32

Recommended Patches...............................................................................................................32

System Reboot.................................................................................................................................32

Installing EVFS......................................................................................................................................33

Table of Contents 3

Upgrading from EVFS v1.0 to EVFS v1.1.............................................................................................34

3 Preparing EVFS for Configuration..............................................................................35

Verifying for Preconfiguration..............................................................................................................35

Preparation Overview...........................................................................................................................36

Step 1: Configuring an Alternate EVFS Pseudo-User...........................................................................37

Step 1a: Setting the evfs_user Attribute..........................................................................................37

Example......................................................................................................................................37

Step 1b: Creating the User Group....................................................................................................37

Example......................................................................................................................................37

Step 1c: Creating the EVFS Pseudo-User Account..........................................................................37

Example......................................................................................................................................37

Step 2: (Optional) Configuring Alternate Key Database Directories...................................................39

Syntax for pub_key, priv_key, and pass_key Attribute Statements................................................39

Key Storage Directory Requirements..............................................................................................40

Default pub_key, priv_key and pass_key Attribute Statements.....................................................40

Example: Alternate Directory for Public Keys................................................................................41

Example: NFS Directory for Public and Private Keys.....................................................................41

Example: Fallback Directory for Nonprivileged Users...................................................................41

Step 3: (Optional) Modifying EVFS Global Parameters........................................................................42

Step 4: Starting the EVFS Subsystem....................................................................................................43

Example...........................................................................................................................................43

Step 5: Creating User Key Pairs............................................................................................................44

Guidelines for Creating User Keys..................................................................................................44

Creating Keys for EVFS Volume Owners........................................................................................44

Example......................................................................................................................................45

Creating Recovery Keys..................................................................................................................45

Storing the recovery user's Private Key.....................................................................................45

Examples....................................................................................................................................45

Creating Keys for authorized users.................................................................................................46

Examples....................................................................................................................................46

Examples...............................................................................................................................................47

User Session.....................................................................................................................................47

4 Configuring an EVFS Volume......................................................................................49

Configuration Overview.......................................................................................................................49

Option 1: Creating a New EVFS Volume..............................................................................................50

Step 1: Configuring an EVFS Volume..............................................................................................51

Step 1a: Creating an LVM or VxVM Volume for EVFS..............................................................51

Examples...............................................................................................................................51

Step 1b: Creating EVFS Volume Device Files.............................................................................51

Examples...............................................................................................................................52

Step 1c: Creating the EMD.........................................................................................................52

Example.................................................................................................................................53

Step 1d: (Optional) Adding Recovery Keys and authorized user Keys....................................53

Step 1e: Enabling the EVFS Volume...........................................................................................54

Example.................................................................................................................................55

Step 2: Creating and Mounting a File System on an EVFS Volume................................................56

Step 2a: Creating a New File System with newfs.......................................................................56

Example.................................................................................................................................56

Step 2b: (Optional) Using fsck to Check the File Volume..........................................................56

Example.................................................................................................................................56

Step 2c: Creating the Mount Point.............................................................................................57

4 Table of Contents

Example.................................................................................................................................57

Step 2d: Mount the File System on the EVFS Volume...............................................................57

Example.................................................................................................................................57

Step 2e: (Optional) Adding an Entry to /etc/fstab......................................................................57

Example.................................................................................................................................58

Step 3: Verifying the Configuration.................................................................................................59

evfsadm stat -a............................................................................................................................59

evfsvol display evfs_volume_path.............................................................................................59

Verifying Data Encryption.........................................................................................................59

Example.................................................................................................................................60

Step 4: (Optional) Migrating Existing Data to an EVFS Volume.....................................................61

Example......................................................................................................................................61

Step 5: (Optional) Configuring the Autostart Feature.....................................................................62

Step 6: Backing Up Your Configuration..........................................................................................64

Option 2: Converting a Volume with Existing Data to an EVFS Volume (Inline Encryption).............65

Step 1: Preparing the File System and Data....................................................................................66

Step 2: Performing Inline Encryption..............................................................................................67

iencrypt: Inline Encryption........................................................................................................67

Suspending an Ongoing Inline Encryption..........................................................................67

Re-starting a Suspended Inline Encryption..........................................................................67

Step 3: Verifying the Configuration.................................................................................................69

evfsadm stat -a............................................................................................................................69

evfsvol display evfs_volume_path.............................................................................................69

Verifying Data Encryption.........................................................................................................69

Example.................................................................................................................................70

Step 4: (Optional) Configuring the Autostart Feature.....................................................................72

Step 5: Backing Up Your Configuration..........................................................................................74

Examples...............................................................................................................................................75

Option 1...........................................................................................................................................75

Korn Shell Script for Creating an EVFS Volume and File System.............................................76

Option 2...........................................................................................................................................76

5 Administering EVFS......................................................................................................79

Starting and Stopping EVFS.................................................................................................................80

Starting the EVFS Subsystem..........................................................................................................80

Enabling Encryption and Decryption Access to EVFS Volumes.....................................................80

Disabling Encryption/Decryption Access to EVFS Volumes..........................................................81

Stopping the EVFS Subsystem........................................................................................................82

Opening Raw Access to EVFS Volumes..........................................................................................83

Closing Raw Access to EVFS Volumes............................................................................................83

Managing EVFS Keys and Users..........................................................................................................84

Displaying Key IDs for an EVFS Volume........................................................................................84

