Talk:Self-encrypting drives

From ArchWiki
Jump to navigation Jump to search

Disadvantages

It may be possible to use a Trusted Platform Module to perform the authentication.
  • The TPM could potentially be used to unlock the drive when waking from sleep (S3) mode
  • The TPM may enable authentication methods beyond password entry, such as fingerprint recognition
Before this is researched, the TPM article will need some major revisions.
DCengineer (talk) 06:51, 5 July 2017 (UTC)
Where did you lean about this possibility? Please provide some links. Libgxps (talk) 23:10, 24 January 2018 (UTC)

Linux support

There is someone working on automatic creation of uefi pba images for arch [1] R00KIE (talk) 23:24, 20 March 2016 (UTC)
I will be setting up a new system with an NVMe SSD. Several binaries exist, but it may work better to generate the PBA. DCengineer (talk) 06:43, 5 July 2017 (UTC)

Misc update proposals

  • The 1.15 version of sedutil uses a differently named option and the behavior probably changed too:
   # sedutil-cli --setSIDPassword oldpassword newpassword device

now also sets the admin1Pwd, so it is not necessary to execute. The user should at least be informed about this.

  • The links to the PBA image is broken and the ones that work point to broken builds.

Libgxps (talk) 23:10, 24 January 2018 (UTC)

Suspend doesn't work properly

Suspend locks the drive (Dell E6410 + Samsung EVO 850) and drive is not accessible after wake up. One solution is to disable Suspend - see https://wiki.archlinux.org/index.php/Polkit#Disable_suspend_and_hibernate

Is possible to unlock drive after wake up? -> A fork to sedutil-cli is available that allows providing the password *BEFORE* sleeping such that the system can resume: https://aur.archlinux.org/packages/sedutil-sleep-git/ Germafab (talk) 12:39, 10 May 2020 (UTC)

UEFI boot problems on Asus H97M-E

Unfortunately, OPAL breaks Linux UEFI boot on my Asus motherboard. I use a dualboot configuration. As I understand it, during the initial boot, when the firmware sees an "empty" SSD it removes all UEFI boot entries. When it gets rebooted after entering the encryption password in the PBA, the firmware notices the EFI boot partition and automatically inserts a single new boot entry (of course, only the Windows one). I have only tested it on Asus H97M-E, but I wouldn't be surprised to see this behaviour at least on other Asus motherboards.

Maybe the possibility of firmware bugs of this kind should be mentioned in the "disadvantages" section?

Catnip (talk) 14:40, 9 March 2020 (UTC)

Article should be clearer early on about the negatives

It's unfortunate that there's barely any information on SED/OPAL online. Given that resume from sleep doesn't work, I suspect many notebook users will not want to go this route at all. While it's commendable that the article attempts to show the (hacky) ways of getting OPAL to work, I think there should an early notification about the flaky nature of current solutions, so users can make an informed choice.

Having a cautionary message above every section is not the answer. I'd rather the article be rewritten from scratch based on the current state of information. Adrian5 (talk) 22:00, 25 February 2021 (UTC)