i am looking to add Opal 2 drive encryption to CoreBoot i have 2 questions, is this something other would want as it is a black box encryption system and is there a way to keep it safe, i am looking get the PBA working on the librem14.
second is there any documentation on how to edit the kernel in coreboot?
2 Likes
It’s already working in Dasharo, maybe you can reuse their code.
coreboot
edk2
support for Self-Encrypting Drives (SED) with TCG OPAL/TCG Enterprise
That thread mentions that you need to disable the d3cold suspend mode for the drive, you are not able to unlock the drive when it returns from cold suspend. I don’t think there are other kernel changed you need to make.