Syntax.........................................................................................................................................84

Example......................................................................................................................................84

Restoring User Keys........................................................................................................................84

Changing Owner Keys for an EVFS Volume...................................................................................86

Recovering from Problems with Owner Keys.................................................................................87

Removing Keys from an EVFS Volume...........................................................................................87

Removing User Keys or Stored Passphrase from the EVFS Key Database.....................................87

Changing the Passphrase for a Key.................................................................................................87

Creating or Changing a Stored Passphrase for an Existing Key.....................................................88

Recovering from EMD Corruption.......................................................................................................89

EMD Backup Directory...................................................................................................................89

Removing a Volume from the EVFS Subsystem...................................................................................90

Table of Contents 5

Exporting and Importing EVFS Volumes.............................................................................................91

Exporting an EVFS Volume.............................................................................................................91

Importing an EVFS Volume.............................................................................................................93

6 Managing Data on EVFS Volumes.............................................................................95

Limitations and Known Problems When Using EVFS with Volume Managers and File Systems......96

Creating a New EVFS Volume Overwrites Existing Data...............................................................96

vxresize –F Might Cause Data Loss or Corruption.........................................................................96

Workaround...............................................................................................................................96

Renaming VxVM Volumes with EVFS Enabled Makes the Volume Unusable..............................96

Workaround...............................................................................................................................96

Resizing EVFS Volumes and File Systems............................................................................................97

LVM Example: Increasing Volume and File System Sizes..............................................................97

Correct........................................................................................................................................97

Incorrect......................................................................................................................................98

LVM Example: Reducing Volume and File System Sizes................................................................98

Correct........................................................................................................................................98

Incorrect......................................................................................................................................98

VxVM Example: Increasing Volume and File System Sizes............................................................99

Correct........................................................................................................................................99

Incorrect......................................................................................................................................99

VxVM Example: Reducing Volume and File System Sizes.............................................................99

Correct........................................................................................................................................99

Incorrect....................................................................................................................................100

7 Backing Up and Restoring Data on EVFS Volumes................................................101

Backing Up EVFS Volumes.................................................................................................................102

Backups Using LVM Mirrored Volumes.......................................................................................105

Creating Encrypted Backup Media on a Non-EVFS Device (LVM Mirrored Volumes) .........105

Example...............................................................................................................................106

Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility

(LVM Mirrored Volumes).........................................................................................................107

Example...............................................................................................................................108

Creating Encrypted Backup Media on a Second EVFS Volume Using a File Utility (LVM

Mirrored Volumes)...................................................................................................................109

Example...............................................................................................................................110

Creating Cleartext Backup Media (LVM Mirrored Volumes)..................................................111

Example: Block Device Utility............................................................................................111

Example: File Utility............................................................................................................111

Backups Using VxVM Mirrored Volumes.....................................................................................112

Creating Encrypted Backup Media on a Non-EVFS Device (VxVM Mirrored Volumes).......112

Example...............................................................................................................................113

Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility

(VxVM Mirrored Volumes)......................................................................................................115

Example...............................................................................................................................116

Creating Encrypted Backup Media on a Second EVFS Volume Using a File Utility (VxVM

Mirrored Volumes)...................................................................................................................117

Example...............................................................................................................................118

Creating Cleartext Backup Media (VxVM Mirrored Volumes)...............................................120

Example: Block Device Utility..................................................................................................120

Example: File Utility.................................................................................................................120

Backups Using Nonmirrored Volumes.........................................................................................121

Creating Encrypted Backup Media to a Non-EVFS Device (Nonmirrored Volumes).............121

6 Table of Contents

Example...............................................................................................................................122

Creating Encrypted Backup Media on a Second EVFS Volume Using a Block Device Utility

(Nonmirrored Volumes)...........................................................................................................123

Example...............................................................................................................................123

Creating Encrypted Backup Media on a Second EVFS Volume Using a File Utility

(Nonmirrored Volumes)...........................................................................................................124

Example...............................................................................................................................124

Creating Cleartext Backup Media to a Non-EVFS Device (Nonmirrored Volumes)...............124

Restoring Backup Media.....................................................................................................................125

Restoring Encrypted Backup Media from a Non-EVFS Device to an EVFS Volume....................125

Example....................................................................................................................................126

Restoring Backup Data from an EVFS Volume to an EVFS Volume.............................................126

Example....................................................................................................................................127

8 Troubleshooting EVFS................................................................................................129

Troubleshooting Tools Overview........................................................................................................129

Displaying EVFS Volume Information...............................................................................................130

Displaying I/O and Encryption Statistics (evfsadm stat)..............................................................130

Syntax.......................................................................................................................................130

Examples..................................................................................................................................130

Displaying EVFS Volume Keys and Operating Parameters (evfsvol display)..............................131

Syntax.......................................................................................................................................131

Example....................................................................................................................................131

Verifying the EMD (evfsvol check).....................................................................................................133

Syntax.............................................................................................................................................133

Example.........................................................................................................................................133

Verifying User Keys (evfspkey lookup)..............................................................................................134

Syntax.............................................................................................................................................134

Example.........................................................................................................................................134

Problem Scenarios...............................................................................................................................135

evfspkey Cannot Generate Key Pairs............................................................................................135

Symptom..................................................................................................................................135

Description...............................................................................................................................135

Solution.....................................................................................................................................135

evfspkey Cannot Store Keys..........................................................................................................135

