search

Drive-Trust-Alliance / sedutil

DTA sedutil Self encrypting drive software
609 stars 235 forks source link

Unable to setup an Intel Pro 7600p M.2 NVME SSD #222

Open ghost opened 6 years ago

ghost commented 6 years ago
r0m30 commented 6 years ago

This looks a lot like what I get from an almost working USB to SATA bridge cable. It could also be a device support issue with the NVMe hardware on your NUC. Are you running the scan and query from the rescue system or your real OS?

ghost commented 6 years ago

Are you running the scan and query from the rescue system or your real OS?

I tried both ways: -> using the RESCUE32 (doesn't boot in UEFI mode) and RESCUE64 image version 1.15.1 on a USB drive to boot the rescue system and try to setup the PBA -> using the sedutil_LINUX.tgz running on Clear Linux

I got the error messages everytime.

ksarma commented 6 years ago

FWIW I'm getting the same problems on the same drive. My machine is not a NUC, and I'm not using a PBA since I'm not trying to encrypt my boot/OS drive. For example:

$ sudo ./sedutil-cli --initialsetup <password_redacted> /dev/nvme0n1
One or more header fields have 0 length
Properties exchange failed
One or more header fields have 0 length
Session start failed rc = 136
Unable to start Unauthenticated session /dev/nvme0n1
One or more header fields have 0 length
EndSession Failed
Unable to read MSID password 
Initial setup failed - unable to take ownership
r0m30 commented 6 years ago

@ksarma Yes, that helps, it points to a quirk in the drive. Can you try a query and see if that works?

136 is a generic error code so it's not much help,

I need more info, can I get a trace (-vvvv) .

ksarma commented 6 years ago

@AlphasCodes would you be able to run the trace? I'm away for two weeks and my machine seems to have dropped off the network... sigh...

If not I put a reminder in to do it when I get back

ghost commented 6 years ago

I decided to sell my Intel Pro 7600p SSD so i will no longer able to help.

ksarma commented 6 years ago

@r0m30 Here's the trace:

$ sudo ./sedutil-cli -vvvv --initialsetup temppass /dev/nvme0n1 [sudo] password for ksarma: 0000 000000b0 00000001 00000000 00000000 ................ 0010 00000000 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000000 00000000 ................ 0030 0001100c 11000000 00000000 00000000 ................ 0040 0002100c 09000000 00000000 00000000 ................ 0050 0003101c 01000000 00000000 00000200 ................ 0060 00000000 00000008 00000000 00000000 ................ 0070 0201100c 00000009 04000000 00000000 ................ 0080 0202100c 0000000a 00a00000 00001000 ................ 0090 02031010 08000001 00000400 09000000 ................ 00a0 00000000 0402100c 00000000 00000000 ................ 0000 000000b0 00000001 00000000 00000000 ................ 0010 00000000 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000000 00000000 ................ 0030 0001100c 11000000 00000000 00000000 ................ 0040 0002100c 09000000 00000000 00000000 ................ 0050 0003101c 01000000 00000000 00000200 ................ 0060 00000000 00000008 00000000 00000000 ................ 0070 0201100c 00000009 04000000 00000000 ................ 0080 0202100c 0000000a 00a00000 00001000 ................ 0090 02031010 08000001 00000400 09000000 ................ 00a0 00000000 0402100c 00000000 00000000 ................ 0000 00000000 08000000 00000000 00000000 ................ 0010 000000b0 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000098 00000000 ................ 0030 00000000 0000008c f8a80000 00000000 ................ 0040 00ffa800 00000000 00ff01f0 f200f0f2 ................ 0050 d0104d61 78436f6d 5061636b 65745369 ..MaxComPacketSi 0060 7a658208 00f3f2ad 4d617850 61636b65 ze......MaxPacke 0070 7453697a 658207ec f3f2af4d 6178496e tSize......MaxIn 0080 64546f6b 656e5369 7a658207 c8f3f2aa dTokenSize...... 0090 4d617850 61636b65 747301f3 f2ad4d61 MaxPackets....Ma 00a0 78537562 7061636b 65747301 f3f2aa4d xSubpackets....M 00b0 61784d65 74686f64 7301f3f1 f3f1f9f0 axMethods....... 00c0 000000f1 .... 0000 00000000 00000000 00000000 00000000 ................ 0010 00000000 .... One or more header fields have 0 length Properties exchange failed 0000 00000000 08000000 00000000 00000000 ................ 0010 0000004c 00000000 00000000 00000000 ...L............ 0020 00000000 00000000 00000034 00000000 ...........4.... 0030 00000000 00000027 f8a80000 00000000 .......'........ 0040 00ffa800 00000000 00ff02f0 8169a800 .............i.. 0050 00020500 00000101 f1f9f000 0000f100 ................ 0000 00000000 00000000 00000000 00000000 ................ 0010 00000000 .... One or more header fields have 0 length Session start failed rc = 136 Unable to start Unauthenticated session /dev/nvme0n1 0000 00000000 08000000 00000000 00000000 ................ 0010 00000028 00000000 00000000 00000000 ...(............ 0020 00000000 00000000 00000010 00000000 ................ 0030 00000000 00000001 fa000000 ............ 0000 00000000 08000000 00000000 00000000 ................ 0010 00000000 .... One or more header fields have 0 length EndSession Failed Unable to read MSID password Initial setup failed - unable to take ownership

r0m30 commented 6 years ago

Well that didn't help much (at all) :( There is a lot of missing info here, can you try adding -l (that's a lowercase L) to the command?

