NVMe drive support for windows

[JimboJombo]

Hello, I'm no expert but I couldn't find any support for NVMe drives under Windows in the source code. And I can't get my drive to be recognized on Windows 10 (Samsung EVO 960). Is support for NVMe drives on Windows planned?

[MisterMuezza]

This probably has a lot to do with the NVMe driver. I have a Samsung EVO 960 1TB on Windows 10 in a Dell XPS 9550. I tried both standard Microsoft NVMe driver as well as the Samsung one but sedutil did not detect support for Opal for this drive.

Based on this post, I took a chance and installed the Intel NVMe driver and was able to confirm with Intel SSD Pro Administration Tool v1.1.3 that the drive does support Opal. However, even with the Intel driver, sedutil still did not detect Opal support for the drive.

As a workaround, I booted from a USB with Ubuntu 16.10 and encrypted the drive from there with sedutil with no issues. Once this is done, it does not matter what driver you use in Windows because the entire encryption is fully transparent to the operating system.

[JimboJombo]

Thank you for the response. I do think however, that the problem is more related to the source code of sedutil. There is just no support for NVMe drives in the windows version.

Your setup looks similar to mine as I also want to encrypt an EVO 960 inside a Dell laptop. I do like your solution of encrypting the drive inside Linux. And I know that if you restart without powering off the drive remains unlocked. But how do you unlock the drive then if you don't want to boot into Linux each time you start your machine? I don't see any solution to this problem.

[MisterMuezza]

Regardless of what OS you are using on your laptop normally, when you power it on, it will boot the PBA which is a stripped down version of Linux. This will trigger the sedutil commands which will unlock the drive making your OS partitions visiblem, and after, trigger a reset. From this point on, the BIOS/EFI will boot up from Windows as if there was no encryption in place.

There are few versions of PBAs available but I was only able to get the Rescue image to detect the NVMe drive in my case (see #120).

[JimboJombo]

Thank you for the link to #120, that will come handy at some point.

My problem is though that the encrypted drive is not my boot drive. Right now I cannot encrypt my boot drive as it lacks opal support. Therefore I'd need a way to unlock my NVMe drive from inside Windows, which is as I see it, impossible right now.

[MisterMuezza]

The Windows version does indeed not have NVMe support. From https://github.com/Drive-Trust-Alliance/sedutil/blob/c98f7686a3fd385e1000a9ce439be522422ac52d/windows/DtaDevOS.cpp#L86 it only appears to support USB and ATA drives.

[ton250]

The basic problem with NVMe support is that after entering the password, during reboot the power will be removed from the SSD - at least in my laptop. So the SSD will again be locked. I believe that for NVMe a reboot is not really needed. However, that requires a modification in the PBA.

[MisterMuezza]

@ton250 What laptop are you using? I've seen Lenovo laptops resetting SSDs configured in eDrive mode during reboot, which is Microsoft's implementation of hardware encryption.

[ton250]

Hi Daniel, My Laptop is an ASUS N752VX.

[r0m30]

Nvme support was added in 1.15

[lukefor]

It turns out the NVMe support on Windows is incomplete, it can only identify NVMe drives, not perform any operations (including identifying OPAL support).

I found an excellent SCSI sendCmd implementation in a fork adding support for SAS drives, which works perfectly for NVMe as well (tested on Microsoft and Samsung drivers). I have ported it here: https://github.com/lukefor/sedutil/tree/windows_nvme

[ayushkumar024]

I am working on Linux source code of sedutil. Which compile and build perfectly but it is not working with NVMe drive using external adapter.

Can anyone help me out. Thanks

[Sed-Research]

I have amazing news regarding sedutil support for NVME drives connected through an external adapter.

This has been a long journey and i own more external ssd enclosures than any sane person ever should. Unfortunately I did not do any Mac tests during this journey however I assume there are similar results as with the other platforms. If you are looking for the JUICY PART skip to the end.