Symptom..................................................................................................................................135

Description...............................................................................................................................135

Solution.....................................................................................................................................135

evfsvol Cannot Retrieve Private Key.............................................................................................136

Symptom..................................................................................................................................136

Description...............................................................................................................................136

Solution.....................................................................................................................................136

evfsvol create Fails, EVFS Device File Not Found in evfstab File.................................................136

Symptom..................................................................................................................................136

Description...............................................................................................................................136

Solution.....................................................................................................................................136

evfsvol create Fails, Valid EMD Already Exists.............................................................................136

Symptom..................................................................................................................................136

Description...............................................................................................................................137

Solution.....................................................................................................................................137

evfsvol disable Fails, EVFS Volume Is Busy..................................................................................137

Symptom..................................................................................................................................137

Description...............................................................................................................................137

Solution.....................................................................................................................................137

Table of Contents 7

evfsadm map Fails, Invalid Device................................................................................................137

Symptom..................................................................................................................................137

Description...............................................................................................................................137

Solution.....................................................................................................................................137

EMD Is Dirty..................................................................................................................................138

Symptom..................................................................................................................................138

Description...............................................................................................................................138

Solution.....................................................................................................................................138

Reporting Problems............................................................................................................................139

Collecting Data..............................................................................................................................139

A Product Specifications...............................................................................................141

User Files.............................................................................................................................................142

Commands and Tools.........................................................................................................................143

B EVFS Quick Reference...............................................................................................145

Preparing EVFS...................................................................................................................................146

Configuring EVFS...............................................................................................................................146

Option 1: Creating New EVFS Volume.........................................................................................147

Option 2: Converting an Existing Volume into an EVFS Volume (Inline Encryption).................148

EVFS Tasks and Commands...............................................................................................................149

C Using EVFS with Serviceguard.................................................................................153

EVFS and Serviceguard Overview......................................................................................................153

Requirements.................................................................................................................................153

Restrictions.....................................................................................................................................154

Configuration Overview.....................................................................................................................155

Step 1: Installing EVFS........................................................................................................................156

Step 2: Creating the Serviceguard Storage Infrastructure..................................................................157

Creating an LVM Serviceguard Storage Infrastructure.................................................................157

Configuration Node.................................................................................................................157

Adoptive Nodes.......................................................................................................................157

Creating a VxVM Serviceguard Storage Structure........................................................................157

Configuration Node.................................................................................................................157

Adoptive Nodes.......................................................................................................................158

Step 3: Configuring EVFS on the Configuration Node.......................................................................159

Step 3a: Creating a Cluster Key Pair..............................................................................................159

Step 3b: Adding the Cluster Keys to the EMD..............................................................................159

Step 3c: Modifying /etc/evfs/evfstab Entries.................................................................................159

Step 3d: Preparing EVFS Volumes for Adoptive Nodes...............................................................160

Step 4: Configuring EVFS Volumes on the Adoptive Nodes..............................................................161

Step 4a: Copying the EVFS Configuration Files and Keys............................................................161

Step 4b: Restoring the Cluster Key Pair Files................................................................................161

Step 4c: Creating a Local Passphrase File......................................................................................161

Step 4d: Activating the LVM Volume Group or VxVM Group on the Adoptive Node................161

LVM..........................................................................................................................................161

VxVM........................................................................................................................................161

Step 4e: Mapping the LVM or VxVM Volumes to EVFS...............................................................162

Step 4f: Modifying the /etc/evfs/evfstab File.................................................................................162

Step 4g: Verifying EVFS.................................................................................................................162

Step 4h: Deactivating the Volumes................................................................................................162

Step 4i: Configuring the Autostart Feature...................................................................................163

Step 5: Configuring Serviceguard using Modular packages..............................................................164

8 Table of Contents

Step 5a: Halting an Existing Package.............................................................................................164

Step 5b: Installing the EVFS Attribute Definition File ..................................................................164

Step 5c: Copying the EVFS Control and Module Scripts .............................................................164

Step 5d: Creating a Modular Package Configuration File.............................................................165

Step 5e: Migrating a Legacy Package Configuration File .............................................................165

Step 5f: Adding the EVFS package to the Configuration File ......................................................165

Step 5g: Adding the EVFS Volumes to the Package Configuration File.......................................166

LVM and VxVM Modular package example...........................................................................166

LVM Example......................................................................................................................166

VxVM Example...................................................................................................................166

Step 5h: Verifying the Script..........................................................................................................166

Step 6: Configuring Serviceguard using Legacy packages.................................................................167

Step 6a: Halting an Existing Package.............................................................................................167

Step 6b: Creating the Package Configuration File.........................................................................167

Step 6c: Creating a Package Control Script....................................................................................167

Step 6d: Converting a Package Control Script...............................................................................167

Converting a Package Control Script.......................................................................................167

Modifying the Package Configuration File..............................................................................168

Step 6e: Adding the EVFS Volumes to the Package Control Script...............................................168

LVM and VxVM Legacy package example..............................................................................168

LVM Example......................................................................................................................168

VxVM Example...................................................................................................................168

Step 6f: Installing the EVFS Control Script....................................................................................168

Step 6g: Verifying the Script..........................................................................................................168

Glossary.........................................................................................................................169

Index...............................................................................................................................171

Table of Contents 9

List of Figures

1-1 EVFS Data Flow.............................................................................................................................20

