Closed asfernandes closed 7 months ago
At least, setting a BIOS password, it's required to boot using the usb.
Yes, an OPAL drive only locks automatically when it loses power (e.g. by being power-cycled). That's independent of the OS or anything else. I don't think this can be changed (but not sure, the spec is very long, you might want to check it).
You can of course manually relock the drive at any time, too, by just locking the respective locking range (the global range, 0, if you haven't set up any locking ranges manually).
setLockingRange <0-15> lk <password> <device>
I set up encryption for a Samsung 990 pro in an Asus TUF gaming B650M-plus.
The PBA ia working but I think this behavior is very insecure.
After initial boot, I unlock the driver in the PBA and log in the main OS. Suppose I block the OS and the machine is taken blocked. With software encryption (luks) the machine is secure.
But with hardware encryption It's a matter of put a usb stick with another OS with default password and reset the machine and the SSD is still unlocked.
I tested this with a installed Windows/Ubuntu and an Ubuntu USB stick.
Is it normal behavior or something is wrong in my side?