URL: <http://savannah.gnu.org/bugs/?51418>
Summary: Support for opal specification self-encrypting disks and pre-boot authentication Project: GNU GRUB Submitted by: daijizai Submitted on: Sat 08 Jul 2017 04:46:15 PM UTC Category: Security Severity: Major Priority: 5 - Normal Item Group: Feature Request Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: Release: other Reproducibility: None Planned Release: None _______________________________________________________ Details: Opal drives load an initial EFI from a secure MBR which then unlocks the drive and allows access to the disk. While a GNU Linux solution exists (https://github.com/sedutil/sedutil), it requires a soft reboot after unlocking from the pre-boot authentication (PBA) image instead of chainloading the unlocked EFI partition. On some machines this relocks the disk. With the inclusion of new OPAL support code in the 4.11 Linux kernel release it makes sense that new supporting features should be added to recognized bootloaders to allow the community to take advantage of a feature available to Windows users for years. The GRUB project should consider creating an opal compatible PBA image for use with self-encrypting disks to unlock the drive and chainload the primary grub installation. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?51418> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub