Ubuntu Manpage: sedutil-cli - util to manage TCG Opal 2.0 self encrypting drives

NAME

       sedutil-cli - util to manage TCG Opal 2.0 self encrypting drives

SYNOPSIS

       sedutil-cli <-v> <-n> <action> <options> <device>

DESCRIPTION

       sedutil-cli  is  a  utility  to manage self encrypting drives that conform to the Trusted Computing Group
       (TCG) OPAL 2.0 SSC specification.

       In Linux libata.allow_tpm must be set to 1. Either via adding libata.allow_tpm=1 to the kernel  flags  at
       boot time or changing the contents of /sys/module/libata/parameters/allow_tpm to a from a "0" to a "1" on
       a running system.

OPTIONS

   General Options
       -v (optional)
              increase verbosity, one to five v's

       -n (optional)
              no password hashing. Passwords will be sent in clear text!

   Actions
       --scan Scans the devices on the system identifying Opal compliant devices

       --query <device>
              Display the Discovery 0 response of a device

       --isValidSED <device>
              Verify whether the given device is SED or not

       --listLockingRanges <password> <device>
              List all Locking Ranges

       --listLockingRange <0...n> <password> <device>
              List all Locking Ranges, 0 = GLobal 1..n  = LRn

       --eraseLockingRange <0...n> <password> <device>
              Erase a Locking Range, 0 = GLobal 1..n  = LRn

       --setupLockingRange <0...n> <RangeStart> <RangeLength> <password> <device>
              Setup a new Locking Range, 0 = GLobal 1..n  = LRn

       --initialSetup <SIDpassword> <device>
              Setup the device for use with sedutil, <SIDpassword> is new SID and Admin1 password

       --setSIDPassword <SIDpassword> <newSIDpassword> <device>
              Change the SID password

       --setAdmin1Pwd <Admin1password> <newAdmin1password> <device>
              Change the Admin1 password

       --setPassword <oldpassword, " for MSID> <userid> <newpassword> <device>
              Change the Enterprise password for userid, "EraseMaster" or "BandMaster<n>", 0 <= n <= 1023

       --setLockingRange <0...n> <RW|RO|LK> <Admin1password> <device>
              Set the status of a Locking Range, 0 = GLobal 1..n  = LRn

       --enableLockingRange <0...n> <Admin1password> <device>
              Enable a Locking Range, 0 = GLobal 1..n  = LRn

       --disableLockingRange <0...n> <Admin1password> <device>
              Disable a Locking Range, 0 = GLobal 1..n  = LRn

       --setMBREnable <on|off> <Admin1password> <device>
              Enable|Disable MBR shadowing

       --setMBRDone <on|off> <Admin1password> <device>
              set|unset MBRDone

       --loadPBAimage <Admin1password> <file> <device>
              Write <file> to MBR Shadow area

       --revertTPer <SIDpassword> <device>
              set the device back to factory defaults.  This **ERASES ALL DATA**

       --revertNoErase <Admin1password> <device>
              deactivate the Locking SP without erasing the data on GLOBAL RANGE *ONLY*

       ----yesIreallywanttoERASEALLmydatausingthePSID <PSID> <device>
              revert the device using the PSID.  *ERASING* *ALL* the data

       --printDefaultPassword <device>
              print MSID

EXAMPLES

       sedutil-cli --scan
       sedutil-cli --query /dev/sdc
       sedutil-cli --yesIreallywanttoERASEALLmydatausingthePSID <PSIDALLCAPSNODASHED> /dev/sdc
       sedutil-cli --initialSetup <newSIDpassword> /dev/sdc

BUGS

       Sleep (S3) is not supported.

AUTHOR

       The tool was developed by Bright Plaza Inc. <drivetrust@drivetrust.com>. This man page was written by Jan
       Luca Naumann <j.naumann@fu-berlin.de>.

0.12                                               18 Feb 2016                                    SEDUTIL-CLI(8)