Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
850 Views

Linux TCG Opal Support on P4610: Has anyone got whole disk encryption working with this drive in Linux? nvme security-recv returns "NVME Security Receive Command Error:16385"

Jump to solution

Using CentOS/RHEL 7.6. Drive recognized by system. Easily writes > 2.0 GB/s sustained write.

 

isdct show returns the following device info:

sudo isdct show -intelssd   - Intel SSD DC P4610 Series BTLN836208X27P6DGN -   Bootloader : 015A DevicePath : /dev/nvme0n1 DeviceStatus : Healthy Firmware : VDV10152 FirmwareUpdateAvailable : The selected Intel SSD contains current firmware as of this tool release. Index : 0 ModelNumber : INTEL SSDPE2KE076T8 ProductFamily : Intel SSD DC P4610 Series SerialNumber : BTLN836208X27P6DGN

When using either sedutil-cli --scan or nvme, get the same error:

 

sudo nvme security-recv /dev/nvme0n1 NVME Security Receive Command Error:16385

Any ideas? Using nvme version 1.6

 

Thank you.

 

 

 

0 Kudos

Accepted Solutions
Highlighted
Moderator
278 Views

Hello NMerr1,

 

Thank you for your reply.

 

To answer your question:

 

“Do you have a link or list of what programs then can provide the hardware-based encryption in Linux (using LUKS effectively negates the performance benefits of NVMe)?”

 

We do apologize at this moment we do not have validated solutions or a list of solutions for Linux to use your hardware-based encryption.

 

I researched online and I found some solutions, but we cannot assure you that it may work with your current configuration since the one recommended by Red Hat* seems to be LUKS (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-enc...):

 

https://www.aescrypt.com/linux_aes_crypt.html

 

https://www.linux-geex.com/centos-7-how-to-setup-your-encrypted-filesystem-in-less-than-15-minutes/

 

We will be looking forward to your reply in case you need further assistance.

 

Have a nice day.

 

Best regards,

 

Josh B.

Intel® Customer Support Technician

Under Contract to Intel Corporation

 

Third-Party Content: Web Sites and Materials may contain user or third party submitted content; such content is not reviewed, approved or endorsed by Intel and is provided solely as a convenience to our customers and users. Under no circumstances will Intel be liable in any way for any third party submitted or provided content, including, but not limited to, any errors or omissions, or damages of any kind. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE MATERIALS IS DONE AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR OTHER DEVICE OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL. By your use, you agree that you must evaluate, and bear all risks associated with, the use of any third-party content, including any reliance on the accuracy, completeness, or usefulness of such content. All postings and use of the Web Sites or Material are subject to these Terms of Use and any other program and site-specific terms. 

View solution in original post

0 Kudos
9 Replies
Highlighted
Moderator
278 Views

Hello NMerr1,

 

Thank you for contacting Intel® Memory & Storage Support.

 

As we understand, you need assistance with your Intel® SSD DC P4610 Series (7.6TB). If we infer correctly we will appreciate if you can review the following article:

 

Does Data Center SSDs support OPAL? (https://www.intel.com/content/www/us/en/support/articles/000030541/memory-and-storage/data-center-ss...)

 

Based on this public article:

 

None of the data center drives support Opal or Opal 2.0 or TCG enterprise. These drives only have AES-256 end to end encryption from within the drive and third party software can be used to encrypt the drive.

 

The information regarding the encryption option can be found in the following link:

https://ark.intel.com/content/www/us/en/ark/products/140107/intel-ssd-dc-p4610-series-7-6tb-2-5in-pc...

 

Hardware Encryption: AES 256 bit

 

We hope you find this information helpful.

 

Thank you for your patience and understanding.

 

Have a nice day.

 

Best regards,

 

Josh B.

Intel® Customer Support Technician

Under Contract to Intel Corporation

0 Kudos
Highlighted
Beginner
278 Views
Thanks for the info Josh. Do you have a link or list of what programs then can provide the hardware based encryption in Linux (using LUKS effectively negates the performance benefits of NVMe)? Thanks for any support.
0 Kudos
Highlighted
Moderator
279 Views

Hello NMerr1,

 

Thank you for your reply.

 

To answer your question:

 

“Do you have a link or list of what programs then can provide the hardware-based encryption in Linux (using LUKS effectively negates the performance benefits of NVMe)?”

 

We do apologize at this moment we do not have validated solutions or a list of solutions for Linux to use your hardware-based encryption.

 

I researched online and I found some solutions, but we cannot assure you that it may work with your current configuration since the one recommended by Red Hat* seems to be LUKS (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-enc...):

 

https://www.aescrypt.com/linux_aes_crypt.html

 

https://www.linux-geex.com/centos-7-how-to-setup-your-encrypted-filesystem-in-less-than-15-minutes/

 

We will be looking forward to your reply in case you need further assistance.

 

Have a nice day.

 

Best regards,

 

Josh B.

Intel® Customer Support Technician

Under Contract to Intel Corporation

 

Third-Party Content: Web Sites and Materials may contain user or third party submitted content; such content is not reviewed, approved or endorsed by Intel and is provided solely as a convenience to our customers and users. Under no circumstances will Intel be liable in any way for any third party submitted or provided content, including, but not limited to, any errors or omissions, or damages of any kind. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE MATERIALS IS DONE AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR OTHER DEVICE OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL. By your use, you agree that you must evaluate, and bear all risks associated with, the use of any third-party content, including any reliance on the accuracy, completeness, or usefulness of such content. All postings and use of the Web Sites or Material are subject to these Terms of Use and any other program and site-specific terms. 

View solution in original post

0 Kudos
Highlighted
Moderator
278 Views

Hello NMerr1,

 

Thank you for having contacted Intel® Memory & Storage Support. 

 

This is just a friendly reminder that your case remains open.

 

Should you need our technical assistance please do not hesitate to contact us back. 

 

Best regards,

 

Josh B.

Intel® Customer Support Technician

Under Contract to Intel Corporation

0 Kudos
Highlighted
Moderator
278 Views

Hello NMerr1,

 

Thank you for having contacted Intel® Technical Support.

 

I was reviewing your community post and we would like to know if you need further assistance or if we can close this case.

 

We will be looking forward to your reply.

 

Best regards,

 

Josh B.

Intel Customer Support Technician

A Contingent Worker at Intel

 

0 Kudos
Highlighted
Beginner
278 Views
Josh, I think we can close it. Hopefully Intel will release a removable NVMe product with TCG Opal support, as this fills a critical need to reap the benefits of NVMe throughput with at-rest security (especially in the U.2 form factor). Thanks for the assistance.
0 Kudos
Highlighted
Moderator
278 Views

Hello NMerr1,

 

Thank you for your reply and for your recommendations.

 

It has been a pleasure to assist you. As per your consent, this case is now closed.

 

Have a nice day.

 

Best regards,

 

Josh B.

Intel Customer Support Technician

A Contingent Worker at Intel

0 Kudos
Highlighted
Beginner
278 Views

The latest firmware (VDV10152) for 4510 is supposed to support OPAL TCG 2.0. However, it does not work.

0 Kudos
Highlighted
Beginner
278 Views

Unfortunately even with newer firmware doesn't work. sedutil-cli and nvme commands show the same error, 16385

 

 

vdv10170.png

0 Kudos