From: Ondrej Kozina <okozina@redhat.com>
To: Cryptsetup <cryptsetup@lists.linux.dev>
Cc: Nikolai Grigoriev <nikolai@grigr.xyz>
Subject: Re: OPAL setup for a new drive without sedutil initial setup
Date: Mon, 18 Mar 2024 09:36:25 +0100 [thread overview]
Message-ID: <c238a50b-e382-4dec-9b4b-9c33e420b541@redhat.com> (raw)
In-Reply-To: <NtEMHPl--3-9@grigr.xyz>
On 18/03/2024 03:21, Nikolai Grigoriev wrote:
> Hello,
>
> I was about to set up a new machine and I was about to use OPAL the "old" way. And then I discovered that cryptsetup now supports OPAL! Thanks :)
>
> However, something is not clear to me from the documentation. When I tried "luksFormat", I was prompted for both passphrase and OPAL Admin password. For the former it is clear, this is the passphrase for LUKS2 itself. However, I never configured OPAL on this drive, thus, it does not have an Admin1 password (and SID) set at all.
>
> Does it mean I still need to use "sedutil-cli --initialsetup" before using cryptsetup or...or I do not understand what is expected :) The documentation seems to suggest that this password needs to be provided only when initial setup was done. Should I enter an empty one then? And if so, what my actual Admin1 password will be after setup is complete?
Cryptsetup does the initial setup automatically provided the device
report itself as yet uninitialized.
IOW, it should work on SED OPAL devices in both states. Either, you have
to provide existing Admin1 PIN or you are setting a new one during
luksFormat command.
Kind regards
Ondrej
next prev parent reply other threads:[~2024-03-18 8:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 2:21 OPAL setup for a new drive without sedutil initial setup Nikolai Grigoriev
2024-03-18 8:36 ` Ondrej Kozina [this message]
[not found] ` <c238a50b-e382-4dec-9b4b-9c33e420b541@redhat.com-NtFh9t5--7-9>
2024-03-18 13:13 ` Nikolai Grigoriev
2024-03-18 13:45 ` Ondrej Kozina
2024-03-19 0:14 ` Nikolai Grigoriev
[not found] ` <NtJ2omI--3-9@grigr.xyz-NtJ2rJc--N-9>
2024-03-21 21:55 ` Nikolai Grigoriev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c238a50b-e382-4dec-9b4b-9c33e420b541@redhat.com \
--to=okozina@redhat.com \
--cc=cryptsetup@lists.linux.dev \
--cc=nikolai@grigr.xyz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox