| SEDUTIL-CLI(8) | sedutil-cli man page | SEDUTIL-CLI(8) |
NAME¶
sedutil-cli - util to manage TCG Opal 2.0 self encrypting drives
SYNOPSIS¶
sedutil-cli <-v> <-n> <action> <options> <device>
DESCRIPTION¶
sedutil-cli is a utility to manage self encrypting drives that conform to the Trusted Computing Group (TCG) OPAL 2.0 SSC specification.
In Linux libata.allow_tpm must be set to 1. Either via adding libata.allow_tpm=1 to the kernel flags at boot time or changing the contents of /sys/module/libata/parameters/allow_tpm to a from a "0" to a "1" on a running system.
OPTIONS¶
General Options¶
- -v (optional)
- increase verbosity, one to five v's
- -n (optional)
- no password hashing. Passwords will be sent in clear text!
Actions¶
- --scan
- Scans the devices on the system identifying Opal compliant devices
- --query <device>
- Display the Discovery 0 response of a device
- --isValidSED <device>
- Verify whether the given device is SED or not
- --listLockingRanges <password> <device>
- List all Locking Ranges
- --listLockingRange <0...n> <password> <device>
- List all Locking Ranges, 0 = GLobal 1..n = LRn
- --eraseLockingRange <0...n> <password> <device>
- Erase a Locking Range, 0 = GLobal 1..n = LRn
- --setupLockingRange <0...n> <RangeStart> <RangeLength> <password> <device>
- Setup a new Locking Range, 0 = GLobal 1..n = LRn
- --initialSetup <SIDpassword> <device>
- Setup the device for use with sedutil, <SIDpassword> is new SID and Admin1 password
- --setSIDPassword <SIDpassword> <newSIDpassword> <device>
- Change the SID password
- --setAdmin1Pwd <Admin1password> <newAdmin1password> <device>
- Change the Admin1 password
- --setPassword <oldpassword, " for MSID> <userid> <newpassword> <device>
- Change the Enterprise password for userid, "EraseMaster" or "BandMaster<n>", 0 <= n <= 1023
- --setLockingRange <0...n> <RW|RO|LK> <Admin1password> <device>
- Set the status of a Locking Range, 0 = GLobal 1..n = LRn
- --enableLockingRange <0...n> <Admin1password> <device>
- Enable a Locking Range, 0 = GLobal 1..n = LRn
- --disableLockingRange <0...n> <Admin1password> <device>
- Disable a Locking Range, 0 = GLobal 1..n = LRn
- --setMBREnable <on|off> <Admin1password> <device>
- Enable|Disable MBR shadowing
- --setMBRDone <on|off> <Admin1password> <device>
- set|unset MBRDone
- --loadPBAimage <Admin1password> <file> <device>
- Write <file> to MBR Shadow area
- --revertTPer <SIDpassword> <device>
- set the device back to factory defaults. This **ERASES ALL DATA**
- --revertNoErase <Admin1password> <device>
- deactivate the Locking SP without erasing the data on GLOBAL RANGE *ONLY*
- ----yesIreallywanttoERASEALLmydatausingthePSID <PSID> <device>
- revert the device using the PSID. *ERASING* *ALL* the data
- --printDefaultPassword <device>
- print MSID
EXAMPLES¶
sedutil-cli --scan
sedutil-cli --query /dev/sdc
sedutil-cli --yesIreallywanttoERASEALLmydatausingthePSID <PSIDALLCAPSNODASHED> /dev/sdc
sedutil-cli --initialSetup <newSIDpassword> /dev/sdc
BUGS¶
Sleep (S3) is not supported.
AUTHOR¶
The tool was developed by Bright Plaza Inc. <drivetrust@drivetrust.com>. This man page was written by Jan Luca Naumann <j.naumann@fu-berlin.de>.
| 18 Feb 2016 | 0.12 |