I have an Ubuntu system which boots from a small NVME disk using software encryption, TPM, etc. to mitigate against data loss in case of theft. The system is interfaced with customised PCIe hardware to record data (possibly very large quantities of data).
The end-user interacts with the system via a web-interface and they are not intended to use any user accounts on the system or interact directly with it on keyboard/mouse/monitor. The system has several large drives which are intended to contain the data recorded by the system. These disks are able to be encrypted (or not) at the whim of the end-user.
The large disks are SED capable (not OPAL compliant). When the SED password is set (
hdparm --user-master u --security-set-pass "$password" /dev/...) we see that the disks are not accessible without password (hdparm --user-master u --security-unlock "$password" /dev/...) after they are removed and re-inserted to the host system. Excellent, the encryption is working – our data is safe (OK, safer).However, on power cycle the system pauses during the POST to prompt for a password for each drive (there are 12 of them!). This blocks the boot process. Obviously this is less than ideal for us as we have to connect a monitor and keyboard and tap in the authentication key for each disk. We don’t need these disks to be unlocked at boot time. We can unlock them later (with the above unlock command) when the system is up and running and the system user asks for them to be mounted.
Does anyone have any ideas about how we can prevent the password prompt from blocking the boot process?
Answer
Attribution
Source : Link , Question Author : fishter , Answer Author : Community
