Hi all, it's great to see the people previously forking now contributing to this important project.
I've gone through the wiki process to encrypt a Kingston M.2 NVMe SSD. At first it wouldn't allow me to take control using sedutil-cli --initialsetup , but after doing a PSID revert I was able to go through the process using the rescue image.
The problem I now have is that the opal drive is not seen by the UEFI/BIOS at all. I can quite happily boot using the rescue disk.
Doing that and running fdisk -l produces the following:
Found valid GPT with protective MBR; using GPT
Disk /dev/nvme0n1: 1953525168 sectors, 3597M
Logical sector size: 512
Disk identifier (GUID): 873c2ada-2e46-4ad8-ba51-2b54c9d34470
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 65502
Number Start (sector) End (sector) Size Name
1 2048 65502 30.9M EFI system partition
Running sedutil-cli --query /dev/nvme0 yields:
/dev/nvme0 NVMe KINGSTON SKC2500M81000G S7780101 50026B7684D34C15
TPer function (0x0001)
ACKNAK = N, ASYNC = N. BufferManagement = N, comIDManagement = N, Streaming = Y, SYNC = Y
Locking function (0x0002)
Locked = Y, LockingEnabled = Y, LockingSupported = Y, MBRDone = N, MBREnabled = Y, MediaEncrypt = Y
Geometry function (0x0003)
Align = Y, Alignment Granularity = 1 (512), Logical Block size = 512, Lowest Aligned LBA = 0
SingleUser function (0x0201)
ALL = N, ANY = N, Policy = Y, Locking Objects = 9
DataStore function (0x0202)
Max Tables = 10, Max Size Tables = 10485760, Table size alignment = 1
OPAL 2.0 function (0x0203)
Base comID = 0x0888, Initial PIN = 0x00, Reverted PIN = 0x00, comIDs = 1
Locking Admins = 4, Locking Users = 9, Range Crossing = N
**** 1 **** Unknown function codes IGNORED
TPer Properties:
MaxComPacketSize = 32256 MaxResponseComPacketSize = 32256
MaxPacketSize = 32236 MaxIndTokenSize = 32200 MaxPackets = 1
MaxSubpackets = 1 MaxMethods = 1 MaxSessions = 1
MaxAuthentications = 14 MaxTransactionLimit = 1 DefSessionTimeout = 600000
MaxSessionTimeout = 0 MinSessionTimeout = 5000
Host Properties:
MaxComPacketSize = 2048 MaxPacketSize = 2028 MaxIndTokenSize = 1992
MaxPackets = 1 MaxSubpackets = 1 MaxMethods = 1
I noticed that, although I completed the setMBRdone step, it's still not set on the opal drive.
However, setting it again produces a confirming message, but on reboot it stays unset.
The PC is an ASUS UX410U laptop (recycled from my daughter). CSM is set.
I can successfully run linuxpba from the rescue disk, It unlocks the opal drive, then boots into the installed linux.
Am I missing something, or is this drive simply unable to work with sedutil?
Hi all, it's great to see the people previously forking now contributing to this important project. I've gone through the wiki process to encrypt a Kingston M.2 NVMe SSD. At first it wouldn't allow me to take control using sedutil-cli --initialsetup , but after doing a PSID revert I was able to go through the process using the rescue image. The problem I now have is that the opal drive is not seen by the UEFI/BIOS at all. I can quite happily boot using the rescue disk. Doing that and running fdisk -l produces the following:
Running sedutil-cli --query /dev/nvme0 yields:
I noticed that, although I completed the setMBRdone step, it's still not set on the opal drive. However, setting it again produces a confirming message, but on reboot it stays unset.
The PC is an ASUS UX410U laptop (recycled from my daughter). CSM is set. I can successfully run linuxpba from the rescue disk, It unlocks the opal drive, then boots into the installed linux. Am I missing something, or is this drive simply unable to work with sedutil?