I am struggling to understand sed, opal2 and TGC
When I bought an SSD for my Lenovo T420s I got a Samsung EVO 860 mSATA SSD and my understanding was that this supported hardware encryption (so no performance hit) but I could not get it to work. This was long time ago and I don’t remember the details but from memory it was something to do with the T420s bios.
So now I want a put second drive in the laptop.
Given that the OS won’t be booting from this drive, it will be used only as storage, is there a way to use hardware encryption on it?
If I run sedutil-cli
on the T420s right now I get this output:
[T420s philip]# sedutil-cli --scan
Scanning for Opal compliant disks
The Kernel flag libata.allow_tpm is not set correctly
Please see the readme note about setting the libata.allow_tpm
/dev/sda No Crucial_CT256MX100SSD1 MU01
The Kernel flag libata.allow_tpm is not set correctly
Please see the readme note about setting the libata.allow_tpm
/dev/sdb No Samsung SSD 860 EVO mSATA 250GB RVT41B6Q
No more disks present ending scan
So basically it is something to do with tpm ?
I understand why one might need a tpm to boot from a drive, as there is no OS already running, but is there a way to do this in software (but leveraging the hardware encryption/decryption) on a second drive when an OS is already running?