ChubbyAnt
commented
4 years ago Have you seen the SEDutil fork which enables Pyrite and Opalite? Here:
Open oom-is opened 4 years ago
ChubbyAnt
commented
4 years ago Have you seen the SEDutil fork which enables Pyrite and Opalite? Here:
oom-is
commented
4 years ago I wasn't aware of that specifically within @amotin's codebase, and thanks.
I already had FreeBSD support on my list to pull into my fork at some point, but right now I'm not planning to add anything I can't fully test...which is most of why I just went shopping for inexpensive used TCG-E drives. (I also wanted to better understand user initialization e.g. BandMaster on Enterprise drives, which ideally would help with full multiuser support for Opal 2.0 drives.)
ChubbyAnt
commented
4 years ago @oom-is make sure you see this PR: https://github.com/amotin/sedutil/pull/1/commits/4ff51c26e50378de0da126dee24f1f68d8b3116e
Artoria2e5
commented
1 year ago @youk: the scheme and interfaces used in TCG Enterprise drives are basically the same as those utilized by sedutil.
It makes sense because these things are a subset of Opal. However, the identification is different, so at least the --scan bit needs to know to recognize them. That's what https://github.com/amotin/sedutil/commit/e8a35ab08cd25b0a17f29402febae78bfad72b18 does.
I guess I will compile the fork some time later, when I really want ot get my secondhand Exos X18 working......
This isn't an issue per se for SEDutil but more of a buyer beware for anyone buying SSDs and thinking that they're getting full TCG Opal SSC 2.0 functions. Posting it here in the hopes that someone sees it before they buy. I almost picked up one of these drives until I read the fine print.
Short version: Seagate Barracuda 510 (lower capacity) and Firecuda 510 (higher capacity drives) only implement TCG Pyrite according to their documentation. That appears to be true both for SATA and NVMe drives - so yes, they have a PSID on the label, and they support a "secure erase" function, but that's basically all the buyer gets for sure. Might not have pre-boot authorization (PBA) and probably doesn't actually encrypt data.
==> There's a reason why when vendors wanted a minimal subset of Opal (a semi-precious stone) the minimal subset profile got named after Fool's Gold. Caveat emptor.
I've spent a lot of time working with Seagate 2.5" SATA products that had not only full TCG Opal 2.0 functionality but also FIPS 140-2 certification. These product lines have been around for awhile, and from what I can tell were still available in newer models because Bob Thibadeau A/K/A @dtasupport had ensured that the functions were part of the product line over a decade ago back when he was Chief Technologist at Seagate. Which drives supported TCG Opal 2 varied by product number, but each newer version of the product line at least had some SKUs that supported "real" TCG Opal 2.
Fast forward to current time, and Seagate acquired the controller and NAND memory components from third party sources instead of developing their own, and they no longer support full TCG Opal...or even Opalite. #sadness