1-2 Encryption Metadata (EMD) and Volume Encryption Keys........................................................21

1-3 Enabling an EVFS Volume............................................................................................................23

1-4 Software Types..............................................................................................................................26

List of Tables

1-1 Key Types and User Capabilities..................................................................................................25

7-1 Backup Types with LVM or VxVM Mirrored Volumes...............................................................103

7-2 Backup Types with Nonmirrored Volumes.................................................................................104

8-1 EVFS Troubleshooting Tasks and Commands............................................................................129

B-1 Starting and Stopping EVFS........................................................................................................149

B-2 Managing EVFS Volumes............................................................................................................149

B-3 Managing EVFS Keys and Users.................................................................................................150

B-4 Troubleshooting EVFS.................................................................................................................151

About This Document

This document describes how to install, configure, and troubleshoot the Encrypted Volume and File System version 1.1 (EVFS v1.1) product.

You can find the latest version of this on line at http://docs.hp.com/en/internet.html.

Intended Audience

This document is intended for system and network administrators responsible for installing, configuring, and managing EVFS. Administrators are expected to have knowledge of operating system concepts, commands, and configuration.

It is helpful to have knowledge of HP-UX system administration, including disk and file system administration.

This document is not a tutorial.

Document Organization

This document is organized as follows:

“EVFS Introduction” This chapter describes EVFS features, components, and

“Installation” This chapter explains how to install EVFS. “Preparing EVFSfor Configuration” This chapter explains how to prepare for EVFS

“Configuring an EVFS Volume” This chapter explains how to configure an EVFS Volume. “Administering EVFS” This chapter explains how to start and stop EVFS, manage

“Managing Data on EVFS Volumes” This chapter addresses limitations and workarounds when

“Backing Up and Restoring Data on EVFS Volumes”

“Troubleshooting EVFS” This chapter describes EVFS troubleshooting tools, and

“Product Specifications” This appendix lists the user files and the commands

“EVFS Quick Reference” This appendix provides a quick reference guide of the EVFS

“Using EVFS with Serviceguard” This appendix describes how to configure EVFS volumes

product restrictions.

configuration.

EVFS keys and users, and perform other administrative tasks.

using EVFS with volume managers and file systems. This chapter describes how to back up and restore data on

EVFS volumes.

how to find solutions for common problems.

included with the EVFS product.

configuration procedure and EVFS tasks and commands.

in an HP Serviceguard cluster.

Typographic Conventions

This document uses the following typographical conventions:

%, $, or #

audit(5) A manpage. The manpage name is audit, and it is located in

Command Computer output

A percent sign represents the C shell system prompt. A dollar sign represents the system prompt for the Bourne, Korn, and POSIX shells. A number sign represents the superuser prompt.

Section 5. A command name or qualified command phrase. Text displayed by the computer.

Intended Audience 15

Ctrl+x A key sequence. A sequence such as Ctrl+x indicates that you

must hold down the key labeled Ctrl while you press another key or mouse button.

ENVIRONMENT VARIABLE The name of an environment variable, for example, PATH. [ERROR NAME] Key The name of a keyboard key. Return and Enter both refer to the

Term The defined use of an important word or phrase.

User input

Variable

[] The contents are optional in syntax. If the contents are a list

{} The contents are required in syntax. If the contents are a list

... The preceding element can be repeated an arbitrary number of

 Indicates the continuation of a code example. | Separates items in a list of choices. WARNING A warning calls attention to important information that if not

CAUTION A caution calls attention to important information that if not

IMPORTANT This alert provides essential information to explain a concept or

NOTE A note contains additional information to emphasize or

The name of an error, usually returned in the errno variable.

same key.

Commands and other text that you type. The name of a placeholder in a command, function, or other

syntax display that you replace with an actual value.

separated by |, you must choose one of the items.

times.

understood or followed will result in personal injury or nonrecoverable system problems.

understood or followed will result in data loss, data corruption, or damage to hardware or software.

to complete a task

supplement important points of the main text.

Related Information

The following documents contain useful and related information:

• Encrypted Volume and File System v1.1 (EVFS v1.1) Release Notes

• Managing Systems and Workgroups: A Guide for HP-UX System Administrators

• Managing Serviceguard

HP Encourages Your Comments

HP encourages your comments concerning this document. We are committed to providing documentation that meets your needs.

Send comments to: netinfo_feedback@cup.hp.com

Include documenttitle, manufacturing part number, and anycomment, error found, or suggestion for improvement you have concerning this document. Also, please include what we did right so we can incorporate it into other documents.

1 EVFS Introduction

This chapter provides introductory information about the Encrypted Volume and File System (EVFS) product. This chapter addresses the following topics:

• “Features and Benefits” (page 17)

• “EVFS Architecture” (page 19)

• “Supported Software” (page 26)

• “Product Limitations and Precautions” (page 27)

• “Known Problems” (page 29)

• “Feedback and Enhancement Requests” (page 30)

Features and Benefits

EVFS protects data by encrypting data volumes to protect data at rest – data on disks. You can also use EVFS to create encrypted backup media. EVFS prevents anyone who gains unauthorized physical access to storage media from reading or using the data.

EVFS creates EVFS volumes, which are pseudo-devices (or virtual devices) layered on Logical Volume Manager (LVM), Veritas Volume Manager (VxVM), or physical volume devices. You can use the newfs command to create a file system on an EVFS volume just as you would create a file system on an LVM, VxVM, or physical volume. The EVFS subsystem encrypts data written to an EVFS volume and decrypts data read from an EVFS volume as needed.

