Seagate SAS - SED (Self Encrypting Drive) - Unlock

Status
Not open for further replies.

webdawg

Contributor
Joined
May 25, 2016
Messages
112
Hello,

I have two Seagate SAS SED drives that I purchased off ebay that are locked. I already received unlocked replacements and I was told to keep this or trash them but from all the research that I did, like secure erase, I thought I read that I could unlock these drives using the OEM key/password on the drive and that I would just loose everything stored on the drive.

This is obviously what I want but I cannot find a combination of software and hardware to make this work.

I can get the drive to detect in seagate utils in windows, but entering the password on the drive, does not unlock it.

I have tried a multitude of Linux utils and seagate boot disks and no matter how I pushed the password, nothing would happen. I did do this about a year ago.

I would like to try again and I know that they make software and hardware that interfaces with these drives but can anyone relay any successful experiences to me about this?
 

webdawg

Contributor
Joined
May 25, 2016
Messages
112
Yes. They actually have better utils now. Here is some info from my wiki:

https://wiki.hackspherelabs.com/index.php?title=SED_Hard_Drives

sedutil is what you want for linux: https://wiki.archlinux.org/index.php/Self-Encrypting_Drives

https://github.com/Drive-Trust-Alliance/sedutil

For me though, it will not work. I was so confused about the concepts around all of this because of how the information about it all is presented. It is really simple stuff really but the sedutil is really what makes is simple.

The problem for me though is that I have a OPAL 1.0 drive. OPAL 1.0 worked more like when you used to lock a hard drive through ATA commands, hdparm, etc. So once the drive was password protected there was no way to unprotect it. This is the problem with my two OPAL 1.0 drives. Someone (the software they used to manage the drives) changed the MSID on the drive. With OPAL 1.0 the MSID is a default value from the factory but once it is changed and lost, the drive cannot be unlocked without it.

With OPAL 2.0 each drive has a PSID on it. The Physical SID is a number that can be read off the disk that says PSID and 4 groups of 8 numbers. OPAL 2.0 drives should be erasable and useable with the PSID and sedutil.

You can see an example of a PSID here: http://www.seagate.com/files/staticfiles/support/docs/manual/Interface manuals/100515636b.pdf Page 15.

The reason that I was so confused is that I have these SED drives and everything says that they are unlockable by entering the PSID from the drive. Well no one mentioned anything about OPAL 1.0 and when I saw "SID" and then the 32 char number I just thought that I came across a manufacture that called a PSID a SID. It was a physical label on the drive and it had a 32 char number on it. But it is actually the MSID of the drive which will not unlock and erase the drive after changed. So the drives are trash unless someone someday figures out how to fix that.

At least it seems, I can find nothing on unlocking OPAL 1.0 drives and formatting them but at this point I assume that since it is an older spec that it functions like its related ATA spec with secure erase and such. I have an open question to the devs that built sed util but I have not recieved anything back ( https://github.com/Drive-Trust-Alliance/sedutil/issues/79 ). Everything that I read points to a changed and lost MSID in Opal 1.0 and the drives are useless but nothing in any of the docs that Seagate provide say that exactly.

I assume that they did not say it because it was obvious that is what the old spec did and this new spec will do the same.
 
Status
Not open for further replies.
Top