Answer: SED Control is used to perform the following basic tasks:
- Erase – This erases all user data, formatting, and passwords from the drive. After you erase the drive, you will also have to initialize and format the drive using the Disk Utility (on Mac) or the Disk Management tool (on Windows). Remember to format as an exFAT drive if you wish to use it on Windows as well as the Mac. You will have to run the Setup command in SED Control if you want to set a password for the drive again.
- Setup – Configures a new or erased SED and sets a new password for the drive.
- Password – Changes the password.
- Unlock/Lock – Unlock/Lock the drive using the password.
Answer: On Mac, simply start SED Control from your Applications folder. On Windows, launch the SED Control executable in C:\Program Files\Bright Plaza Inc\SEDUtil\sedcontrol.exe
Answer: SED Control only allows you to unlock a USB storage device with an Opal compliant self-encrypting drive that has been password protected.
Make sure that your drive is an Opal self-encrypting drive and/or that a password has been set for the drive.
Also, on Windows, make sure you have selected your drive in the drop down list.
Answer: In SED Control, click the Password button, enter the old password, and enter the new password once and then another time to confirm it.
SED Control checks to make sure the new password and the confirm match, and then the new password is set.
Answer: Yes, SED Access supports both Mac and Windows. You will need to install the appropriate version of SED Access on your Windows and Mac machines, but you should then be able to unlock the drive and use it on both platforms.
Note, however, you should make sure you’re your drive is formatted with the exFAT file system for maximum portability between the two operating systems.
Be sure you make a backup copy of your data before reformatting your drive for ExFAT.
Answer: This is a known issue on the Mac. If you format the disk for interoperability with Windows (i.e., you format the drive to use the exFAT file system) you CANNOT copy time-machine backups to it. MAC OS X refuses and says the disk take such backup files.
One workaround to this problem is to take advantage of ranges on the self-encrypting drive. In other words, you can create two volumes on the disk, one formatted the file system needed for the backup on the Mac (i.e. Mac OS Extended (Journaled)) and one formatted with the exFAT file system for sharing with Windows.
Answer: With Windows 10, Microsoft introduced User Account Control settings that are designed to help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission.
SED Control requires administrator level permission to access your USB attached Opal SED, and so you may click Yes to give SED Control permission when you see these warnings.
You can also configure Windows to change the settings for triggering the User Account Control messages, but you should do so with caution as those settings are designed to protect your PC.
Answer: Both SED Acces and SED Control can be used to unlock your USB Opal self-encrypting drive with the password.
SED Control is a more fully featured application. If you are already running SED Control, it is assumed that you are doing more advanced features with the drive, and so SED Access is suppressed while SED Control is running.
Answer: This erases all user data, formatting, and passwords from the drive. This cannot be undone. Please make sure you have a backup copy of any data before erasing the drive.
Answer: SETUP will prompt the user to enter in a password. This password is used to secure the drive. Moving forward the user will have to supply the password in order to unlock the drive and access the data on it.
From the standpoint of the Trusted Computing Group (TCG) Opal Security Subsystem Class specification, SETUP sets the SID and the Admin1 values to the password entered by the user.
Answer: You can download SED Access again from our site at this location: https://www.drivetrust.com/sed-control/
Answer: SED Access is a Windows C++ application built using Visual Studio 2015.
In order to run SED Access, the PC needs to have installed the run-time components that are required to run C++ applications built using Visual Studio 2015.
You can download the installer for the run-time components here. However, if you run the installer for SED Access, we automatically install it for you.
Opal SEDs
Answer: If you are using a USB attached storage device with an Opal compliant self-encrypting drive that has been password protected, you will need to a way to enter a password before you will be able to access the files on the drive.
SED Access is a simple graphical user interface program that recognizes the password protected USB SED and allows you to enter the password to unlock the drive.
Answer: SED Access runs in the background on both Windows and Mac.
Verify that the applications are running by checking for the Drive Trust Alliance icon in the system tray on Windows and the status menu on Mac.
Then simply plug in a USB Opal SED, and SED Access will prompt you for the password to unlock the drive.
Answer: The SED Access window will only appear if you have attached a USB storage device with an Opal compliant self-encrypting drive that has been password protected.
Make sure that your drive is an Opal self-encrypting drive and/or that a password has been set for the drive.
Answer: The SED Access window is only used to unlock an attached USB storage device with an Opal compliant self-encrypting drive that has been password protected.
To set or change your password, you will need to use our SEDControl software. You may have already installed SED Control when you installed SED Access. On Mac, check your Applications folder. On Windows, it can be found in C:\Program Files\Bright Plaza Inc\SEDUtil\sedcontrol.exe.
If you don't have SED Control, you can download it here: https://www.drivetrust.com/sed-control/
Answer: Yes, SED Access supports both Mac and Windows. You will need to install the appropriate version of SED Access on your Windows and Mac machines, but you should then be able to unlock the drive and use it on both platforms.
Note, however, you should make sure you’re your drive is formatted with the esFAT file system for maximum portability between the two operating systems.
Be sure you make a backup copy of your data before reformatting your drive for ExFat.
Answer: This is a known issue on the Mac. If you format the disk for interoperability with Windows (i.e., you format the drive to use the exFAT file system) you CANNOT copy time-machine backups to it. MAC OS X refuses and says the disk take such backup files.
One workaround to this problem is to take advantage of ranges on the self-encrypting drive. In other words, you can create two volumes on the disk, one formatted the file system needed for the backup on the Mac (i.e. Mac OS Extended (Journaled)) and one formatted with the exFAT file system for sharing with Windows.
Answer: With Windows 10, Microsoft introduced User Account Control settings that are designed to help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission.
SED Access requires administrator level permission to access your USB attached Opal SED, and so you may click Yes to give SED Access permission when you see these warnings.
You can also configure Windows to change the settings for triggering the User Account Control messages, but you should do so with caution as those settings are designed to protect your PC.
Answer: On Windows, SED Access can be found in C:\Program Files\Bright Plaza Inc\SEDUtil\sedaccess.exe. Simply double click the executable to start SED Access.
Answer: You can download SED Access again from our site at this location: https://www.drivetrust.com/sed-access/
Answer: SED Control is a Windows C++ application built using Visual Studio 2015.
In order to run SED Control, the PC needs to have installed the run-time components that are required to run C++ applications built using Visual Studio 2015.
You can download the installer for the run-time components here. However, if you run the installer for SED Control, we automatically install it for you.
Answer: SEDUtil-CLI is a command line program that is accessible through a Windows Command prompt running as Administrator or through a Mac terminal window.
This program allows you to configure advanced features for your drive, such as setting ranges, loading pre-boot images, setting passwords, reverting the drive, etc.
It is particularly useful for IT managers and systems administrators who are looking for tools to manage lots of SEDs.
Simply run "sedutil-cli.exe" on Windows at the Command Prompt or "sedutil-cli" on Mac in the terminal window to get a list of options and corresponding explanations.
Answer: SED Util runs in a Windows Command Prompt (running as administrator) or a Mac Terminal window.
Simply run "sedutil-cli.exe" on Windows at the Command Prompt or "sedutil-cli" on Mac in the terminal window to get a list of options and corresponding explanations.
Answer: Follow these instructions:
- Click the Start button .
- In the Search box, type command prompt.
- In the list of results, right-click Command Prompt, and then click Run as administrator.
Answer: We currently offer only Windows and Mac executables for SED Util from the Drive Trust Alliance. Linux executables are not currently available.
However, the source code for SED Util is open source and available through GitHub. Click here to access the source code.
Answer: SED Util was designed for use with self-encrypting drives compliant with the Trusted Computing Group (TCG) Opal Security Subsystem Class specification.
Many features of the Opal specification are similar to the TCG Enterprise Security Subsystem Class specification, but we have not rigorously tested SED Util on Enterprise drives.
Answer: The source code for SED Util is open source and available through GitHub under the GPLv3 license. You may customize the software to your liking and contribute your modifications back to us. Click here to access the source code.
You can also retain the Drive Trust Alliance (DTA) to customize the code for you. Simply become a Gold or Platinum member of the DTA and then reach out to us to define a scope of work for your project. Platinum members get 10% off our standard commercial rates for consulting.
Answer: Yes, you will need to load an appropriate pre-boot authentication image (PBA) on the drive.
Answer: SED Util has a "loadPBAimage" option. Run "sedutil-cli.exe" on Windows or "sedutil-cli" on Mac with no arguments to get the syntax for the command. But this will allow you to designate a file to be loaded into the MBR Shadow area of the drive.
Answer: SED Util has a "setupLockingRange" option. Run "sedutil-cli.exe" on Windows or "sedutil-cli" on Mac with no arguments to get the syntax for the command. But this will allow you to set up locking ranges on the drive.
Answer: The Drive Trust Alliance website has a lot of good information to introduce you to self-encrypting drives.
If you want to learn more about the specifications for SEDs, start by reviewing our page on the Trusted Computing Group.
Answer: Here are the commands for unlocking a drive using SED Util:
sedutil-cli --setLockingRange 0 RW
sedutil-cli --setMBRDone on
Note, you may need to get Windows to rescan to locates new disks that have been added to the computer. You can do this with these simple commands through a Command Prompt running as Administrator:
echo > diskpart_commands.txt rescan
diskpart /s diskpart_commands.txt
del diskpart_commands.txt
Answer: SED Util is a Windows C++ application built using Visual Studio 2015.
In order to run SED Util, the PC needs to have installed the run-time components that are required to run C++ applications built using Visual Studio 2015.
You can download the installer for the run-time components here. However, if you run the installer for SED Util, we automatically install it for you.
Answer: The PSID is a 32 byte hex number. Take the dashes out of the PSID and it should work.
INCORRECT:
sedutil-cli --PSIDrevert 31BFC215-6D2C-4F22-8EFA-C8CB79D329A7 \\.\PhysicalDrive1
CORRECT:
sedutil-cli --PSIDrevert 31BFC2156D2C4F228EFAC8CB79D329A7 \\.\PhysicalDrive1
Answer: Yes, SED Util supports both Mac and Windows. You will need to install the appropriate version of SED Util on your Windows and Mac machines, but you should then be able to unlock the drive and use it on both platforms.
Note, however, you should make sure you’re your drive is formatted with the exFAT file system for maximum portability between the two operating systems.
Be sure you make a backup copy of your data before reformatting your drive for ExFat.
Answer: This is a known issue on the Mac. If you format the disk for interoperability with Windows (i.e., you format the drive to use the exFAT file system) you CANNOT copy time-machine backups to it. MAC OS X refuses and says the disk take such backup files.
One workaround to this problem is to take advantage of ranges on the self-encrypting drive. In other words, you can create two volumes on the disk, one formatted the file system needed for the backup on the Mac (i.e. Mac OS Extended (Journaled)) and one formatted with the exFAT file system for sharing with Windows.
Found an error?
The DTA software in the Self-Encrypting Box Evaluation Kit is still in active development. If you found an error in the software, please let us know so that we can get it fixed. Click here to submit a bug report.
