TCG OPAL is a standard for enhanced storage media security. This protocol can be used over SATA or NVMe and is defined and further developed by the Trusted Computer Group.
The OPAL protocol and its implications
The OPAL protocol is defined in various versions such as Light, 1.0, 2.0, and others. Storage devices with OPAL support the creation of users and the locking of storage devices for read/write (RW), read/write (RO), or complete data erasure. Storage devices with OPAL enabled must be unlocked before starting the operating system (if the device is to be booted from it). This is done by entering the user password. Afterward, the device can boot Windows or Linux normally.
The problem with OPAL data carriers
If you receive OAPL disks, they will likely still be locked. To successfully erase the disks, they must first be unlocked. This can be done either by entering the password or, if the password is unknown, by entering the PSID. The PSID is a number on the back of the disk and can be used as a universal key to restore the disk to its factory settings, without needing to know the disk's access credentials.
Unlocking data carriers with toolstar®
The toolstar®shredderLX supports unlocking via PSID. This is the most secure method and the one that always works. Unlocking must be done manually before erasing. The PSID must be known beforehand. You can find it on the sticker on the back of the storage medium. The number is labeled PSID by default. The detailed procedure is as follows:
First, check the current status of each hard drive in the hard drive menu. You'll find this information directly in the data. It might look something like this:
Modell: KINGSTON SA2000M8250G
Revision: S5Z42105
Seriennummer: 50026B******F5B6
Sektoren: 488.397.168
Sektorgröße: 512 Bytes
Kapazität: 232,9 GB
Schnittstellentyp: NVMe
Angeschlossen an: Intel Comet Lake PCI Express Root Port #9
PCI-Bus/Device/Funktion: 0/1D/00
SMART: unterstützt und aktiviert
SMART-Selbsttest: ja
Dauer des erweiterten Selbsttests: 5 Minuten
Sanitize-Features: nein
NVMe Format unterstützt: nein
Opal unterstützt: 2
Opal Locking unterstützt: ja
Opal Locking aktiv: ja
Opal locked: ja
PCI-Hersteller-ID: 2646h
PCI-Subsystem-Hersteller-ID: 2646h
Anzahl unterstützter Power States: 4
Anzahl Namensräume: 1
Flüchtiger Schreibcache vorhanden: jaHere you will find information that the drive supports OPAL version 2. OPAL is currently active and the drive is actively locked. You should also find an "Opal: Unlock" option on the left. Using this button, you can enter the PSID to unlock and reset the drive. Afterward, erasing data is possible without any problems.
Enter the PSID from the back of the disc in full, using all capital letters, in this dialog box. The field is already pre-filled with the disc's serial number, but this does not represent the complete PSID. Since many PSIDs begin with the disc's serial number, this should simplify the process. However, the number might not be related to the serial number at all. Once you have entered the number and confirmed with OK, you will receive brief confirmation of the process. Then, check the information displayed to see if the disc is unlocked. The information should look like this:
Modell: KINGSTON SA2000M8250G
Revision: S5Z42105
Seriennummer: 50026B******F5B6
Sektoren: 488.397.168
Sektorgröße: 512 Bytes
Kapazität: 232,9 GB
Schnittstellentyp: NVMe
Angeschlossen an: Intel Comet Lake PCI Express Root Port #9
PCI-Bus/Device/Funktion: 0/1D/00
SMART: unterstützt und aktiviert
SMART-Selbsttest: ja
Dauer des erweiterten Selbsttests: 5 Minuten
Sanitize-Features: nein
NVMe Format unterstützt: nein
Opal unterstützt: 2
Opal Locking unterstützt: ja
Opal Locking aktiv: nein
Opal locked: nein
PCI-Hersteller-ID: 2646h
PCI-Subsystem-Hersteller-ID: 2646h
Anzahl unterstützter Power States: 4
Anzahl Namensräume: 1
Flüchtiger Schreibcache vorhanden: jaIf the locking mechanism is no longer active and Opal is also locked, the hard drive can be used normally. The drive then behaves like a normal SATA or NVMe drive and can be erased using all standard methods, just like any other drive.
