Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
OPAL Self-Encrypting Drive Support For Linux Steps Closer
The Opal storage specification sets a cross-vendor standard for self-encrypting drives and is the work of the Trusted Computing Group's storage workgroup. Scott Bauer of Intel sent out his third version of these patches for implementing Opal for self-encrypting devices. The driver has support for storing the locking range password as well as activating a device from a SED's default-inactive state.
The overall bring-up process for those curious about Opal is:
This Opal driver support for Linux is around 3.5k lines of code at present. More details via this patch series. Those curious about self-encrypting drives can learn more here. These SED OPAL patches are coming too late for the Linux 4.10 merge window but perhaps will be ready for Linux 4.11.
1) Taking Ownership of the drive (Setting the Admin CPIN).
2) Activating the Locking SP (In Single User Mode or Normal Mode).
3) Setting up Locking Ranges (Single User or Normal Mode).
4) Adding users to Locking Ranges (Normal Mode Only).
5) Locking or Unlocking Locking Ranges (Single User Mode or Normal Mode).
6) Reverting the TPer (Restore to factory default).
7) Setting LR/User passwords (Single User Mode or Normal Mode).
8) Enabling/disabling Shadow MBR.
9) Enabling Users in the LockingSP (Normal Mode Only).
10) Saving Password for resume from suspend.
11) Erase and Secure erasing locking ranges.