I will start by saying SATA Opal 2.0 ssd drives have always worked for me with the official sedutil tool, when installed internally and also through every SATA to USB adapter I've tested, using Windows Linux and preboot authentication (PBA) releases. The SATA adapters successfully pass through the sedutil commands and also the drive information so it is represented natively in the OS device manager. SATA drives have never been an issue however SATA is becoming outdated with NVME drives taking over the market. Most of the tests were done with Samsung drives which I tend to trust the most as they are leading the Opal SSD market and have passed security audits in the the past (though there could always be a backdoor as the original encryption implementation in their portable T3 drives was suspiciously overly-negligent: https://www.ieee-security.org/TC/SP2019/papers/310.pdf).

A bit of sedutil history. Originally, NVME drives (both internal and external) were not supported with the official sedutil software(https://www.drivetrust.com/sed-util/) (https://github.com/Drive-Trust-Alliance/sedutil) but a while ago it was added (https://nvmexpress.org/drive-trust-alliance-adds-nvme-support-to-sedutil/), however Windows support never arrived. This brought about this thread (https://github.com/Drive-Trust-Alliance/sedutil/issues/115) and the lukefor fork (https://github.com/lukefor/sedutil/tree/windows_nvme) capable of Windows NVME support. Precompiled executable located here (https://github.com/ChubbyAnt/sedutil/issues/2).

Subsequently additional forks popped up with executable releases, encryption modifications, Windows NVME support and/or other features. These included, amongst many others, ChubbyAnt's fork (https://github.com/ChubbyAnt/sedutil/releases) (https://sedutil.com/) which is probably most popular but doesn't integrate nvme in Windows, and Oom-is's fork (https://github.com/oom-is/sedutil/releases) which ended up working very well, but more about that in a moment.

The issues with some of these forks is that they are not fully compatible with the official "vanilla" release because of the password hashing changes, and likely not compatible with the Drive Trust Alliance's quite convenient "SED Control" and "SED Access" apps (https://www.drivetrust.com/downloads/dta/windows/DTA_SED_Software_Install_Guide_Win.pdf). This bundled software is not publicly downloadable however if you are savvy at reading an install guide, finding a file name, and editing a url then you should be able to download it. Unfortunately the DTA software is outdated and we have yet to see official updates from them in years.

Now getting back to the original topic, despite ordering handfuls of NVME to USB adapters, none would work with any of the previously proposed solutions or forks, whether in Windows Linux or preboot. Tried driver updates and multiple different SSD's and chipsets but none would successfully identify nor pass Opal commands on to the NVME ssd. I tried JMicron JMS583 (buggy A0 version), Asmedia ASM2362, and Realtek RTL9210 chipsets. These were USB 3.0, 3.1, and 3.1 gen 2 compatible adapters. I have not yet tried the newer JMS583 (version A2) adapters, nor have I tried out the newer faster 20Gbps USB 3.2 Gen 2x2 ASM2364 adapters (thought I'm planning on it soon!). Today however I tried the new RTL9210b chipset which in some adapters supports both NVME and SATA drives (which is what sparked my interest)...but more on that further down. Stick around.

--- (START THUNDERBOLT STORY) ---

So a few months ago I said to myself what about an NVME ssd to thunderbolt 3 (Intel JHL6340 chipset) adapter. Finally! Success with an NVME drive attached externally. It actually works with the official sedutil tool in Linux and preboot, and using the Oom-is fork it also work in Windows. Because Thunderbolt is a direct pci-e bus it behaves the same as if the drive was installed internally so it appears natively to the OS. Commands pass through wonderfully.

