NOT AUTHORIZED error/Samsung EVO 970 plus #382
Comments
|
Please, do not enable neither the BIOS password for your disk, neither the "Encrypted Drive | Ready to Enable" feature in Samsung Magician for it, if you would like to setup your drive as the Self Encrypted Drive according to the TCG Opal specification. Use just sedutil for that task, preferably from the rescue system on USB (in order to avoid discrepancies in password hashing between Windows and Linux). Read the Wiki, how to do that. |
|
@JaBoMa that's an impressive "community support" :) Thank you. |
|
@jarmomak I had that issue, I heard a rumor that it was a "security feature" by Samsung. to prevent someone from hijacking the SED password, sealing your disk, and ransoming it back to you. even so, all you have to do is a PSID revert, https://github.com/Drive-Trust-Alliance/sedutil/wiki/PSID-Revert Pardon my English, it is my first language, I'm just an idiot :) |
|
That "rumor" is mentioned in the following thread: https://github.com/Drive-Trust-Alliance/sedutil/issues/291 , which was opened in 2019 (last comment from May 2020). It seems to be reasonable. This does not change the fact that Samsung Magician is not suitable for preparing a TCG Opal encrypted disk. And this does not change the fact that the disk, encrypted according to TCG Opal, should not be locked with a BIOS password. Or that such a drive should not be encrypted by the operating system, e.g. with BitLocker. I hope that my English is understandable, even though it is not my native language ;) |
|
Hi,
So what could be the reason for it? I have my own fork of ChubbyAnt with updated sedutil (1.20.0), buildroot and kernel to make it boot on newer systems, but I just can't figure out why am I getting this same result. Any ideas? |
|
I had this problem as well. I initially was using bitlocker with hardware encryption using Samsung magician. It worked for Windows, but you can't dual boot to Linux on the same drive with that setup and I was sick of booting Linux with a separate drive in a thunderbolt enclosure. So, I decided to switch to sedutil instead. But, as @rpuskas0 mentioned above, you need to psid revert (either with Samsung magician or sedutil) which wipes the drive to enable sedutil encryption if it was previously enabled in any other way (since you don't have the admin key used by bitlocker or whatever you enabled it with). And, those tools (at least BitLocker) doesn't disable it for you when you disable BitLocker (quite annoying). If you have a spare drive, you can just use dd to back it up to an image first. If you have a lot of empty space (as I did), you can pipe it through gzip to shrink the size (and speed it up). E.g., Do the dd backup first, then psid revert the drive, setup encryption, unlock it and reboot (without shutting down so it remains unlocked) and restore your backup with Replace |
I am trying to setup OPAL password with sedutil.
I have enabled encrypted drive feature with samsung magician software.
sedutil-cli --scan correctly shows my disk as OPAL disk. But trying to run initialization command fails. It seems that password is already set (somehow). I tried initialization with "debug" option, same results.
What is wrong?
The text was updated successfully, but these errors were encountered: