search

ladar / sedutil

Use sedutil for setting up and using self encrypting drives (SEDs) that comply with the TCG OPAL 2.00 standard. This includes the requisite pre-boot authentication image.
https://trustedcomputinggroup.org/work-groups/storage/
74 stars 23 forks source link

Implement chainloading. #28

Open ladar opened 2 years ago

ladar commented 2 years ago

It would be really nice if the PBA could supported chainloading, and least for Linux systems. I've looked into making this work, but don't know how to easy/good/reliable way implement this which doesn't require a specific boot loader, and/or drive layout, and/or Linux distro. If anyone has the anser, please speak up, or better yet submit a pull request!

This link might be helpful as a starting point, but like other guides I've found, it doesn;t appear to provide a generic solution:

https://wiki.archlinux.org/title/Syslinux#Chainloading

jimkoen commented 9 months ago

@ladar Chainloading to what regard? It's been a while since I used sedutil, but your gripe is mainly that the system has to reboot in order to boot from unlocked drives? And you'd like to get something similar to PXE chainloading working?

I might find the time myself, but to anyone reading this, I'd look into how iPXE handles this.

Blacklands commented 9 months ago

@jimkoen The rebooting is somewhat annoying, and then some systems (mostly laptops?) also have issues with this setup because for some reason they power-cycle connected drives on each reboot, so you can't use SED drives for booting on those systems at all right now.