Thunderbolt has serious challenges though. These adapters much more expensive and only work with Thunderbolt 3/4 ports. Speeds are great but I've noticed in Windows and Linux certain write caching settings can really slow the write speeds, even slower than when using a 10Gbps USB 3.1 gen 2 NVME adapter with the same SSD and connected on the same port. In fact many of the external TB3 enclosures today have issues reaching even half the SSD's native speeds relative to if it were installed internally. Windows can crash often when TB devices are being connected/disconnected (DMA blue screens from my experience). Additionally the old Thunderbolt 3 ports have serious memory leak DMA security issues which require authorizing devices which simply didn't work well for me, especially when trying to boot from the drive. Luckily Thunderbolt 4 host devices don't have these security issues and are backwards compatible with Thunderbolt 3 ssd adapters, but as I've come to find TB4 also has it's problems.

Both on my new 11th generation Acer and Asus laptops (both with TB4 ports) connecting and disconnecting my external Wavlink UTE02 Thunderbolt enclosure caused BSOD's (could be device specific as it's not the best enclosure). My Asus has 2 TB4 ports and sometimes the behavior was different between them. Additionally, Asus has a hidden built in bios level SED decryption screen which pops up when it detects an encrypted locked drive and literally you can't do anything as it won't unlock the drive and it just freezes the computer after a wrong password. I could get around that by connecting the TB drive after getting to the boot menu and then booting the sedutil PBA...and it would successfully unlock the drive. Here's the problem though, in both Acer and Asus laptops, after unlock it warm reboots the laptop and apparently, in contrast to USB connections which work flawlessly and don't trigger Asus's built in SED screen, the thunderbolt bus is sent a power cycle command which relocks the drive. There are custom PBA solutions out there (https://github.com/gebart/opal-kexec-pba) which boot directly into Linux after unlock without the warm reboot, as some manufacturers are even power cycling internal NVME drives for enterprise safety reasons (to protect against alt-OS boot attacks).

Thunderbolt works, and theoretically can achieve much higher speeds than USB, but I found there are some compatibility limitations especially with older systems, and in trying to boot from an external TB drive, but even with the newer generations it just seems manufacturers are not doing proper QA. If superior speeds aren't required then USB is certainly the winner as of now.

I have ordered a new generation NVME to Thunderbolt adapter (Intel JHL7440 chipset) Acasis USB4 Thunderbolt NVME enclosure (https://www.amazon.com/Enclosure-Compatible-Thunderbolt-Interface-Solid-State/dp/B08P7L6SDD) which supports both USB 3.2 and Thunderbolt 3 connections. The Lacie Rugged SSD Pro and Sabrent Rocket XTRM-Q also supports this functionality but i preferred trying out the Sabrent. It will be interesting to see if I install an Opal 2.0 NVME drive and connect it to a non-Thunderbolt USB 3.x port (or somehow force it to fallback to USB mode on a Thunderbolt port) how well it will work in comparison to the Thunderbolt mode and if this chipset will alleviate the previously mentioned issues plaguing Thunderbolt connectivity. If it does then it will be an awesome (yet still more expensive) Thunderbolt + USB based solution for external Opal NVME drives. Fingers crossed. Back to our journey...

--- (END THUNDERBOLT STORY) ---

Recently I've wondered whether there has been any progress with all these non sedutil compatible NVME to USB adapters I have lying around. I found this thread (https://github.com/Drive-Trust-Alliance/sedutil/issues/314) and even went so far as to contact ayushkumar024 (https://github.com/Drive-Trust-Alliance/sedutil/issues/341). He told me that he got NVME over USB working with a Jmicron by modifying ChubbyAnt's fork to support vendor specific commands. Hopefully we'll see that code in the wild soon.

