dtasupport
commented
3 years ago I don’t see it from your log, but not authorized means the PSID is wrong.
On Mon, Nov 23, 2020 at 07:36 'Jason Mann' via Drive Trust Alliance - Support dtasupport@ka.je wrote:
Hi. I discovered that the Crucial MX500 in my Linux laptop was a Self Encrypting Drive a few days ago, and following the information at https://github.com/Drive-Trust-Alliance/sedutil/wiki/Encrypting-your-drive, I was able to successfully secure my drive with its existing contents intact and with the laptop booting into the PBA after power-on. I'm continuing to tinker with it to try and become more familiar with Opal 2.0 - there doesn't seem to be any good documentation of all the concepts available anywhere and the TCG specification is pretty indecipherable. I've attempted to perform a PSID revert to reset the drive back to its factory state (accepting the data loss), but it's not working. Here's a log of my RESCUE session:
sedutil-cli --scan
Scanning for Opal compliant disks /dev/sda 2 CT500MX500SSD1 M3CR023 /dev/sdb No No more disks present ending scan
sedutil-cli --query /dev/sda
/dev/sda ATA CT500MX500SSD1 M3CR023 2002260160F2 TPer function (0x0001) ACKNAK = N, ASYNC = N. BufferManagement = N, comIDManagement = N, Streaming = Y, SYNC = Y Locking function (0x0002) Locked = N, LockingEnabled = Y, LockingSupported = Y, MBRDone = N, MBREnabled = N, MediaEncrypt = Y Geometry function (0x0003) Align = Y, Alignment Granularity = 1 (512), Logical Block size = 512, Lowest Aligned LBA = 0 SingleUser function (0x0201) ALL = Y, ANY = Y, Policy = N, Locking Objects = 9 DataStore function (0x0202) Max Tables = 10, Max Size Tables = 10485760, Table size alignment = 1 OPAL 2.0 function (0x0203) Base comID = 0x0888, Initial PIN = 0x0\00, Reverted PIN = 0x0\00, comIDs = 1 Locking Admins = 4, Locking Users = 9, Range Crossing = N 1 Unknown function codes IGNORED
TPer Properties: MaxComPacketSize = 32256 MaxResponseComPacketSize = 32256 MaxPacketSize = 32236 MaxIndTokenSize = 32200 MaxPackets = 1 MaxSubpackets = 1 MaxMethods = 1 MaxSessions = 1 MaxAuthentications = 14 MaxTransactionLimit = 1 DefSessionTimeout = 300000 MaxSessionTimeout = 0 MinSessionTimeout = 5000 Host Properties:
MaxComPacketSize = 2048 MaxPacketSize = 2028 MaxIndTokenSize = 1992 MaxPackets = 1 MaxSubpackets = 1 MaxMethods = 1
sedutil-cli -vvvvv --yesIreallywanttoERASEALLmydatausingthePSID 00215A9C0AA61EDA8F92DE7A9E30D969 /dev/sda
0000 000000b0 00000001 00000000 00000000 ................ 0010 00000000 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000000 00000000 ................ 0030 0001100c 11000000 00000000 00000000 ................ 0040 0002100c 0b000000 00000000 00000000 ................ 0050 0003101c 01000000 00000000 00000200 ................ 0060 00000000 00000001 00000000 00000000 ................ 0070 0201100c 00000009 03000000 00000000 ................ 0080 0202100c 0000000a 00a00000 00000001 ................ 0090 02031010 08880001 00000400 09000000 ................ 00a0 00000000 0402100c 01000000 00000000 ................ 0000 000000b0 00000001 00000000 00000000 ................ 0010 00000000 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000000 00000000 ................ 0030 0001100c 11000000 00000000 00000000 ................ 0040 0002100c 0b000000 00000000 00000000 ................ 0050 0003101c 01000000 00000000 00000200 ................ 0060 00000000 00000001 00000000 00000000 ................ 0070 0201100c 00000009 03000000 00000000 ................ 0080 0202100c 0000000a 00a00000 00000001 ................ 0090 02031010 08880001 00000400 09000000 ................ 00a0 00000000 0402100c 01000000 00000000 ................ 0000 00000000 08880000 00000000 00000000 ................ 0010 000000b0 00000000 00000000 00000000 ................ 0020 00000000 00000000 00000098 00000000 ................ 0030 00000000 0000008c f8a80000 00000000 ................ 0040 00ffa800 00000000 00ff01f0 f200f0f2 ................ 0050 d0104d61 78436f6d 5061636b 65745369 ..MaxComPacketSi 0060 7a658208 00f3f2ad 4d617850 61636b65 ze......MaxPacke 0070 7453697a 658207ec f3f2af4d 6178496e tSize......MaxIn 0080 64546f6b 656e5369 7a658207 c8f3f2aa dTokenSize...... 0090 4d617850 61636b65 747301f3 f2ad4d61 MaxPackets....Ma 00a0 78537562 7061636b 65747301 f3f2aa4d xSubpackets....M 00b0 61784d65 74686f64 7301f3f1 f3f1f9f0 axMethods....... 00c0 000000f1 .... 0000 00000000 08880000 00000000 00000000 ................ 0010 000001fc 00000000 00000000 00000000 ................ 