Authors
Milan Brož, Tamara Čierniková, Ondřej Kozina, Vladimír Sedláček
Abstract
Opal2 self-encrypting drives provide hardware-based disk encryption serving as an additional layer of protection, or a replacement, for software-based solutions. This paper presents a case study of real-world Linux integration of Opal2 drives and the security of Opal2 firmware. The study was conducted on a testbed of 38 commercial off-the-shelf Opal2 drives from various vendors using a black-box approach. We identified several firmware security issues and incompatibilities, which we responsibly disclosed to respective vendors. Our findings led to improvements in Linux disk encryption tools used across all major Linux distributions. To enable independent evaluation for the public, we release our test scenarios for Opal2 drives as an open-source toolset.