EVFS provides the following features:

• Data protection that is file-system independent.

EVFS supports all disk file system types that can be mounted on a LVM, VxVM, or physical volume, including High Performance File System (HFS) and Veritas File System (VxFS, also referred to as Journaled File System, or JFS).

• Application transparency.

EVFS volumes areimplemented as pseudo-devices below the HP-UX file system. Nochanges to applications are necessary. EVFS is compatible with network file sharing utilities, such as Network File System (NFS) and Common Internet File System (CIFS), and with network file access utilities, such as File Transfer Protocol (FTP) and remote copy (rcp).

• High-performance bulk data encryption using symmetric keys.

EVFS encrypts volume data using a symmetric encryption key, referred to as the volume

encryption key. EVFS supports the following symmetric key algorithms for encrypting

volume data:

— 128-bit key Advanced Encryption Standard Cipher Block Chaining (AES CBC) mode — 192-bit key AES CBC mode — 256-bit key AES CBC mode

• Public/private keys for symmetric key storage.

EVFS uses public/private encryption key to store volume encryption keys. EVFS supports the following public/private key encryption algorithms:

— 1024-bit key Rivest-Shamir-Adelman (RSA) — 1536-bit key RSA — 2048-bit key RSA

• Passphrase storage and retrieval for automatic start (autostart).

EVFS encrypts private keys with passphrases. In normal operation, EVFS prompts the user for the passphrase to decrypt and retrieve the private key. To enable EVFS operation during system startup without human intervention, EVFS provides a mechanism to store a user's

Features and Benefits 17

passphrase in a file, encrypted with system-specific data. At system startup, EVFS can automatically retrieve stored passphrases and use the passphrases to execute EVFS commands.

CAUTION: Stored passphrases provide convenience, but they are security risks.

• DLKM Support

This version of EVFS is DLKM aware. The kernel module of EVFS can be loaded into the running kernel without needing to rebuild or reboot. The kernel module can also be unloaded on demand from the running kernel without needing to rebuild or reboot the system.

• In-line Encryption

This feature allows conversion of an existing volume with clear-text data into an EVFS managed encrypted volume without doubling the amount of storage. Inline encryption is handled offline, and the volume is not accessible during the process until the entire operation is completed.

• Kernel Tracing

The evfsadm trace command traces and captures EVFS kernel code flow information in order to facilitate debugging and analysis on a live system. This command is intended for use by support personnel only. HP does not support this feature on Customer Environments.

• Large I/O Performance

EVFS performance for large I/O requests is increased by the implementation of simultaneous data processing.

• LVM DLO Support

LVM version 2.0 with DLO is supported by this release of EVFS on 11i v3.

• Serviceguard A.11.18 Support

Serviceguard A.11.18 is supported by this release of EVFS on 11i v2 Update 2 and 11i v3.

• Maximum Number of Volumes Support

The maximum number of volumes which can be mapped to EVFS supported by this release is 1023, an increase from 127.

18 EVFS Introduction

EVFS Architecture

This section describes the following EVFS features:

• EVFS data flow

• Encryption metadata (EMD)

• EVFS encryption keys

• EVFS commands

EVFS Architecture 19

EVFS Data Flow

(decrypts data read by upper layer )

(encrypts data written to lower layer )

File System

LVM

EVFS

DB or Direct-Access Application

= Non -encrypted Data

= Encrypted Data

VxVM

Physical Disks

EVFS isimplemented using a pseudo-driver that operates on the EVFS volumes. An EVFS volume is stacked between the underlying volume (a LVM, VxVM, or physical volume) and an upper layer. The upper layer can be a file system or an application that reads data from and writes data directly to the EVFS volume, such as a database application.

When the upper layer file writes data, the EVFS pseudo-driver encrypts the data before writing it to the underlying volume. When the upper layer reads data, the pseudo-driver decrypts the data from the underlying volume and provides the decrypted data to the upper layer. If the upper layer caches data to the lower layer, such as a file system with buffer caching enabled, all data in the buffer cache is in cleartext (it is not encrypted). Figure 1-1 shows a simplified EVFS data flow.

Figure 1-1 EVFS Data Flow

IMPORTANT: After encryptionand decryption for an EVFS volume is enabled, all readoperations

performed on the EVFS volume output decrypted data. You must use normal HP-UX file system permissions and access control to restrict access to the data.

Encryption Metadata (EMD)

Each EVFS volume has a set of encryption attributes, or encryption metadata (EMD) associated with it. The EMD is stored as part of the EVFS volume. The data stored in the EMD includes operating parameters for the EVFS volume, such as the data encryption algorithm, and copies of the volume encryption key. The copies of the volume encryption key are encrypted ("wrapped") by user keys, as described in the following section.

EVFS Encryption Keys

20 EVFS Introduction

EVFS uses two types of encryption keys:

• Symmetric keys to encrypt data, referred to as volume encryption keys

• Public/private key pairs to protect volume encryption keys, also referred to as user keys

EVFS also uses passphrases to protect private keys.

