How to set the SED key into the device instruction#
Environment:
RAID Model: All Supreme RAID model
Host Hardware: AMD/Intel
Operating System: Linux
SupremeRAID driver: 1.3.x - later version
RAID Model: All Supreme RAID model
Host Hardware: AMD/Intel
Operating System: Linux
SupremeRAID driver: 1.3.x - later version
Description
Resolution
[After 1.6.1]
Support for Configuring SED Keys During Physical Drive Creation
Users can now configure Self-Encrypting Drive (SED) keys directly when creating physical drives, eliminating the need for third-party tools to lock the drive beforehand. To take ownership of a physical drive with SED support (if the drive is not yet locked), use the --sed-take-ownership option. This command will prompt for confirmation, a new SED key, and any required credentials.
Note: This process will erase all user data on the drive.
$ sudo graidctl create physical_drive /dev/nvme1 --sed-take-ownership
To bypass prompts, you can use the following options:
$ sudo graidctl create physical_drive /dev/nvme1 --sed-take-ownership --new-sed-key [New Password] --no-current-sid --confirm-to-erase
$ sudo graidctl create physical_drive /dev/nvme1 --sed-take-ownership --new-sed-key [New Password] --current-sid [Original Password] --confirm-to-erase
$ sudo graidctl create physical_drive /dev/nvme1 --sed-take-ownership --new-sed-key [New Password] --psid [PSID] --confirm-to-erase
Note: During ownership, both the SID and admin1 key will be set to the same value (the SED key), and only this SED key will be stored in the system.
#
[Before 1.6.1]
SEDutil
[Download link]
[How to Use]
Example:
Example:
wget https://github.com/ChubbyAnt/sedutil/releases/download/1.15-5ad84d8/sedutil-cli-1.15-5ad84d8.zip
unzip sedutil-cli-1.15-5ad84d8.zip
[initiation]
sedutil-cli --yesIreallywanttoERASEALLmydatausingthePSID <%PSID%> <dev path>
sedutil-cli -n --initialSetup <%your passwords%> <dev path>
sedutil-cli -n --enableLockingRange 0 <%your password%> <dev path>
[enable sed key]
sedutil-cli -n --setLockingRange 0 lk <%your password%> <dev path>
[enable sed key]
sedutil-cli -n --setLockingRange 0 lk <%your password%> <dev path>
[unlock]
sedutil-cli -n --disableLockingRange 0 <%your password%> <dev path>
sedutil-cli -n --revertNoErase <%your password%> <dev path>
SEDcli
[Download link]
[How to Use]
- Dependency:
- APT base: libssl-devel, libkmip
- YUM/DNF base: openssl-devel, libkmip
- APT base: libssl-devel, libkmip
- YUM/DNF base: openssl-devel, libkmip
Example:
- Install the openssl lib
- Install the openssl lib
[APT]apt install libssl-devel[YUM/DNF]
yum install openssl-devel
- Install libkmip
-Install sedcli
wget https://github.com/solidigm/sedcli/archive/refs/tags/sedcli_1_2.tar.gz
tar xvf sedcli_1_2.tar.gz
cd sedcli-sedcli_1_2/src
chmod +x ./configure
./configure
make all
make install
tar xvf sedcli_1_2.tar.gz
cd sedcli-sedcli_1_2/src
chmod +x ./configure
./configure
make all
make install
ldconfig
P.S. If start sedcli get missing libsed.so.1 file, please check the file's location if in /usr/lib64, append the "usr/lib64" path to /etc/ld.so.conf and the run again "ldconfig".
[initiation]
# discovery
sudo sedcli --discovery -d <dev path>
# Factory reset with PSID
sudo sedcli --revert -d <dev path> -a 00-00-00-09-00-01-ff-01
-> enter the PSID
# Set SID
sudo sedcli --ownership -d <dev path>
sudo sedcli --discovery -d <dev path>
# Factory reset with PSID
sudo sedcli --revert -d <dev path> -a 00-00-00-09-00-01-ff-01
-> enter the PSID
# Set SID
sudo sedcli --ownership -d <dev path>
-> enter your password <%your password%>
# Activate the Locking SP
sudo sedcli --activate-sp -d <dev path> -p <%your password%> -a 00-00-00-09-00-00-00-06
# Set up global locking range
sudo sedcli --setup-global-range -d <dev path> -r enabled -w enabled
# Activate the Locking SP
sudo sedcli --activate-sp -d <dev path> -p <%your password%> -a 00-00-00-09-00-00-00-06
# Set up global locking range
sudo sedcli --setup-global-range -d <dev path> -r enabled -w enabled
-> enter your password <%your password%>
# Lock
sudo sedcli --lock-unlock -d <dev path> -a 00-00-00-09-00-01-00-01 -t LK
sudo sedcli --lock-unlock -d <dev path> -a 00-00-00-09-00-01-00-01 -t LK
-> enter your password <%your password%>
# Unlock
sudo sedcli --lock-unlock -d <dev path> -a 00-00-00-09-00-01-00-01 -t RW
# Unlock
sudo sedcli --lock-unlock -d <dev path> -a 00-00-00-09-00-01-00-01 -t RW
-> enter your password <%your password%>
# Deactive the Locking SP
sudo sedcli --revert-lsp -d <dev path> -a 00-00-00-09-00-01-00-01
# Deactive the Locking SP
sudo sedcli --revert-lsp -d <dev path> -a 00-00-00-09-00-01-00-01
-> enter your password <%your password%>
P.S. the <%PSID%> usually prints on the device label; it can't query by the system.
SEDscript
[Download link]
python script
requirement file
[How to Use]
- Dependency: sedcli or sedutil-cli, pexpect,
[Pre-request]
- Prepare a csv file which include the SSD's serial number and PSID.
Ex:
SN,PSID
SN000001, SN000001PSID
SN000002, SN000002PSID
.
.
.
SN00000N, SN00000NPSID
Install the requirement package
# pip install -r requirements.txt
#unlock all device
python3 sed_script.py -p /path/to/mapping_table --all -sp <%your password%> -s {sedcli/sedutil-cli} -st /path/to/sed_tool --unlock
#lock all device
python3 sed_script.py --all -p /path/to/mapping_table -sp <%your password%> -s {sedcli/sedutil-cli} -st /path/to/sed_tool -o /path/to/save_sedkey_file
#unlock a device
python3 sed_script.py -p /path/to/mapping_table -d <dev path> -sp <%your password%> -s {sedcli/sedutil-cli} -st /path/to/sed_tool --unlock
#lock a device
python3 sed_script.py -p /path/to/mapping_table -d <dev path> -sp <%your password%> -s {sedcli/sedutil-cli} -st /path/to/sed_tool
Related Articles
[Windows] Graid VD device initialize time too long (about 50s) during system reboot#
Environment RAID Model: SR1000 or SR1010 etc Host Hardware: AMD/Intel/Supermicro model etc Operating System: Windows Server 2019 and 2022. Issue The Graid's disk needs to take over 50 seconds to present to the system. Resolution 1. When Windows boots ...Enabling Secure Boot with SupremeRAID™ on Ubuntu
Environment RAID Model: SR1000 or SR1010 etc Host Hardware: AMD/Intel/Supermicro model etc Operating System: Linux Ubuntu etc Issue Setting up Secure Boot with SupremeRAID™ requires proper key enrollment for loading both the SupremeRAID and NVIDIA ...Setting up the dual-controller to enable High Availability (HA) and auto-failover feature.#
Environment RAID Model: All Supreme RAID model Host Hardware: AMD/Intel Operating System: Linux SupremeRAID driver: 1.3.x or later Description This feature enables the SupremeRAID system to automatically fail over to another SupremeRAID card when one ...How do I expand the storage pool or volume capacity#
Environment RAID Model: SR1000 or SR1010, SR1001 Host Hardware: Intel, AMD Operating System: Linux Issue User would like to expand the Volume or storage. Resolution 1. Set up the LVM with SupremeRAID solution wit original size. # graidctl c pd ...How to Configure QEMU with SupremeRAID RAID as a Datastore for Virtual Machines #
Environment RAID Model: All Supreme RAID model Host Hardware: AMD/Intel Operating System: Linux RHEL QEMU Description Virtualization has become an essential tool for modern computing, enabling multiple virtual machines (VMs) to operate on a single ...