TCG Opal Toolbox CLI
1. Support Products
-
Transcned Embedded PCIe SED SSDs
- MTE760T / MTE760T-I
- MTE712A / MTE712A-I / MTE712P
- MTE672A / MTE672A-I
- MTE662A
- MTE560P / MTE560I
- MTE480T / MTE480T-I
- MTE470A / MTE470A-I
- MTE380T / MTE380T-I
-
Transcend Embedded SATA SED SSDs
- MTS970A / MTS970A-I
- MTS952A
- MSA470A / MSA470A-I
- SSD470A
2. System Requirements
- Ubuntu 16.04 LTS 64-bit
- Ubuntu 18.04 LTS 64-bit
- Ubuntu 20.04 LTS 64-bit
- Ubuntu 22.04 LTS 64-bit
- Ubuntu 23.04 LTS 64-bit
Note: You must have Administrator privileges to run the TCG Opal Toolbox CLI.
Setting
You need to follow the steps below to make the disk usable:
1. Set to AHCI mode:
Restart your computer and enter the BIOS/UEFI settings to change the disk form IDE mode to AHCI mode
2. Enable TPM Setting:
Modify the line in /etc/default/grub like this:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash libata.allow_tpm=1"
Then update grub:
$ sudo update-grub
Reboot the computer
3. Package Installation
1. Add TCGOpalToolbox repository to system's Software Sources
$ sudo add-apt-repository ppa:transcend-rd/opaltoolbox-cli
2. Update resource
$ sudo apt update
3. Install TCGOpalToolbox package
$ sudo apt-get install opaltoolbox-cli
4. TCG Opal Flows
NVMe flow
Set and Display Locking Range 0
Load PBA Image and Enable MBR Shadow
PSID Revert
SATA flow
Set and display locking ranges
Load PBA Image and Enable MBR Shadow
PSID Revert
5. Functions
Initial
-isSupportOpal <device>
- Verify whether the given device is Opal device or not
$ sudo opaltoolbox -isSupportOpal /dev/nvme0
-initialSetup <password> <device>
- Setup the device for use with cli, <password> is new password.
$ sudo opaltoolbox -initialSetup [new password] /dev/nvme0
-changePassword <oldpassword> <newpassword> <device>
- Change the password for Admin
$ sudo opaltoolbox -changePassword [old password] [new password] /dev/nvme0
Lock / Unlock
- DO NOT lock the OS disk
-isLockingEnabled <device>
- Verify whether the given device is locking enabled or not
$ sudo opaltoolbox -isLockingEnabled /dev/nvme0
-setLockingRange <RW|LK> <password> <device>
- Set the status of Locking Range 0
$ sudo opaltoolbox -setLockingRange RW [password] /dev/nvme0
-setupLockingRange <password> <device>
- Setup a new Locking Range
$ sudo opaltoolbox -setupLockingRange [password] /dev/nvme0
-enableLockingRange <password> <device>
- Enable a Locking Range 0
$ sudo opaltoolbox -enableLockingRange [password] /dev/nvme0
-disableLockingRange <password> <device>
- Disable a Locking Range 0
$ sudo opaltoolbox -disableLockingRange [password] /dev/nvme0
-listLockingRanges <password> <device>
- List all Locking Ranges
$ sudo opaltoolbox -listLockingRanges [password] /dev/nvme0
PBA (Pre Boot Authentication)
-loadPBAImage <password> <file> <device>
- Write <file> to MBR Shadow area. PBA file download: UEFI64.img
$ sudo opaltoolbox -loadPBAImage [password] [file path] /dev/nvme0
-setMBREnable <on|off> <password> <device>
- Enable|Disable MBR shadowing
$ sudo opaltoolbox -setMBREnable on [password] /dev/nvme0
PSID Revert
-yesIreallywanttoERASEALLmydatausingthePSID <PSID> <device>
- Revert the device using the PSID ERASING ALL the data
$ sudo opaltoolbox -yesIreallywanttoERASEALLmydatausingthePSID [PSID] /dev/nvme0
Others
-h
- Execute the following command to get help about other command usage.
$ sudo opaltoolbox -h