Volume Encryption Keys

Encryption Metadata (EMD)

Encrypted Data

EVFS Volume

Key Records

Volume Encryption Key

User 1’s public key encrypts the volume encryption key

User 1’s private key decrypts the volume encryption key

Volume encryption key encrypts/decrypts the data

“my_passphrase”

encrypts private key

Stored Passphrase:

System-specific data encrypts “my_passphrase”

“my_passphrase”

EVFS uses symmetric keys to encrypt data, referred to as volume encryption keys. In symmetric key cryptography, the same key (bit string) is used to encrypt and decrypt the data. EVFS stores the volume encryption keys in the EMD area of a volume, as part of key records. Each key record contains the volume encryption key, encrypted with a user's public key. Because the volume encryption key is encrypted with a public key, this data is also referred to as a “digital envelope.” The digital envelope must be “opened,” or decrypted with the user's private key to retrieve the volume encryption key. Figure 1-2 illustrates how EVFS uses and stores volume encryption kesy.

Figure 1-2 Encryption Metadata (EMD) and Volume Encryption Keys

User Keys

Using HP-UX Trusted Computing Services with EVFS

EVFS uses public/private encryption key pairs with passphrases to securely store volume encryption keys. Each public/private key pair is owned by a user, and the key pairs are also referred to as user keys.

Public/private key cryptography systems use pairs of related but different keys. The public and private key pairs are mathematically related so that data encrypted with the public key requires the private key to decrypt it. In public/private key systems, the public key does not have to be kept secret.

Passphrases

For added protection, EVFS encrypts each private key with a passphrase before storing it. You can specify the passphrase or have EVFS generate a passphrase for you.

Stored Passphrases

As an option, you can store a passphrase in a file. EVFS encrypts the passphrase with system-specific information before storing it. Stored passphrases enable EVFS to retrieve a user's private key without prompting for the passphrase. If you want to enable EVFS volumes at system startup without manual intervention, you must use stored passphrases.

CAUTION: A stored passphrase enables you to use the EVFS autostart feature, but it is a security risk.

On systems with HP-UX Trusted Computing Services (TCS), you can use TCS to secure EVFS private keys. For more information, see the HP-UX TCS product documentation.

EVFS Architecture 21

How EVFS Uses Keys

EVFS uses symmetric volume encryption keys to encrypt the volume data. EVFS also uses public/private keys to encrypt the volume encryption keys, and it uses passphrases to encrypt private keys, as follows:

• The volume encryption key is stored in key records, or digital envelopes, in the EMD area of the EVFS volume. Each key record contains the volume encryption key, encrypted by a user's public key.

• User's public keys are stored in a local database, unencrypted.

• User's private keys are stored in a local database. Each private key is encrypted with a passphrase.

• As an option, a passphrase can be stored in a file, encrypted with system-specific data. A stored passphraseis a security risk.However, it enables you to execute some EVFS commands without entering a passphrase and to use the EVFS autostart feature.

Creating an EVFS Volume

When you create an EVFS volume and the EMD, the following sequence of events occurs:

1. The userenters the evfsvol create command and specifies a key pair name for the owner key. The evfsvol utility prompts the user for the passphrase for the users's private key. When creatinga new EVFS volume, evfsvol always prompts the user for passphrase. (Other evfsvol subcommands, such as evfsvol enable, allow you to use stored passphrases.)

2. The evfsvol utility reads operating parameters from the /etc/evfs/evfs.conf file, such as the data encryption algorithm for the volume, and writes them to the EMD.

3. The evfsvol utility generates the volume encryption key.

4. The evfsvol utility creates a key record for the owner by encrypting the volume encryption

key with the owner's public key (which creates a digital envelope). The evfsvol utility writes this key record to the EMD.

Enabling an EVFS Volume

To enable encryption and decryption for an EVFS volume, the following sequence of events occurs:

1. The user enters the evfsvol enable command. The evfsvol utility prompts the user for the passphrase for the user's private key. The user enters the passphrase.

Alternatively, EVFS retrieves the user's passphrase from a file. In this case, the passphrase is encrypted with system-specific data, and EVFS decrypts the passphrase before using it.

2. EVFS uses the passphrase to decrypt the user's private key.

3. EVFS uses the user's private key to decrypt the key record (EVFS “opens” the key record's

digital envelope) and extracts the volume encryption key from the key record.

4. EVFS uses the volume encryption key to encrypt and decrypt the EVFS volume data as needed.

Figure 1-3 illustrates how EVFS uses keys to enable an EVFS volume.

22 EVFS Introduction

Figure 1-3 Enabling an EVFS Volume

evfsvol enable my_evol Enter passphrase: my_passphrase

my_passphrase decrypts user 1’s private key

User 1’s private key decrypts the key record to extract the volume encryption key.

EVFS uses the volume encryption key to encrypt and decrypt the volume data as needed.

Key Names and Key IDs

Each public/private key pair has an owner and a key name. A user can have multiple public/private key pairs. The default key name (the name EVFS uses if you do not specify a key name) is the owner's user account name.

Public/private key pairs are also identified by a key ID formed by concatenating the owner's user account name and the key name, separated by a period (.). For example, the user bob owns the key pair named bobkey1. The key ID for this key pair is bob.bobkey1.

User Key and Passphrase Storage

By default, EVFS stores keys in a local database under the directory /etc/evfs/pkey. EVFS creates a subdirectory for each user who owns EVFS user keys. The subdirectory name is the user account name.