So now to the JUICY PART. Today I received an ELUTANG NVME + SATA-NGFF to USB enclosure adapter (https://www.amazon.com/ELUTENG-Enclosure-Protocol-Adapter-External/dp/B08H22BV1N/) with the newly released RTL9210b chipset thinking to myself how cool that it supports both types of drive interfaces. I wonder how Opal will behave? Well as expected SATA drives work flawlessly. How about NVME drives? I don't know what these geniuses at Realtek did but not only are the read-write speeds phenomenal at 1GB+ practically maxing out the 3.1 gen2 protocol limits...but NVME drives work flawlessly with the official "vanilla" sedutil across Linux, PBA... and Windows! This includes the SED Access and SED Control apps. This was a huge surprise as essentially what this chipset is doing is it is correctly passing on the Opal commands to the NVME drives over USB (something none of the other NVME to USB chipsets could do), and at the same enables NVME based Opal drives over USB to work with the official sedutil release which doesn't even natively support NVME drives over pci-e in Windows! Both SATA and NVME drives show up as "Realtek RTL9210B-CG SCSI Disk Device" in the OS device manager and sedutil-cli is able to successfully scan and identify the actual SSD manufacturer's device name. None of the other NVME to USB adapters I tested did this, they would only show the NVME to USB device itself. I did not expect to see this type of success and it opens a new era for using external NVME drives over USB rather than just Thunderbolt. I'm sure other RTL9210b adapters support this functionality. The newer Jmicron and ASMedia might also work but I doubt it since none of them have the unique feature of supporting both SATA and NVME drives and I assume there is some type of NVME/SATA command translation happening.

TLDR: Use an RTL9210b based NVME/SATA external USB adapter such as the one mentioned above to successfully work with NVME and SATA Opal drives across Linux and Windows with nothing but the official sedutil release. I hope this information helps anyone who comes across it!

***A side note on booting from EXTERNAL opal drives: S3 and other sleep/standby support has been an issue for those booting from SED drives since laptops entering sleep mode will cut the power to the drive and therefore it would lock. When resuming, the OS loaded in memory is unable to access the drive and then the OS crashes. (Somewhat) very insecure solutions of having the OS unlock the drive when resuming from standby by having the password stored (in RAM or on disk) are out there (https://github.com/Drive-Trust-Alliance/sedutil/issues/90) (https://github.com/lukefor/sedutil/issues/1), however I have recently noticed that on my thunderbolt 4 ports even in sleep mode the laptop still provides power to the external USB/TB drive. I have only tested this successfully with EXTERNAL opal enabled drives, so for those looking for a sleep solution for non internal SSD's this might be the cleanest way to do so (please take into account that leaving your laptop in sleep mode is not a best practice and is a security hazard regardless as it's basically the same as leaving your computer on). This functionality is likely very laptop dependent and standby charging might need to be activated for it to work. I am sharing this here as buying a new laptop with standby power to USB C or TB attached peripherals maybe simpler for many than the process of enabling sedutil sleep support on opal encrypted drives.

[ChubbyAnt]

I confirm that this nvme usb enclosure:

https://www.amazon.com/ELUTENG-Enclosure-Protocol-Adapter-External/dp/B08H22BV1N/

...does indeed pass the SEDutil commands over usb via the windows sedutil-cli.exe. This has been tested with OPAL and Pyrite drives via the new ChubbyAnt revision which incorporates the @amotin Opalite/Pyrite/Ruby control commands:

https://github.com/ChubbyAnt/sedutil

[Sed-Research]

Further enclosure/chipset testing:

Acasis USB4 + Thunderbolt 4 Enclosure : This JHL7440 thunderbolt 4 controller works with sedutil in the same manner that the older JHL6340 works. It however does not trigger the ASUS sed decryption screen like the JHL6340 does but it still cannot boot from the device with a warm reboot as it still power cycles the external drive. Windows DMA blue screens still happen. I'm not sure why the Acasis is labeled as USB4 (perhaps because there's cross compatibility with TB4) as it turns out to be a USB 3 interface which is not part of the JHL7440 chipset but rather there is a JMS583 Version A2 chipset on the same board. USB 3 mode does not work with sedutil as it cannot pass on the Opal commands, same as the Version JMS583 A0 chipset (I also tested with this a standalone JMS583 A2 adapter with the same results). USB 3 speeds slowed to 40Mbps on my newer Asus laptop's USB 3 Type A port for some reason, however on an older laptop they were inline with the USB 3.1 gen2 10gbps standard. Thunderbolt read speeds are phenominal but write speeds still throttled 50%+ relative to the nvme drive being connected internally. Could be a thunderbolt cable issue (unlikely as I tried a couple), or enclosure/laptop/ssd combination specific incompatibility as I've read online. Currently exploring whether Sabrent Rocket XTRM-Q also has a dual JHL7440/JMS583 chipset setup. The Orico M2V01-C4 is indeed the same JHL7440+JMS583 combination as listed on their website. My conclusion is that Thunderbolt is still simply not as good as USB at this point especially now that we have the RTL9210B solution (unless you really just need the extra speed).