ksarma commented 6 years ago

Yes, here is the output (attached) from the following command sudo ./sedutil-cli -l -vvvv --initialsetup temppass /dev/nvme0n1

20180627-sedutil-log.txt

ksarma commented 6 years ago

Oops, I just realized the output is identical except for the timestamps

ShuaiTony commented 5 years ago

Hi, Here's the problem,when i use sedutil on Windows 10 (sedutil-cli --scan),the result is NO image

but,samsung 970 EVO support TCG OPAL,so,i don't know why? so i hope you can help me, thank you.

bear-SED commented 4 years ago

Was this ever solved? I getting the same error. I have tried multiple systems and OS's and can't get this to work.

image

baldpenguin commented 4 years ago

Was this ever solved? I getting the same error. I have tried multiple systems and OS's and can't get this to work.

Same problem here, "sudo sedutil-cli --scan" gives: /dev/sdb E Micron_5210_MTFDDAK7T6QDE (using sedutil v1.15.1). Did you make any progress? Should I be using "--yesIreallywanttoERASEALLmydatausingthePSID", although my disk is brand new and unused?

bear-SED commented 4 years ago

no progress here. I was able to use Instant Secure Erase (sanitize cryptographic scramble) command in hdparm

icetan commented 4 years ago

I just bought a ThinkPad X1 Carbon with an Intel SSD 7600p which turns up as follows when running sedutil-cli --scan

/dev/nvme0  2   INTEL SSDPEKKF010T8L    L12P
...

After running --initialsetup debug /dev/nvme0 I can no longer access the SSD, it won't boot from it and I can't fdisk it and all sedutil-cli commands return the following:

One or more header fields have 0 length
Properties exchange failed
One or more header fields have 0 length
Session start failed rc = 136
One or more header fields have 0 length
EndSession Failed

Is the SSD bricked? Not even reseting with PSID works :(

maenpaa24 commented 4 years ago

The same happened to me with a Kingston kc2000 and not only with sedutil but also with other opal management software. I had to return it because it was completely bricked. It looks like a firmware bug to me...

Did you find a solution?

icetan commented 4 years ago

@maenpaa24 unfortunately not :(

I contacted Lenovo support and they just sent me a new SSD. They didn't explain how to activate self-encryption even though it (OPAL) is marketed as one of the extra features for the more expensive SSD option of the ThinkPad.

So still not sure what caused this or how to fix it. I still have the bricked drive and might spend some more time trying to fix it.

maenpaa24 commented 4 years ago

I would like to know if you made any progress.

Just to be completely sure, you haven't tried to set up opal encryption on the replaced unit, have you?

Tronic commented 4 years ago

I just had two kc2000s brick identically. First boot after sedutil setup, pba goes ok, then reboot into macos, all good. But the first time I closed lid for sleep, the macbook couldn't recover (kind of expected as it doesn't boot into pba on wakeup). But then even after hard reset the drive no longer shows up at all, even on a PC.

maenpaa24 commented 4 years ago

Hi @Tronic, note that I could not load the pba image a single time, it just got bricked after the initial setup. Other than that, never expect that your pc recovers from sleep when opal is set up with sedutil because it does not support S3, at least officially. There are some forks that support it, but none of them support mac os afaik.

Does it work after a hard reboot?

Tronic commented 4 years ago

@maenpaa24 Thanks for the quick reply. I've just tested the second failed KC2000 2 TB drive on a separate PC:

I've reported this to Kingston, let's see if they respond something.

EDIT:

Kingston says that the drives have failed so that firmware flashing is no longer possible and tells me to RMA them for replacement with KC2500 model. They did not specify if this problem has been fixed with the new model but since suspend cannot work with MacOS anyway, I won't be trying any encryption for now.

Demetrio92 commented 1 year ago

Initial setup failed - unable to take ownership

fixed as explained here: https://github.com/ChubbyAnt/sedutil/issues/40#issuecomment-1096314029

kuro68k commented 10 months ago

I have the same issue with the same drive. PSIDrevert did not fix it, I got the same error (one or more header...)

It appears to have bricked the drive. It is visible to the UEFI and Windows installer, but seems to be read-only.

Just a warning to anyone with the same drive, it does appear that you can get it into a state where it is bricked with sedutil. This is on the last firmware that Intel released and there won't be any updates as they abandoned their SSD products.