On 20-11-2015 17:57, Jayesh Badwaik wrote: > On Friday, November 20, 2015 05:46:18 PM Mauro Santos wrote: >> Not really, BIOS is old and it doesn't know anything about OPAL drives. >> I don't know about UEFI machines but I suspect not many know about >> SEDs/OPAL either. > By BIOS, I meant UEFI, sorry about that. My UEFI is from 2013 (Dell Latitude) > and it knows enough about SEDs. I use SSDs and I use Hardware Based Encryption > with it (Samsung 850 Evo). > >> On the other hand, you don't know what kind of treatment the BIOS would >> do to the password before sending it to the SED, one bios could send it >> plaintext, others could send key scancodes, you don't want to get >> anywhere near that kind of nonsense. This would mean that you might not >> be able to unlock the disk if you move it to another machine. > That is something I have never paid any attention to. But I can set a password > through the linux's hdparm utility, and then you can unlock it from the the > BIOS and vice-versa. So, I think that makes it standard enough, but not sure. > This is starting to get off-topic but here goes, if you say you can lock your ssd with hdparm and unlock it with the UEFI firmware then what you are using is a plain old ata security password, which in the case of Samsung they claim will encrypt the media encryption key (MEK). This method of providing a password to protect the MEK is not standard and I guess they do it as a convenience for the user. What I've been talking about from the start is SEDs that support TCG Opal[1]. [1] https://en.wikipedia.org/wiki/Opal_Storage_Specification -- Mauro Santos
