Open ghost opened 6 years ago
This looks a lot like what I get from an almost working USB to SATA bridge cable. It could also be a device support issue with the NVMe hardware on your NUC. Are you running the scan and query from the rescue system or your real OS?
Are you running the scan and query from the rescue system or your real OS?
I tried both ways: -> using the RESCUE32 (doesn't boot in UEFI mode) and RESCUE64 image version 1.15.1 on a USB drive to boot the rescue system and try to setup the PBA -> using the sedutil_LINUX.tgz running on Clear Linux
I got the error messages everytime.
FWIW I'm getting the same problems on the same drive. My machine is not a NUC, and I'm not using a PBA since I'm not trying to encrypt my boot/OS drive. For example:
$ sudo ./sedutil-cli --initialsetup <password_redacted> /dev/nvme0n1
One or more header fields have 0 length
Properties exchange failed
One or more header fields have 0 length
Session start failed rc = 136
Unable to start Unauthenticated session /dev/nvme0n1
One or more header fields have 0 length
EndSession Failed
Unable to read MSID password
Initial setup failed - unable to take ownership
@ksarma Yes, that helps, it points to a quirk in the drive. Can you try a query and see if that works?
136 is a generic error code so it's not much help,
I need more info, can I get a trace (-vvvv) .
@AlphasCodes would you be able to run the trace? I'm away for two weeks and my machine seems to have dropped off the network... sigh...
If not I put a reminder in to do it when I get back
I decided to sell my Intel Pro 7600p SSD so i will no longer able to help.
@r0m30 Here's the trace:
$ sudo ./sedutil-cli -vvvv --initialsetup temppass /dev/nvme0n1 [sudo] password for ksarma: 0000 000000b0 00000001 00000000 00000000 ................ 0010 00000000 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000000 00000000 ................ 0030 0001100c 11000000 00000000 00000000 ................ 0040 0002100c 09000000 00000000 00000000 ................ 0050 0003101c 01000000 00000000 00000200 ................ 0060 00000000 00000008 00000000 00000000 ................ 0070 0201100c 00000009 04000000 00000000 ................ 0080 0202100c 0000000a 00a00000 00001000 ................ 0090 02031010 08000001 00000400 09000000 ................ 00a0 00000000 0402100c 00000000 00000000 ................ 0000 000000b0 00000001 00000000 00000000 ................ 0010 00000000 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000000 00000000 ................ 0030 0001100c 11000000 00000000 00000000 ................ 0040 0002100c 09000000 00000000 00000000 ................ 0050 0003101c 01000000 00000000 00000200 ................ 0060 00000000 00000008 00000000 00000000 ................ 0070 0201100c 00000009 04000000 00000000 ................ 0080 0202100c 0000000a 00a00000 00001000 ................ 0090 02031010 08000001 00000400 09000000 ................ 00a0 00000000 0402100c 00000000 00000000 ................ 0000 00000000 08000000 00000000 00000000 ................ 0010 000000b0 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000098 00000000 ................ 0030 00000000 0000008c f8a80000 00000000 ................ 0040 00ffa800 00000000 00ff01f0 f200f0f2 ................ 0050 d0104d61 78436f6d 5061636b 65745369 ..MaxComPacketSi 0060 7a658208 00f3f2ad 4d617850 61636b65 ze......MaxPacke 0070 7453697a 658207ec f3f2af4d 6178496e tSize......MaxIn 0080 64546f6b 656e5369 7a658207 c8f3f2aa dTokenSize...... 0090 4d617850 61636b65 747301f3 f2ad4d61 MaxPackets....Ma 00a0 78537562 7061636b 65747301 f3f2aa4d xSubpackets....M 00b0 61784d65 74686f64 7301f3f1 f3f1f9f0 axMethods....... 00c0 000000f1 .... 0000 00000000 00000000 00000000 00000000 ................ 0010 00000000 .... One or more header fields have 0 length Properties exchange failed 0000 00000000 08000000 00000000 00000000 ................ 0010 0000004c 00000000 00000000 00000000 ...L............ 0020 00000000 00000000 00000034 00000000 ...........4.... 0030 00000000 00000027 f8a80000 00000000 .......'........ 0040 00ffa800 00000000 00ff02f0 8169a800 .............i.. 0050 00020500 00000101 f1f9f000 0000f100 ................ 0000 00000000 00000000 00000000 00000000 ................ 0010 00000000 .... One or more header fields have 0 length Session start failed rc = 136 Unable to start Unauthenticated session /dev/nvme0n1 0000 00000000 08000000 00000000 00000000 ................ 0010 00000028 00000000 00000000 00000000 ...(............ 0020 00000000 00000000 00000010 00000000 ................ 0030 00000000 00000001 fa000000 ............ 0000 00000000 08000000 00000000 00000000 ................ 0010 00000000 .... One or more header fields have 0 length EndSession Failed Unable to read MSID password Initial setup failed - unable to take ownership
Well that didn't help much (at all) :( There is a lot of missing info here, can you try adding -l (that's a lowercase L) to the command?
Yes, here is the output (attached) from the following command
sudo ./sedutil-cli -l -vvvv --initialsetup temppass /dev/nvme0n1
Oops, I just realized the output is identical except for the timestamps
Hi, Here's the problem,when i use sedutil on Windows 10 (sedutil-cli --scan),the result is NO
but,samsung 970 EVO support TCG OPAL,so,i don't know why? so i hope you can help me, thank you.
Was this ever solved? I getting the same error. I have tried multiple systems and OS's and can't get this to work.
Was this ever solved? I getting the same error. I have tried multiple systems and OS's and can't get this to work.