Orico 20Gbps NVME to USB ASM2364: Was unable to test the 20Gbps throughput as apparently my thunderbolt 4 port does not support USB 3 gen2x2 but speeds were similar to USB 3.1 gen2. Just like the ASM2362 sedutil is unable to pass the commands to the nvme drive and the drive does not show up natively in the OS but rather a ASM236X disk drive shows up instead.

Orico M2PJM-C3 NVME/SATA to USB 3.1 gen2: Not all RTL9210B enclosures work the same. This one did not successfully identify Opal functionality nor pass commands onto the drive regardless of the sedutil version utilized when testing in Windows (and presumably will also not work with sedutil on other operating systems). Upon closer inspection of the chipset board which is almost identical to the ELUTANG RTL9210B we can see the difference which may account for the failed Opal functionality. The Orico board is labeled THD-2 2036 and the chipset on that board reads RTL9210B K6R52E1 GK32. The ELUTANG board is labeled TDH-2 2033 and the chipset on that board reads RTL9210B K2F95E1 GK09. This version difference between the brands is certainly why ELUTANG works and Orico doesn't. Would be interesting to test what other RTL9210B enclosures work successfully like ELUTANG does.

Icybox NVME to USB RGB Gaming Enclosure ASM2363: Good USB 3.1 gen2 speeds, but again like the ASM2362 sedutil is unable to pass the commands to the nvme drive. The SSD drive details do seem to show up natively in the operating system device manager so as to say it seems the chipset is forwarding that information along to the OS.

[Sed-Research]

I performed even further enclosure/chipset testing (all products ordered from Amazon):

RTL9210b adapters that support Opal command passthrough (Also the best enclosures out there IMHO):

brand: Eluteng (USB C) (this is the same device referenced in my previous post) text on chip: RTL9210B K2F95E1 GK09 windows hardware id: USB\VID_0BDA&PID_9210&REV_2001

brand: Elecife elec-6101 (USB C) text on chip: RTL9210B K8C97E1 GK33 windows hardware id: USB\VID_0BDA&PID_9210&REV_2001

brand: Sokiwi SKUD0501-US (USB C) text on chip: can't read it without destroying enclosure windows hardware id: USB\VID_0BDA&PID_9210&REV_2001

brand: KBR (USB A) (device is buggy keeps disconnecting shortly after not being accessed but works fine on another laptop) text on chip: RTL9210B K6R47E2 GK28 windows hardware id: USB\VID_0BDA&PID_0031&REV_2001

Those who can spot the pattern will recognize that only the REV_2001 devices are capable of passing through Opal commands. I got extremely lucky I chose to order the Eluteng enclosure when I first tested the RTL9210b chipset.

RTL9210b adapters that DO NOT support Opal command passthrough:

brand: Orico M2PJM-C3 (this is the same device referenced in my previous post) text on chip: RTL9210B K6R52E1 GK32 windows hardware id: USB\VID_0BDA&PID_9210&REV_3000

brand: Xiwai U3-057-XY text on chip: RTL9210B K2F99E1 GK07 windows hardware id: USB\VID_0BDA&PID_9210&REV_3000

brand: CY text on chip: RTL9210B K2F99E1 GK07 windows hardware id: USB\VID_0BDA&PID_9210&REV_3000

brand: Riitop M2BMTU3 text on chip: RTL9210B K6R52E1 GK32 windows hardware id: USB\VID_0BDA&PID_9210&REV_3000

brand: Yottamaster text on chip: RTL9210B K2F95E1 GK09 windows hardware id: USB\VID_0BDA&PID_9210&REV_3100

brand: FREEGENE Acasis (this is NOT the dual mode thunderbolt/usb version previously reviewed) text on chip: can't read it without destroying enclosure windows hardware id: USB\VID_0BDA&PID_9210&REV_3100

brand: Alxum text on chip: RTL9210B K2F95E1 GK09 windows hardware id: USB\VID_0BDA&PID_E19B&REV_3100

*** I also tested the Sabrent XTRM-Q (SB-XTRQ-500), which supports both thunderbolt and usb 3.2 (jhl7440 + rtl9210), by switching out the included ssd with an nvme Opal enabled one...it was not easy to open the device as it has a sticker which is hard to remove which hides the screws. Some review websites say it uses the RTL9210b but it has "RTL9210 J7U68E1 GK09" written on the USB 3.2 chip with hardware id "USB\VID_2EB9&PID_9211" (this is an unknown device for usb mode - can't find anything about it on the internet). And indeed it does not work with SATA ssd's so USB mode uses an older generation RTL9210 chipset. Thunderbolt mode passes on the ssd's nvme controller's native hardware id to the operating system. I'm guessing they did some non standard stuff to handle the dual mode capabilities. Both thunderbolt and usb modes successfully pass the Opal commands though, however I'm having the same slow speed writes over usb that i had with acasis thunderbolt+usb enclosure - but I'm inclined now to believe these are laptop specific compatibility issues. In general though thunderbolt devices lack the stability and speed consistency I find with the USB adapters.

*** Something to be aware of, some of these external enclosures/adapters have power saving standby modes which kill the power to the ssd after a few mins. This resets the Opal lock and so you will have to unlock it again, and if you are booting off the drive you want to make sure your operating system is accessing the drive every once in a while (which shouldn't be an issue for most setups). This power saving functionality could cause data loss if not taken in to account when using Opal enabled drives.

[Incog5]

@Sed-Research Have you checked the firmware versions (which are user upgradable), as that might play a big role too:

Realtek RTL9210 NVMe/USB 3.1 Controller firmware Version 1.23.15 Release Notes: 10), Improve opal compatibility. https://station-drivers.com/index.php?option=com_remository&Itemid=353&func=fileinfo&id=4749&lang=en

Other relevant threads: https://www.station-drivers.com/index.php?option=com_kunena&view=topic&catid=7&id=427&Itemid=858&lang=en https://forums.anandtech.com/threads/stable-nvme-usb-adapter.2572973/page-26?view=date

[Sed-Research]

@Incog5 Great find!

I took the Riitop M2BMTU3 which was not supporting opal and upgraded to the v1.23.15.111620 firmware without even editing the cfg file and indeed not only is opal functionality now present but the windows hardware id switched to "USB\VID_0BDA&PID_9210&REV_2001" which is the same as all the other adapters that have functioning opal.

I was able to disable power standby mode and to force the SSD drive name to appear natively in the operating system by editing the cfg file according to the threads you shared.

I will probably test some more of the other adapters in due time, but for now I can assume that pretty much any of the RTL9210b adapters can be FW upgraded in this way and so they should all be capable of supporting opal.

Cheers

[Sed-Research]

I did indeed test upgrading the many other RTL9210b adapters I purchased and they all seemingly work with Opal NVME ssds now!

I also see there is a pull request out there that enables nvme over usb using the JMS583 chipset adapters JMS583 fix pull request (https://github.com/Drive-Trust-Alliance/sedutil/pull/315)

I will also follow up by saying I have concluded that enabling s3 support is a huge security risk, it opens up serious attack vectors some of which are demonstrated here:

https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf

Further information on sleep support for those who are interested here (https://github.com/Drive-Trust-Alliance/sedutil/issues/90) here (https://github.com/lukefor/sedutil/issues/1) here (https://github.com/dex6/sed-opal-unlocker) and here (https://aur.archlinux.org/packages/sedutil-sleep-git/)

And a small note regarding compatibility which might save someone a lot of headache: Different forks of sedutil have different SHA512 password hashing implementations such that based on my testing oom-is and chubbyant forks were not cross compatible with ladar's forks - unless you are feeding the password directly to the drive without hashing it using -n switch.

