hcl Manual Pages
The following topics consist of the manual pages for hcl, hcs3, and htroot.
htroot Man Page
HTROOT(1) User Manuals HTROOT(1)
NAME
htroot - Encrypted root disk and swap using HyTrust DataControl
SYNOPSIS
htroot [OPTIONS]
DESCRIPTION
The htroot command is used to manage encrypted root disk and swap using
HyTrust's DataControl.
OPTIONS
The options are as follows:
status
Display information about encryption status of the root disk and
swap.
encrypt
Prepare root disk and swap device for encryption. This command
makes necessary modifications to grub, fstab, HyTrust configura-
tion. It also installs required packages from external reposito-
ries, if required. The user is prompted before packages are
installed.
The encrypt command also rebuilds initrd with additional bina-
ries and configuration files required to encrypt the root disk.
Root disk encryption on Linux requires a separate /boot parti-
tion. If the VM does not have a separate /boot, encrypt fails.
htroot encrypt is an interactive process. In the preparation
phase, the user is prompted to make various choices. For example
the user is asked to choose appropriate network configuration,
he / she can choose to encrypt the swap device along with root
device.
At the end of the preparation phase, htroot prompts the user to
reboot the system. During subsequent boot the selected devices
are encrypted. The progress of encryption can be seen on the VM
console.
In addition to the VM console, the administrator can setup a
"debug console" in the preparation phase. The encrypt command
prompts the user to enable the debug console and download ssh
identity file. During the subsequent boot the administrator can
connect to debug console with this identity file, like
# ssh -i <identity file> root@vm
The debug console provides various options in addition to show-
ing the encryption progress, for example network restart,
authentication with KeyControl etc.
decrypt
Prepare the VM for decryption of root and swap device. At the
end of this command the user is prompted to reboot the system.
update
This command allows the user to update the grub configuration
files and initrd for a previously root encrypted system. Note
that even if the root device is decrypted later, the HyTrust
changes to boot loader remain with the system, unless they are
explicitly removed with cleanup command or the HyTrust agent
software is uninstalled.
The update command is useful after a system kernel upgrade or
HyTrust software upgrade.
cleanup [-f]
The HyTrust changes to boot loader (grub), fstab, initrd can be
removed with this command. If the root device is still encrypted
then cleanup fails with a message that the administrator needs
to decrypt the root device first.
If HyTrust agent has not made any changes to boot loader then
cleanup returns immediately reporting that cleanup is not
needed. However the administrator can force a cleanup with -f
option.
version
Display the version of the DataControl agent software.
-h | -?
This command displays all the options available through the
htroot command.
FILES
/opt/hcs
The default location of the HyTrust DataControl configuration
files.
/var/log/htroot.log
The HyTrust DataControl htroot log file. If errors are detected,
you will be requested to provide this file to HyTrust support
staff.
BUGS
See the HyTrust Release Notes for information about bugs and caveats in
the software.
AUTHOR
HyTrust Inc.
SEE ALSO
hcl(1)
Linux OCTOBER 2016 HTROOT(1)