sedutil icon indicating copy to clipboard operation
sedutil copied to clipboard

Published 20 hours ago verified publisher icon ChubbyAnt

Storing and reading Self Encrypted Disk (SED) password from TPM

Open Strykar opened this issue 2 years ago • 2 comments

I have a Self Encrypted Disk (SED). I'd like to use sedutil to lock the disk, but I want the password to be sealed in the TPM module on board the system, instead of in ATA BIOS.

Essentially I want the Pre-Boot Authentication (PBA) image to pick up the password from the TPM automatically upon boot.

Is this even possible?

Strykar avatar Nov 11 '23 07:11 Strykar

I am interested in this as well. Basically, I would normally use LUKS + TPM to unlock, and am wondering if I can swap out LUKS with SED to do the same thing.

Did you happen to find an answer?

Comnenus avatar May 21 '24 15:05 Comnenus

I am interested in this as well. Basically, I would normally use LUKS + TPM to unlock, and am wondering if I can swap out LUKS with SED to do the same thing.

Did you happen to find an answer?

There's some progress in the discussion at - https://wiki.archlinux.org/title/Talk:Self-encrypting_drives#c-Indigo-20240204192600-Strykar-20240202210200

Strykar avatar May 29 '24 00:05 Strykar