OPAL Self-Encrypting Drive Support For Linux Steps Closer

An Intel developer has sent out the latest version of his patches for implementing the Self-Encrypting Drive (SED) protocol support for the Linux kernel.

The Opal storage specification sets a cross-vendor standard for self-encrypting drives and is the work of the Trusted Computing Group's storage workgroup. Scott Bauer of Intel sent out his third version of these patches for implementing Opal for self-encrypting devices. The driver has support for storing the locking range password as well as activating a device from a SED's default-inactive state.

The overall bring-up process for those curious about Opal is:

1) Taking Ownership of the drive (Setting the Admin CPIN).
2) Activating the Locking SP (In Single User Mode or Normal Mode).
3) Setting up Locking Ranges (Single User or Normal Mode).
4) Adding users to Locking Ranges (Normal Mode Only).
5) Locking or Unlocking Locking Ranges (Single User Mode or Normal Mode).
6) Reverting the TPer (Restore to factory default).
7) Setting LR/User passwords (Single User Mode or Normal Mode).
8) Enabling/disabling Shadow MBR.
9) Enabling Users in the LockingSP (Normal Mode Only).
10) Saving Password for resume from suspend.
11) Erase and Secure erasing locking ranges.

This Opal driver support for Linux is around 3.5k lines of code at present. More details via this patch series. Those curious about self-encrypting drives can learn more here. These SED OPAL patches are coming too late for the Linux 4.10 merge window but perhaps will be ready for Linux 4.11.