Closed northPierre closed 2 years ago
These may put some light on your doubts: https://github.com/Drive-Trust-Alliance/sedutil/issues/334 https://github.com/Drive-Trust-Alliance/sedutil/issues/90 Regards
I would like to know more about the link betweem SED and TPM
I'm sorry, but I am not an expert neither on Linux nor on SED. As far as I know, the TCG Opal SED does not use TPM, and I am sure of that. I have especially chosen the disk encrypted according to the Opal specification for my laptop, so that - in case of damage to the PC - I, or my employer, could use that disk with another computer. In theory, sedutil-cli could use TPM to hash a password fed to a disk. But I don't know if that is the case. If so, my belief that I could unlock my drive with another computer, would be devastated. It seems, however, based on the information in the discussion for post #90, that sedutil-cli uses an alphanumeric string associated with the given disk instance, not with the computer, to hash the password. Please note that you can also use sedutil-cli with the "-n" option to pass an unhashed password to the disk. I'm sorry, but - I'm afraid - I can't help more. You will have to find out more about TPM bindings with sedutil-cli and/or with Linux, or someone more knowledgeable about the problem will help you. Regards
Thank you for this response JaBoMa, it's help me.
P.S if you know someone who would have more information, I'm realy intersested Regards
There is no link between sedutil and the TPM. The reason allow_TPM needs to be set to 1 is that the kernel only allows TCG commands to be used on ata devices when that flag is set.
Hello, For what kind of operation TPM are used by the SED ? (i did not find in documentation)