File Names

When using the default key storage directory, EVFS uses the following directory and file names to store user keys:

Public Key

Private Key

Stored Passphrase

Alternate Storage Databases and Distributed Key Storage

You can configure EVFS to use different file directories for the user key database that contains the public keys, private keys, and stored passphrases. The directories can be local directories or remote directories that are NFS-mounted. You can also configure EVFS to use different database directories according to the data type (key type or stored passphrase), and to use fallback directories if attempts to store key data fail.

/etc/evfs/pkey/user_name/key_name.pub, where user_name is the key owner's name and key_name is the key name.

/etc/evfs/pkey/user_name/key_name.priv, where user_name is thekey owner's name and key_name is the key name.

/etc/evfs/pkey/user_name/key_name.pass.nnn, where user_name is the key owner's name, key_name is the key name,

and nnn is a number based on system-specific data.

EVFS Architecture 23

User Key Privileges

EVFS defines the following types of user keys and restricts the execution of EVFS commands based on these keys and HP-UX user privileges:

• EVFS volume owner keys

• Recovery keys

• Authorized user keys

User Privileges and Permissions

Some EVFS commands do not require user keys. Only users with the appropriate privileges can execute thesecommands. By default, the appropriate privilege required for these EVFS commands is superuser privilege. See the privileges(5) manpage for more information about HP-UX privileges.

To performoperations on EVFS volumes and other volumes, users must also have the appropriate file access permissions for the associated device files. In most installations, users who want to perform operations on EVFS volumes must have superuser privileges.

NOTE: EVFS user keys restrict execution of EVFS commands only. Read, write and execute access to data on EVFS volumes is still restricted by normal HP-UX file permissions and access controls.

EVFS Volume Owner Keys

When you create an EVFS volume, you specify the volume owner key or owner key for the volume. The user who owns the volume owner key (the volume owner) can use the key to perform administrative operations on an EVFS volume, including enabling and disabling EVFS for the volume. The owner can also add additional key records to the EMD.

Recovery Keys

A recovery key enables you to change a volume owner key if the owner's keys are not available. Only the recovery key and the owner key can be used to change the owner key of an EVFS volume. The only operation you can perform with a recovery key is to change the owner key for an EVFS volume.

At installation, EVFS creates an EVFS pseudo-user account, evfs, if it does not already exist. Recovery keys are owned by this pseudo-user.

HP recommends that you configure a recovery key for each volume, but configuring recovery keys is not mandatory for normal EVFS operation. You can configure up to two recovery key pairs per EVFS volume.

Authorized User Keys

A volume owner can configure additional user keys to use to perform administrative operations on the EVFS volume. These user keys are authorized user keys for the volume.

A user with an authorized user key and the appropriate file system permissions for the volume device files can perform the same EVFS operations that the holder of an owner key can perform, except changing the EVFS volume owner, adding and deleting additional keys to a volume, and destroying the EVFS volume by removing the EMD.

Summary of Key Type and Privileged User Capabilities

Table 1-1 summarizes the capabilities for the different key types and for users with superuser

privileges or the appropriate privileges.

24 EVFS Introduction

Table 1-1 Key Types and User Capabilities

CapabilitiesKey Type/User Type

Superuser or appropriate privileges and file permissions for the device files

Owner Key

Recovery Key

Any user with superuser privileges or the appropriate privileges and file permissions can perform thefollowing tasks (no EVFS key is required):

• Start or stop the EVFS subsystem

• Map volumes to EVFS (create EVFS device files)

• Create EVFS volumes

• Create user keys for other users

• Display information about EVFS volumes

• Restore an EVFS volume's EMD

If a user has the owner key for an EVFS volume and the appropriate file permissions for the device file, the user can perform the following tasks:

• Enable and disable EVFS volumes

• Add and remove authorized user keys to EVFS volumes

• Change the owner of an EVFS volume

• Destroy an EVFS volume (remove the EMD; the data is irrecoverable)

The user can also perform tasks that do not require EVFS keys, suchas displaying information about EVFS volumes.

If a user has the recovery key for an EVFS volume and the appropriate file permissions for the device file, the user can change the owner of an EVFS volume. The user can also perform tasks that do not require EVFS keys, suchas displaying information about EVFS volumes.

authorized user Key

EVFS Commands

EVFS provides the following commands to configure and manage EVFS:

• evfsadm

The evfsadm utility manages the EVFS subsystem and creates devicefiles for EVFS volumes.

• evfspkey

The evfspkey utility creates, stores, and manages EVFS user keys.

• evfsvol

The evfsvol utility configures and manages the EVFS volumes.

If a user has an authorized user key for an EVFS volume and the appropriate file permissions for the device file, the user can enable and disable EVFS volumes (note that some backup procedures require the user to disable and enable the volume). The user can also perform tasks that do not require EVFS keys, suchas displaying information about EVFS volumes.

EVFS Architecture 25

Supported Software

Physical Disk

Type 1: User applications

Type 2: Kernel daemons that

interface with VFS

Type 3: Kernel Modules that interface with physical disks and implement file system or volume management functions

System Calls

Kernel

Virtual File System (VFS)

File Systems (HFS, VxFS)

EVFS Pseudo-Driver

Logical Volume Managers (LVM, VxVM)

Software used with EVFS can be categorized into three types:

• Type 1 Software: Applications without kernel components. EVFS supports Type 1 Software.

Examples of Type 1 software include FTP, rcp, CIFS Server, and Oracle® Database 10g. (This list is not exhaustive and is included only to provide examples of Type 1 Software.)

