LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Hardware (http://www.linuxquestions.org/questions/linux-hardware-18/)
-   -   Seagate self-encrypting drives ("SED")- key creation only for Windows users? (http://www.linuxquestions.org/questions/linux-hardware-18/seagate-self-encrypting-drives-sed-key-creation-only-for-windows-users-923896/)

libCog 01-15-2012 09:53 AM

Seagate self-encrypting drives ("SED")- key creation only for Windows users?
 
How would a linux user reset the encryption key on a Seagate SED drive?

In Seagate nomenclature, changing the key is apparently by way of the "instant secure erase" feature. My BIOS has no such feature. Seagate offers no tools for this other than a proprietary windows-only API called "DriveTrust Security" (which is not available for download). There are a few commercial Windows tools that use the API, but the only option I've found for linux that might work is the IBM Tivoli Key Lifecycle Manager (which is a pricey enterprise product, not fit for a home user who just wants to change the key on occasion).

[edit]
I just discovered a similar thread. Looks like a common and unsolved problem.

mpapet 01-15-2012 12:01 PM

This drive is used with Trusted Platform Module BIOS systems. Essentially, there's a smartcard soldered onto the motherboard that is the trust broker. You need the Trusted Platform Module storage API.

This link has some information: https://docs.google.com/viewer?a=v&q...4j_fUIcPm9pPHA

If that link doesn't work, search terms trusted platform module "TRUSTED RECEIVE" will get you started.

The politics of attempting to connect to the very secret TPM with Free software are daunting. Some TPM people <cough>MICROSOFT!<cough> would be very unhappy to share.


All times are GMT -5. The time now is 07:09 AM.