Logical volume (LV) encryption refers to the process of securing data stored on LVs by encrypting it, ensuring that only authorized users or systems can access the data.
When encryption is applied, the data on the LV is stored in an encrypted format and can only be decrypted with the appropriate authentication method. This protects thedata from unauthorized access, even if the physical storage device is compromised.
Previously, LV encryption was supported only for overwrite installations. However, starting with IBM AIX 7.3 TL3, preservation and migration installations also support LV encryption for all default root volume group (rootvg) LVs using the PKS authentication method.
PKS is a hardware-backed non-volatile random access memory (NVRAM) that offers secure storage for sensitive material. With the platform keystore encryption authentication method, rootvg LVs will be automatically unlocked without user intervention.
This step-by-step tutorial explains how to enable encryption for the default logical volumes (LVs) in rootvg using the SMS menu during preservation and migration installations.
For more details, please refer to this: Encrypt rootvg logical volumes (LVs) during preservation and migration installation - IBM Developer