• Type 2 Software: Software with kernel modules that access the file system (Virtual File System, VFS, or HFS or VxFS). EVFS supports Type 2 Software. The NFS server daemon is an example of Type 2 software.

• Type 3 Software: Software with kernel components that directly access physical volumes and implement file system or volume management functionality. EVFS does not supprt Type 3 Software. Examples of Type 3 software include OracleAutomatic Storage Management (ASM), and file systems other than HFS and VxFS, such as Veritas Cluster File System (CFS) and Clearcase Multiversion File System (MVFS). (This is not an exhaustive list and is included only to provide examples of Type 3 Software.)

Figure 1-4 illustrates the data paths for the software types described in the preceding list.

Figure 1-4 Software Types

26 EVFS Introduction

Product Limitations and Precautions

The EVFS product has the following limitations:

• EVFS operates with LVM, VxVM and physical volumes only. Each EVFS volume is mapped to an underlying LVM, VxVM or physical volume.

• You enable EVFS encryption and decryption for an EVFS volume as a single unit. When you enable EVFS encryption and decryption for a volume, EVFS encrypts and decrypts the data blocks as the blocks are accessed, and all read operations through the EVFS volume receive decrypted dataas output, and users can access individual files in cleartext. You must use normal HP-UX file system permissions and access control to restrict access to the data.

• You cannot encrypt the following objects: — Files or disk areas used during system boot. This includes the following objects:

◦ the root file system (/) ◦ the HP-UX kernel directory (/stand) ◦ the /usr directory EVFS cannot decrypt the kernel or other data before the system boots.

CAUTION: Encrypting the boot disk can cause the boot disk to become unusable and prevent you from booting the system.

— Dump devices. — Swap space (swap devices or file swap space).

CAUTION: Encrypting swap space can cause the system to panic.

• EVFS does not automatically convert existing volume data to encrypted data. To encrypt existing volume data, use the inline encryption feature. For more information, see “Step 4:

(Optional) Migrating Existing Data to an EVFS Volume” (page 61).

CAUTION: If you improperly configure EVFS on a volume that already contains data, the existing data will be unusable.

IMPORTANT: To use inline encryption, 3 MB of spare disk space are required at the end of the volume, and the minimum volume size must be 4 MB.

• To mount a file system on an EVFS volume, EVFS must be enabled and transferring data to and from the file system in cleartext (unencrypted). Therefore, any executable that uses file system utilities to read or write data can operate only on cleartext data.

Network file sharing utilities, such as NFS, CIFS, FTP, or rcp, will transmit files in cleartext, even if the original files reside on an EVFS volume.

• If you want to use a backup utility that performs incremental backups or that backs up individual files, EVFS must be enabled. The backup utility receives the data in cleartext, even if the original files reside on an EVFS volume. If the target backup device is another EVFS volume, the target EVFS volume re-encrypts the data.

If the target backup device is a tape device or other non-EVFS device:

— You must back up the volume as a volume device (as a single unit), not as a file system

or group of files, to create encrypted backup media. You can create encrypted backup media using block device utilities, such as dd.

— You cannot create encrypted backup media using file-based utilities.

• If you use Ignite-UX to create boot or installation media, Ignite-UX will include system files from the /var, /opt, and /usr directories in the media in addition to the kernel file.

Product Limitations and Precautions 27

Ignite-UX will read these files in cleartext. If the output media is not an EVFS volume, such as a tape, Ignite-UX will store these files in cleartext.

• EVFS supports alternate links when used with LVM or VxVM. EVFS does not support alternate links when used with whole disk access.

• Executing the vxresize command with the -F option can cause lost or corrupted data. For more information and a workaround, see “vxresize –F Might Cause Data Loss or

Corruption” (page 96).

• Renaming VxVM volumes with EVFS enabled makes the volume unusable. For more information and a workaround, see “Renaming VxVM Volumes with EVFS Enabled Makes

the Volume Unusable” (page 96).

• EVFS is not supported by SAM or SMH.

• The evfsadm trace command is intended for use by support personnel only. HP does not support this feature on customer environments.

• During inline encryption, the volume is not accessible until the entire operation is completed.

• The Multi Volume File System feature of Veritas, which is not supported by EVFS.

• EVFS is currently available in English only.

28 EVFS Introduction

Known Problems

Possible Device File Collision

(SR 8606459127) Executing the newfs or mkfs command for an EVFS volume can fail on systems with components that call alloc_fake_device(), such as systems that are NFS clients. This problem is caused by a defect in the alloc_fake_device() routine.

Symptoms

The newfs or mkfs command fails with a message similar to the following:

vxfs mkfs: /dev/evfs/vg01/relvol1 is mounted, cannot mkfs

The output fromthe lsdev command shows that the charactermajor number used by the device driver fake is the same as the block major number used by the device driver evfsevol. In the example that follows, the common number is 2:

# lsdev Character Block Driver Class

: :

2 -1 fake pseudo

: : 115 2 evfsevol pseudo

Workaround

The following workaround is only necessary and applicable to HP-UX 11i v2 Update 2.

Install patch PHKL_37146. You can download patches from the HP IT Resource Center at:

http://www2.itrc.hp.com/service/patch/mainPage.do

Known Problems 29

Feedback and Enhancement Requests

HP is evaluating support for additional disk management and data storage products for subsequent releases of EVFS. Contact your HP representative if you have specific requirements or enhancement requests.

30 EVFS Introduction

+ 144 hidden pages