Cryptsetup Lands Support For OPAL Self Encrypting Drives

Written by Michael Larabel in Linux Kernel on 18 August 2023 at 09:44 AM EDT. 20 Comments
LINUX KERNEL
Linux 6.4 or newer paired with the latest cryptsetup development code has landed support for the OPAL specification for self-encrypting drives.

The OPAL specification is backed by major hardware vendors including Samsung, Micron, SanDisk, Seagate, Hitachi. Toshiba, Kingston, Intel, Lenovo, and others for a self-encrypting drive standard. With code recently merged to the cryptsetup library there is the OPAL bits added. Luca Boccassi commented in the merge request:
"With this I can format, open, use, close and erase multiple partitions on the same SED disk as separate luks volumes, on disks that support Single User Mode and disks that do not. Requires kernel 6.4."

The updated Cryptsetup documentation with that merge goes on to explain:
"SED (Self Encrypting Drive) OPAL EXTENSION

cryptsetup supports using native hardware encryption on drives that provide an *OPAL* interface, both nested with *dm-crypt* and standalone. Passphrases, tokens and metadata are stored using the LUKS2 header format, and are thus compatible with any software or system that uses LUKS2 (e.g.: tokens).

*WARNING:* this support is new and experimental, and requires at least kernel v6.4. Resizing devices is not supported.

--hw-opal can be specified for OPAL + dm-crypt, and
--hw-opal-only can be specified to use OPAL only, without a dm-crypt layer."

The new code also adds a "--hw-opal-factory-reset" command for carrying out a full factory reset of OPAL-compliant drives.

OPAL cryptsetup


It's exciting to see this support finally land in cryptsetup and will be found in the project's next release.
20 Comments
Related News
New Linux Patch Establishes "CONFIG_X86_64_NATIVE" For -march=native Kernel Builds
Perf Support For 2,048 CPU Cores Is Becoming Not Enough - Patches Bump Kernel Limit
Linux 6.13-rc2 Released With An Initial Batch Of Fixes
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Linux 6.13-rc2 To Workaround Buggy Intel Lunar Lake Leading To Responsiveness Issues
More Kernel Bitrot: Old & Busted UltraSPARC T2 "Niagara 2" SPU Driver Slated For Removal
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features
Linux 6.12 Officially Promoted To Being An LTS Kernel