Open ungular opened 10 months ago
The MX500
definitely works with sedutil
, I've been using multiple of them in multiple systems for years. I assume you're trying to boot from it using the Shadow MBR and the PBA image? That should work fine, although it seems that some hardware configurations (motherboard and its BIOS mostly?) might have issues with that?
Also, if you want to completely reset your drive and start over, try PSID reverting it (this should erase all your data, be aware of that!).
The
MX500
definitely works withsedutil
, I've been using multiple of them in multiple systems for years. I assume you're trying to boot from it using the Shadow MBR and the PBA image? That should work fine, although it seems that some hardware configurations (motherboard and its BIOS mostly?) might have issues with that?Also, if you want to completely reset your drive and start over, try PSID reverting it (this should erase all your data, be aware of that!).
loading pba as follow:
gunzip /usr/sedutil/UEFI64-1.15.img.gz
#sedutil-cli --loadpbaimage debug /usr/sedutil/UEFI64-1.15.img /dev/drive
how BIOS should be configured? now it's UEFI , secure boot: Off
what if i skip this command setlockingrange 0 lk...
?
sedutil-cli --query
-> result:
Locking function (0x0002) Locked=Y, LockingEnabled=Y, LockingSupported=Y, MBRDone=N, MBREnabled=Y, MBRAbsent=N, MediaEncrypt=Y
linuxpba
: is OPAL Failed
poweroff
result :
...unmount: devtmpfs busy - remounted read-only unmount: can't unmount /: Invalid argument...
it seems that the motherboard does not support TPM, a relevant error message would be welcome here.
I don't think you need a TPM (we're talking about a Trusted Platform Module, right?) for this. Where did you find that written? First time I'm hearing it I think.
So can you unlock the drive via sedutil
in the terminal? Have you tried that? And just during the boot process with the PBA it doesn't work?
Some systems apparently have issues with the boot process, for example some end up power-cycling the drive on a reboot which just locks it again (that doesn't seem to be the case here though?).
You can get is OPAL Failed
for multiple reasons, including just typing a wrong password. The current implementation just gives you a single try and then reboots, always.
Also, Secure Boot sadly isn't supported so yeah that needs to be turned off.
I don't think you need a TPM (we're talking about a Trusted Platform Module, right?) for this. Where did you find that written? First time I'm hearing it I think.
yes, TPM 2.0. I tried locking from Windows according to the manufacturer's instructions, but it seems that Bitlocker doesn't work without TPM, hence I deduced that TPM is mandatory.
So can you unlock the drive via
sedutil
in the terminal? Have you tried that? And just during the boot process with the PBA it doesn't work?
i'm able to unlock the ssd successfully via sedutil
.
also for initial setup all the commands runs successfully. poweroff
at boot, password prompt does not appear.
when test again with linuxpba
shows is OPAL Failed
for ssd via sedutil.
Some systems apparently have issues with the boot process, for example some end up power-cycling the drive on a reboot which just locks it again (that doesn't seem to be the case here though?).
so i'm going to research this now.
Oh yeah, BitLocker can work with Self-Encrypting Drives but it wants TPM I guess. Afaik the drives themselves don't need it, everything is done on the drive itself. And sedutil
just sends commands to the drives and parses what comes back from them.
I probably can't help you further, sorry. :/ I haven't had any problem like this so far, personally. Good luck with your research!
I've just tried to set PBA up on my BIOS PC and a Kingston KC600 mSATA OPAL 2.0 drive using the RESCUE32 and BIOS32 images but couldn't get it to work by following the instructions here (which went smoothly btw), because of the problem below when booting the machine after powering it off. Tried this fork instead and problem went away. RESCUE32 from this fork is slow, has glitches when issuing the linuxpba command, and the unpacked BIOS image take less space for some reason. Maybe that's why I can't get it to work. Try the other fork.
SYSLINUX 6.03 EDD 2014-10-06 Copyright (C) 1994-2014 H. Peter Anvin et al
Failed to load ldlinux.c32
Boot failed: please change disks and press a key to continue.