Self encrypting drive on Ubuntu 22.04

Framework Laptop 13 Linux
1

I know that the hardware encryption of SSD can not be trusted as it is proprietary and also there are some ways to defeat it as demonstrated in an IEEE paper: Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives IEEE Conference Publication IEEE Xplore. But for my threat level, I want to use hardware encryption and not LUKS. I have received an email from Samsung that the issues raised in the IEEE paper has been resolved in Samsung 980 Pro.

Samsung proivides firmware image that can be downloaded at: Samsung Magician & SSD Tools & Software Update Samsung Semiconductor Global, but I am not sure if I can use this on Ubuntu. Can someone try and comment on this?

Is someone in the same situation as I am?

  1. What SSD are you using (Is it Samsung 980 Pro)?
  2. How was your experience with setting up (and chaning) the password using sedutil? Or you used something else?
  3. Were you able to do SSD firmware update? How did you do it?
2
  1. Samsung 990 Pro owner here.
  2. With Framework laptops, self encrypting drives can be controlled from the BIOS (at least, that was the case with my Intel 13th gen). Once set, the BIOS will prompt for the password on reboot. I’ve verified with sedutil that the BIOS actually activates the self-encrypting drive password when doing so (LockingEnabled changed from N to Y).
  3. Yes. I downloaded the Samsung ISO image but I couldn’t be bothered to write it to a USB key and reboot the laptop. So instead I mounted the ISO image file – there’s actually an embedded Linux inside, that launches a proprietary firmware update binary on reboot. So I launched that binary from my desktop Linux and it updated the drive firmware live just fine :slight_smile:. The ISO image also includes many standalone firmware files (for different drive models I guess?) and I tried using them with fwupd (or was it nvme?) instead of the proprietary Samsung binary, but I couldn’t get it to work.
3

@Kamil_Iskra Could you please also verify that if you remove Bios password after setting it up , it changes the LockingEnabled to N