forked from Drive-Trust-Alliance/sedutil
-
Notifications
You must be signed in to change notification settings - Fork 8
Command Syntax
r0m30 edited this page Nov 2, 2015
·
6 revisions
General Usage:
sedutil-cli <-v> <-n> <--action> <options> <device>
| Action and Options | Description |
|---|---|
| -v | optional parameter to increase the verbosity (addition debugging information), one to five v’s |
| -n | optional parameter to pass the password to the drive in plaintext |
| initialsetup <password> <device> | Prepare the drive for msed management. This changes the default password on the drive, activates the LOCKING SP sets and up MBR shadowing. After this command the SID and Admin1 passwords are set to the password you entered and the global locking range is ready to be enabled. |
| setSIDPwd <password> <newpassword> <device> | Change the password of the SID user in the ADMIN SP |
| setAdmin1Pwd <password> <newpassword> <device> | Change the password of the ADMIN1 user in the LOCKING SP |
| loadPBAimage <password> <pba file spec> <device> | Load the PBA image to the shadow MBR table. PBA visibility is controlled by –setMBREnable below. |
| reverttper <password> <device> | Reset the device to it’s factory defaults using the SID password. If the locking SP is active this command ERASES ALL DATA, requires the SID password |
| revertnoerase <password> <device> | Deactivate the Locking SP without erasing the data in the LBA range controlled by the Global Locking Range. This command allows you to “shut off” OPAL locking without loosing data if you have not activated any user locking ranges. Requires the Admin1 password. |
| PSIDrevert <password> <device> | Reset the device to it’s factory defaults using the PSID. If the locking SP is active this command ERASES ALL DATA, requires the 32 byte PSID printed on the drive label |
| yesIreallywanttoERASEALLmydatausingthePSID <password> <device> | Reset the device to it’s factory defaults using the PSID. If the locking SP is active this command ERASES ALL DATA. requires the 32 byte PSID printed on the drive label |
| enableuser <password> <userid> <device> | Sets a locking SP user to the enabled state |
| activateLockingSP <password> <device> | Change the state of the Locking SP to active |
| scan | Scan the system and report on TCG disks |
| query <device> | Display details of the devices TCG SSC support |
| takeownership <password> <device> | Change the password of the SID and ADMIN1 users from the default (MSID) password. |
| revertLockingSP <password> <device> | Deactivate the Locking SP. ERASES ALL DATA |
| setPassword <password> <userid> <newpassword> <device> | Change the password of the specified user in the Locking SP. |
| validatePBKDF2 | Test the password hashing functions output |
| setMBREnable <on|off> <password> <device> | Set the MBREnable flag on the device. If this is on the device will present the shadow MBR to the BIOS/OS when it is powered up. |
| setMBRDone <on|off> <password> <device> | Set the MBRDone flag on the device. If MBREnable is on this controls when to switch the drive out of shadowed state. |
| setLockingRange <0-15> <ro|rw|lk> <password> <device> | Modify the state of a locking range. |
| enableLockingRange <0-15> <password> <device> | Activate a locking range |
| disableLockingRange <0-15> <password> <device> | Deactivate a locking range |
| setupLockingRange <0-15> <startLBA> <#LBA> <password> <device> | Set/Change the LBAs controlled by a locking range. Changing the locking range that controls a LBA will ERASE ALL THE DATA on that locking range. |
| readonlyLockingRange <0-15> <password> <device> | Enable a locking range with only write locking active. Creates a read only area at power up. |
| listLockingRanges <password> <device> | List the status and configutation of the locking ranges on a device. |