[Sed-Research]

One more small tip that might save someone a lot of time... during my tests and attempts to do things that aren't supposed to be done (like loading a pba larger than 128mb onto a samsung SATA m.2 ssd) i seemingly bricked my drive. It simply would not be recognized by the OS and kept blinking. By switching it to another external usb enclosure (whether that be a different brand or chipset or bus such as pci-e or thunderbolt) I was successfully able to reset the device and get it working normally in the original enclosure. Ironically the enclosure that allowed me to reset the device to factory (the Eluteng RTL9210B) did not allow me to upload a pba image. Point being there are still nuances and bugs when it comes to all the different revisions, implementations, hardware and adapters out there so having more than one option will probably end up being a life saver.

[flowswitch]

I can confirm that RTL9210 (without "b") based Orico enclosure from AliExpress also works fine with sedutil after flashing the v1.23.15.111620 mentioned above. Actually, that fw looks like targeting the A chip version (I've tried flashing an UTNVME_B_v1.25.7.032421 bin and the tool ignored it - because of "B" in the name?). Edit: the latest v1.29.8.122921 works fine too.

[maenpaa24]

Regarding the fact that some enclosures allowed @Sed-Research to recover the bricked ssd, while others did not, I would like to share my experience, which I belive may fit with that behavior. I have been experimenting with different firmwares on Sabrent EC-SNVE with nvme drives. The results are:

• 1.23.15 and 1.25.7 they can operate normally with the opal drive but can not upload a pba image.
• 1.29.8 and 1.29.12 can upload a pba image but can not see the drive when locked.

All tests where done in linux. In windows, the issue with 1.29.12 and locked drives does not exist. In all cases I tried with sedutil versions 1.15.1 and 1.20.0. The pbas where also the official ones corresponding to those releases of sedutil.

[gitraphha]

Hello everybody,

this thread was very helpful for me to get my Sabrent EC-SNVE with a Samsung 990Pro up and running for TCG Opal, thank you.

The final missing bit was a firmware update (that I could do via Win10 running in a virtual machine (qemu/virt-manager) running on (K)ubuntu 23.04) to version 1.30.28, which in turn is not on the official Sabrent download page, but can be found in this thread: https://sabrent.com/community/xenforum/topic/88643/ec-snve-fimrware-update-required

"This update includes fixes for compatibility in certain scenarios, including use with the Samsung 980 Pro" https://www.dropbox.com/s/n58ghhj7j238fhy/UTHSB_MPtool_for%20Sabrent_8307_v1.30.28.rar?dl=0

[gitraphha]

Hello everybody,

this thread was very helpful for me to get my Sabrent EC-SNVE with a Samsung 990Pro up and running for TCG Opal, thank you.

The final missing bit was a firmware update (that I could do via Win10 running in a virtual machine (qemu/virt-manager) running on (K)ubuntu 23.04) to version 1.30.28, which in turn is not on the official Sabrent download page, but can be found in this thread: https://sabrent.com/community/xenforum/topic/88643/ec-snve-fimrware-update-required

"This update includes fixes for compatibility in certain scenarios, including use with the Samsung 980 Pro" https://www.dropbox.com/s/n58ghhj7j238fhy/UTHSB_MPtool_for%20Sabrent_8307_v1.30.28.rar?dl=0

From https://github.com/Drive-Trust-Alliance/sedutil/issues/115#issuecomment-1252657963

can upload a pba image but can not see the drive when locked.

is still true. I can however sedutil-cli --query /dev/sg0 (but not /dev/sda), and also execute other sedutil-cli commands