0020 00000000 00000000 000001e4 00000000 ................ 0030 00000000 000001d7 f8a80000 00000000 ................ 0040 00ffa800 00000000 00ff01f0 f0f2d010 ................ 0050 4d617843 6f6d5061 636b6574 53697a65 MaxComPacketSize 0060 8400007e 00f3f2d0 184d6178 52657370 ...~.....MaxResp 0070 6f6e7365 436f6d50 61636b65 7453697a onseComPacketSiz 0080 65840000 7e00f3f2 ad4d6178 5061636b e...~....MaxPack 0090 65745369 7a658400 007decf3 f2af4d61 etSize...}....Ma 00a0 78496e64 546f6b65 6e53697a 65840000 xIndTokenSize... 00b0 7dc8f3f2 aa4d6178 5061636b 65747384 }....MaxPackets. 00c0 00000001 f3f2ad4d 61785375 62706163 .......MaxSubpac 00d0 6b657473 84000000 01f3f2aa 4d61784d kets........MaxM 00e0 6574686f 64738400 000001f3 f2ab4d61 ethods........Ma 00f0 78536573 73696f6e 73840000 0001f3f2 xSessions....... 0100 d0124d61 78417574 68656e74 69636174 ..MaxAuthenticat 0110 696f6e73 84000000 0ef3f2d0 134d6178 ions.........Max 0120 5472616e 73616374 696f6e4c 696d6974 TransactionLimit 0130 84000000 01f3f2d0 11446566 53657373 .........DefSess 0140 696f6e54 696d656f 75748400 0493e0f3 ionTimeout...... 0150 f2d0114d 61785365 7373696f 6e54696d ...MaxSessionTim 0160 656f7574 84000000 00f3f2d0 114d696e eout.........Min 0170 53657373 696f6e54 696d656f 75748400 SessionTimeout.. 0180 001388f3 f1f200f0 f2d0104d 6178436f ...........MaxCo 0190 6d506163 6b657453 697a6584 00000800 mPacketSize..... 01a0 f3f2ad4d 61785061 636b6574 53697a65 ...MaxPacketSize 01b0 84000007 ecf3f2af 4d617849 6e64546f ........MaxIndTo 01c0 6b656e53 697a6584 000007c8 f3f2aa4d kenSize........M 01d0 61785061 636b6574 73840000 0001f3f2 axPackets....... 01e0 ad4d6178 53756270 61636b65 74738400 .MaxSubpackets.. 01f0 000001f3 f2aa4d61 784d6574 686f6473 ......MaxMethods 0200 84000000 01f3f1f3 f1f9f000 0000f100 ................ 0000 00000000 08880000 00000000 00000000 ................ 0010 0000007c 00000000 00000000 00000000 ...|............ 0020 00000000 00000000 00000064 00000000 ...........d.... 0030 00000000 00000058 f8a80000 00000000 .......X........ 0040 00ffa800 00000000 00ff02f0 8169a800 .............i.. 0050 00020500 00000101 f200d020 30303231 ........... 0021 0060 35413943 30414136 31454441 38463932 5A9C0AA61EDA8F92 0070 44453741 39453330 44393639 f3f203a8 DE7A9E30D969.... 0080 00000009 0001ff01 f3f1f9f0 000000f1 ................ 0000 00000000 08880000 00000000 00000000 ................ 0010 0000004c 00000000 00000000 00000000 ...L............ 0020 00000000 00000000 00000034 00000000 ...........4.... 0030 00000000 00000025 f8a80000 00000000 .......%........ 0040 00ffa800 00000000 00ff03f0 84000000 ................ 0050 69840000 1000f1f9 f0010000 f1000000 i............... method status code NOT_AUTHORIZED Session start failed rc = 1 0000 00000000 08880000 00000000 00000000 ................ 0010 00000028 00000000 00000000 00000000 ...(............ 0020 00000000 00000000 00000010 00000000 ................ 0030 00000000 00000001 fa000000 ............ 0000 00000000 08880000 00000000 00000000 ................ 0010 00000000 .... One or more header fields have 0 length EndSession Failed
[image: mx500label] https://user-images.githubusercontent.com/14942234/99981650-8e944b80-2da1-11eb-96b4-940dafdcaa83.jpg
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Drive-Trust-Alliance/sedutil/issues/340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD52TFHMKND23DJEBIFS3F3SRJ6RRANCNFSM4T7USTQA .
--
Mike
jasonemann
r0m30
justinkb
Hi. I discovered that the Crucial MX500 in my Linux laptop was a Self Encrypting Drive a few days ago, and following the information at https://github.com/Drive-Trust-Alliance/sedutil/wiki/Encrypting-your-drive, I was able to successfully secure my drive with its existing contents intact and with the laptop booting into the PBA after power-on.
I'm continuing to tinker with it to try and become more familiar with Opal 2.0 - there doesn't seem to be any good documentation of all the concepts available anywhere and the TCG specification is pretty indecipherable.
I've attempted to perform a PSID revert to reset the drive back to its factory state (accepting the data loss), but it's not working. Here's a log of my RESCUE session:
What's wrong here? The NOT_AUTHORIZED status code suggests I've provided the wrong PSID, but that's not the case.
The drive is currently usable but I seem to have lost the ability to manage its self-encryption functionality. Attempting to go through the process of setting it all up from scratch again just returns NOT_AUTHORIZED for every command.
Thanks in advance. JM