Cryptsetup Lands Support For OPAL Self Encrypting Drives

Written by Michael Larabel in Linux Kernel on 18 August 2023 at 09:44 AM EDT. 20 Comments
LINUX KERNEL
Linux 6.4 or newer paired with the latest cryptsetup development code has landed support for the OPAL specification for self-encrypting drives.

The OPAL specification is backed by major hardware vendors including Samsung, Micron, SanDisk, Seagate, Hitachi. Toshiba, Kingston, Intel, Lenovo, and others for a self-encrypting drive standard. With code recently merged to the cryptsetup library there is the OPAL bits added. Luca Boccassi commented in the merge request:
"With this I can format, open, use, close and erase multiple partitions on the same SED disk as separate luks volumes, on disks that support Single User Mode and disks that do not. Requires kernel 6.4."

The updated Cryptsetup documentation with that merge goes on to explain:
"SED (Self Encrypting Drive) OPAL EXTENSION

cryptsetup supports using native hardware encryption on drives that provide an *OPAL* interface, both nested with *dm-crypt* and standalone. Passphrases, tokens and metadata are stored using the LUKS2 header format, and are thus compatible with any software or system that uses LUKS2 (e.g.: tokens).

*WARNING:* this support is new and experimental, and requires at least kernel v6.4. Resizing devices is not supported.

--hw-opal can be specified for OPAL + dm-crypt, and
--hw-opal-only can be specified to use OPAL only, without a dm-crypt layer."

The new code also adds a "--hw-opal-factory-reset" command for carrying out a full factory reset of OPAL-compliant drives.

OPAL cryptsetup


It's exciting to see this support finally land in cryptsetup and will be found in the project's next release.
20 Comments
Related News
Linux 6.10 Goes Ahead In Removing Sysctl Sentinel Bloat
Linux 6.9-rc7 Released: The Kernel Is Looking Good
DRM Buddy & AMDGPU Wired Up For Clear Page Tracking In Linux 6.10
Linux 6.9-rc6 Released With This Kernel Looking "Pretty Normal"
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
NetBSD On The State & Future Of X.Org/X11
Framework Laptop EC Driver Being Prepared For Linux
Valve Working On Explicit Sync Support For "NVK" NVIDIA Vulkan Driver
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97
GNOME Shell's Layout Being Improved For Smaller Displays