Storing and reading Self Encrypted Disk (SED) password from TPM

ChubbyAnt / sedutil

SEDutil: For Intel and AMD Ryzen Systems

https://sedutil.com

87 stars 22 forks source link

Storing and reading Self Encrypted Disk (SED) password from TPM #58

Open Strykar opened 8 months ago

Strykar commented 8 months ago

I have a Self Encrypted Disk (SED). I'd like to use sedutil to lock the disk, but I want the password to be sealed in the TPM module on board the system, instead of in ATA BIOS.

Essentially I want the Pre-Boot Authentication (PBA) image to pick up the password from the TPM automatically upon boot.

Is this even possible?

Comnenus commented 1 month ago

I am interested in this as well. Basically, I would normally use LUKS + TPM to unlock, and am wondering if I can swap out LUKS with SED to do the same thing.

Did you happen to find an answer?

Strykar commented 1 month ago

I am interested in this as well. Basically, I would normally use LUKS + TPM to unlock, and am wondering if I can swap out LUKS with SED to do the same thing.

Did you happen to find an answer?

There's some progress in the discussion at - https://wiki.archlinux.org/title/Talk:Self-encrypting_drives#c-Indigo-20240204192600-Strykar-20240202210200