1SEDUTIL-CLI(8) sedutil-cli man page SEDUTIL-CLI(8)
2
6 sedutil-cli - util to manage TCG Opal 2.0 self encrypting drives
7
10 sedutil-cli <-v> <-n> <action> <options> <device>
11
14 sedutil-cli is a utility to manage self encrypting drives that conform
15 to the Trusted Computing Group (TCG) OPAL 2.0 SSC specification.
16 In Linux libata.allow_tpm must be set to 1. Either via adding
18 libata.allow_tpm=1 to the kernel flags at boot time or changing the
19 contents of /sys/module/libata/parameters/allow_tpm to a from a "0" to
20 a "1" on a running system.
21
24 General Options
25 -v (optional)
26 increase verbosity, one to five v's
27 -n (optional)
29 no password hashing. Passwords will be sent in clear
30 text!
31 Actions
34 --scan Scans the devices on the system identifying Opal compli‐
35 ant devices
36 --query <device>
38 Display the Discovery 0 response of a device
39 --isValidSED <device>
41 Verify whether the given device is SED or not
42 --listLockingRanges <password> <device>
44 List all Locking Ranges
45 --listLockingRange <0...n> <password> <device>
47 List all Locking Ranges, 0 = GLobal 1..n = LRn
48 --eraseLockingRange <0...n> <password> <device>
50 Erase a Locking Range, 0 = GLobal 1..n = LRn
51 --setupLockingRange <0...n> <RangeStart> <RangeLength> <pass‐
53 word> <device>
54 Setup a new Locking Range, 0 = GLobal 1..n = LRn
55 --initialSetup <SIDpassword> <device>
57 Setup the device for use with sedutil, <SIDpassword> is
58 new SID and Admin1 password
59 --setSIDPassword <SIDpassword> <newSIDpassword> <device>
61 Change the SID password
62 --setAdmin1Pwd <Admin1password> <newAdmin1password> <device>
64 Change the Admin1 password
65 --setPassword <oldpassword, " for MSID> <userid> <newpassword>
67 <device>
68 Change the Enterprise password for userid, "EraseMaster"
69 or "BandMaster<n>", 0 <= n <= 1023
70 --setLockingRange <0...n> <RW|RO|LK> <Admin1password> <device>
72 Set the status of a Locking Range, 0 = GLobal 1..n = LRn
73 --enableLockingRange <0...n> <Admin1password> <device>
75 Enable a Locking Range, 0 = GLobal 1..n = LRn
76 --disableLockingRange <0...n> <Admin1password> <device>
78 Disable a Locking Range, 0 = GLobal 1..n = LRn
79 --setMBREnable <on|off> <Admin1password> <device>
81 Enable|Disable MBR shadowing
82 --setMBRDone <on|off> <Admin1password> <device>
84 set|unset MBRDone
85 --loadPBAimage <Admin1password> <file> <device>
87 Write <file> to MBR Shadow area
88 --revertTPer <SIDpassword> <device>
90 set the device back to factory defaults. This **ERASES
91 ALL DATA**
92 --revertNoErase <Admin1password> <device>
94 deactivate the Locking SP without erasing the data on
95 GLOBAL RANGE *ONLY*
96 ----yesIreallywanttoERASEALLmydatausingthePSID <PSID> <device>
98 revert the device using the PSID. *ERASING* *ALL* the
99 data
100 --printDefaultPassword <device>
102 print MSID
103
106 sedutil-cli --scan
107 sedutil-cli --query /dev/sdc
108 sedutil-cli --yesIreallywanttoERASEALLmydatausingthePSID <PSIDALLCAPSNODASHED> /dev/sdc
109 sedutil-cli --initialSetup <newSIDpassword> /dev/sdc
110
113 Sleep (S3) is not supported.
114
117 The tool was developed by Bright Plaza Inc. <drivetrust@driv‐
118 etrust.com>. This man page was written by Jan Luca Naumann
119 <j.naumann@fu-berlin.de>.
1200.12 18 Feb 2016 SEDUTIL-CLI(8)