Skip to content

Encrypting your drive

Jump to bottom Edit New page
r0m30 edited this page Oct 21, 2015 · 11 revisions

Warning
See the Remove OPAL page for instructions on returning the drive to a non-OPAL managed state. If you just want to turn off the locking and PBA see the steps at the end of this page.

Download the host program for Windows or Linux

Download the PBA for a BIOS or 64bit UEFI machine (UEFI support currently requires that Secure Boot be turned off.)

Optional but highly recommended:

Test the PBA on your machine

Prepare and test the rescue image

Set up the Drive:

gunzip the PBA  (Windows users will need to use 7-zip)
sedutil-cli  -–initialsetup <password> <drive>

If the drive is a boot drive:

sedutil-cli –-loadPBAimage <password> <pbafilename>  <drive>
sedutil-cli –-setMBREnable on <password> <drive>

Enable locking:

sedutil-cli –-enableLockingRange 0 <password> <drive>

** = \.\PhysicalDrive? on windows and /dev/sd? on Linux

Power off the computer to lock the drive. Power the computer on. The PBA should ask for your password, unlock the drive and chain-load the real OS on the drive you booted from.

If you want to turn off Locking and the PBA:

sedutil-cli -–disableLockingRange 0 <password> <drive>  
sedutil-cli –-setMBREnable off <password> <drive>

You can re-enable locking and the PBA using this command sequence

sedutil-cli -–enableLockingRange 0 <password> <drive>    
sedutil-cli –-setMBRDone on <password> <drive>  
sedutil-cli –-setMBREnable on <password> <drive>

Copyright 2015-2016 Bright Plaza Inc

Add a custom sidebar
Clone this wiki locally