Hello Paul, On Wed, 2012-09-19 at 09:37 -0700, Paul Heinlein wrote: > Management of Full Disk Encryption (FDE) drives is usually handled in > BIOS or via central Windows application. Indeed. The scenario I mentioned of course does not work when one boots from the encrypted drive, only if one attaches it after the system has booted from another drive. > Once the key has been encrypted, the drive cannot be accessed unless > connected directly to, say, the system's SATA bus. I haven't seen any > mechanisms by which the key can be unlocked via things like external > USB adapters. As the interface for encrypting and locking an SED appears to be the same as for locking a normal drive using the security commands from hdparm should in theory work. This is assuming the BIOS pads passwords that are smaller than 32 bytes the same way as hdparm does, which is with NUL bytes. Hdparm currently only accepts passwords as strings, so if the BIOS uses binary/hex strings for the password it could be problematic to unlock the same drive with hdparm. It should be quite simple to patch hdparm to accept hex strings as passwords though. I have used drive (un)locking with hdparm on USB drives so (un)locking an external SED should be possible. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research