Same problem here, "sudo sedutil-cli --scan" gives:
/dev/sdb E Micron_5210_MTFDDAK7T6QDE
no progress here. I was able to use Instant Secure Erase (sanitize cryptographic scramble) command in hdparm
I just bought a ThinkPad X1 Carbon with an Intel SSD 7600p which turns up as follows when running sedutil-cli --scan
/dev/nvme0 2 INTEL SSDPEKKF010T8L L12P
...
After running --initialsetup debug /dev/nvme0
I can no longer access the SSD, it won't boot from it and I can't fdisk
it and all sedutil-cli
commands return the following:
One or more header fields have 0 length
Properties exchange failed
One or more header fields have 0 length
Session start failed rc = 136
One or more header fields have 0 length
EndSession Failed
Is the SSD bricked? Not even reseting with PSID works :(
The same happened to me with a Kingston kc2000 and not only with sedutil but also with other opal management software. I had to return it because it was completely bricked. It looks like a firmware bug to me...
Did you find a solution?
@maenpaa24 unfortunately not :(
I contacted Lenovo support and they just sent me a new SSD. They didn't explain how to activate self-encryption even though it (OPAL) is marketed as one of the extra features for the more expensive SSD option of the ThinkPad.
So still not sure what caused this or how to fix it. I still have the bricked drive and might spend some more time trying to fix it.
I would like to know if you made any progress.
Just to be completely sure, you haven't tried to set up opal encryption on the replaced unit, have you?
I just had two kc2000s brick identically. First boot after sedutil setup, pba goes ok, then reboot into macos, all good. But the first time I closed lid for sleep, the macbook couldn't recover (kind of expected as it doesn't boot into pba on wakeup). But then even after hard reset the drive no longer shows up at all, even on a PC.
Hi @Tronic, note that I could not load the pba image a single time, it just got bricked after the initial setup. Other than that, never expect that your pc recovers from sleep when opal is set up with sedutil because it does not support S3, at least officially. There are some forks that support it, but none of them support mac os afaik.
Does it work after a hard reboot?
@maenpaa24 Thanks for the quick reply. I've just tested the second failed KC2000 2 TB drive on a separate PC:
Not supported - Identify failed
and not available with reason code 2
.enabling device (0000 -> 0002)
and 60 seconds later Device not ready; aborting initialisation
Removing after probe failure status: -19
after which /dev/nvme0
disappears, so I couldn't get a reading with sedutil.I've reported this to Kingston, let's see if they respond something.
EDIT:
Kingston says that the drives have failed so that firmware flashing is no longer possible and tells me to RMA them for replacement with KC2500 model. They did not specify if this problem has been fixed with the new model but since suspend cannot work with MacOS anyway, I won't be trying any encryption for now.
Initial setup failed - unable to take ownership
fixed as explained here: https://github.com/ChubbyAnt/sedutil/issues/40#issuecomment-1096314029
I have the same issue with the same drive. PSIDrevert did not fix it, I got the same error (one or more header...)
It appears to have bricked the drive. It is visible to the UEFI and Windows installer, but seems to be read-only.
Just a warning to anyone with the same drive, it does appear that you can get it into a state where it is bricked with sedutil. This is on the last firmware that Intel released and there won't be any updates as they abandoned their SSD products.
Intel NUC7i3BNK system with current BIOS 0063
new Intel Pro 7600p 256 GB M.2 NVME SSD that supports TCG OPAL 2.0 according to the Intel support
I did the following steps/troubleshooting: -> UEFI boot enabled and Legacy/CSM boot disabled -> UEFI boot enabled and Legacy/CSM boot enabled -> using the RESCUE32 (doesn't boot in UEFI mode) and RESCUE64 image version 1.15.1 on a USB drive to boot the system and setup the PBA -> using the sedutil_LINUX.tgz running on Clear Linux -> no OS is installed on the SSD / an OS (Clear Linux) is installed on the SSD
"sedutil-cli --scan" ... Scanning for Opal compliant disks /dev/nvme0 2 INTEL SSDPEKKF256G8 001P
/dev/sda No
/dev/sdb No
No more disks present ending scan ...
"sedutil-cli --query /dev/nvme0" ... /dev/nvme0 NVMe INTEL SSDPEKKF256G8 001P BTHH81010EWP256B
TPer function (0x0001) ACKNAK = N, ASYNC = N. BufferManagement = N, comIDManagement = N, Streaming = Y, SYNC = Y Locking function (0x0002) Locked = N, LockingEnabled = N, LockingSupported = Y, MBRDone = N, MBREnabled = N, MediaEncrypt = Y Geometry function (0x0003) Align = Y, Alignment Granularity = 8 (4096), Logical Block size = 512, Lowest Aligned LBA = 0 SingleUser function (0x0201) ALL = N, ANY = N, Policy = Y, Locking Objects = 9 DataStore function (0x0202) Max Tables = 10, Max Size Tables = 10485760, Table size alignment = 4096 OPAL 2.0 function (0x0203) Base comID = 0x0800, Initial PIN = 0x0 ...
"linuxpba" ... DTA LINUX Pre Boot Authorization Please enter pass-phrase to unlock OPAL drives: ***** Scanning.... Drive /dev/nvme0 INTEL SSDPEKKF256G8 is OPAL NOT LOCKED
Drive /dev/sda not OPAL
Drive /dev/sdb not OPAL
...
i get the below error message for all tried commands listed on the Command-Syntax website
e.g. "sedutil-cli --initialsetup debug /dev/nvme0" ... One or more header fields have 0 length Properties exchange failed One or more header fields have 0 length Session start failed rc = 136 Unable to start Unauthenticated session /dev/nvme0 One or more header fields have 0 length EndSession Failed Unable to read MSID password Initial setup failed - unable to take ownership ...