Frequently Asked Questions

What does Opal Lock do and why do I need it?

Opal Lock utilizes Opal SED technology to set up and manage built-in hardware-based encryption on compatible drives. Protecting your data is more important than ever before, and Opal Lock provides protection that cannot be cracked even in cases of physically losing your drive.

What is a self-encrypting drive (SED)? What is an Opal SED?

Self-encrypting drives are a type of drive that have built-in hardware-based encryption. Opal SEDs conform to the Opal SSC specification made by TCG. Many drive manufacturers produce drives that are Opal SEDs.

How do I know if my drive is compatible with Opal Lock?

Drives that are compatible with Opal Lock have a unique Physical Security ID (PSID). The drive’s PSID is printed on the label of the drive. To read more about TCG drives click here.

Can I use Opal Lock with external/portable drives?

Opal Lock is able to detect, set up, and manage all Opal drives that are mounted on the system, internally or externally.

What are the system requirements for Opal Lock?

Opal Lock is available for Windows 10/11, Windows Server 2019/2022. Opal Lock is compatible with SATA, NVMe, USB and other third party drivers like the SAS host adapter, including both hard disk drives (HDDs) and solid state drives (SSDs). An unused USB drive is also required for setup.

With Opal Lock, how secure is my data if I were to lose my computer?

Your data cannot be accessed without your password. An adversary would be unable to decrypt the data and would only be able to execute a cryptographic erase, which would erase all data on the drive without exposing it.

Does Opal Lock encrypt my data? What type of encryption does it use?

Opal Lock enables the drive’s built-in encryption. When the drive is locked, all data on the drive is encrypted using hardware-based encryption.

Is Opal Lock available for Mac? How about iPhones or Android devices?

Opal Lock is coming soon for Mac but unfortunately currently not available for mobile devices.

Does Opal Lock support drives with namespaces?

Unfortunately, Opal Lock does not support namespaces.

What to do when System Drive is Locked Out?

This happens when the Preboot Image is not written on the Shadow MBR of the system drive at the time of Setting up the System drive. In this case “Recovery USB” can be used to unlock the System drive.

What is SID and why does Opal Lock not support setting up a drive with the "Block SID" enabled status?

Understanding Block SID– Block SID (Security ID) is a security feature in self-encrypting drives (SEDs) that comply with Opal standards. It restricts certain operations when the drive is locked to enhance security.

Solution– Disable Block SID in the BIOS: To set up such drives using Opal Lock, you’ll need to disable the Block SID feature in the BIOS settings. This option is typically found under the Security or Advanced Settings section of the BIOS. Once Block SID is disabled, retry the operation with Opal Lock. With Block SID turned off, Opal Lock should be able to perform the desired operation on Drive without encountering compatibility issues.

Note– It’s important to note that the Block SID feature status will revert to its original value upon system reboot. This means that if you disable Block SID in the BIOS settings to perform the desired operation with Opal Lock, the feature will be re-enabled automatically when the system restarts.

Opal Lock utilizes Opal SED technology to set up and manage built-in hardware-based encryption on compatible drives. Protecting your data is more important than ever before, and Opal Lock provides protection that cannot be cracked even in cases of physically losing your drive.

Self-encrypting drives are a type of drive that have built-in hardware-based encryption. Opal SEDs conform to the Opal SSC specification made by TCG. Many drive manufacturers produce drives that are Opal SEDs.

Drives that are compatible with Opal Lock have a unique Physical Security ID (PSID). The drive’s PSID is printed on the label of the drive.

Opal Lock is able to detect, set up, and manage all Opal drives that are mounted on the system, internally or externally.

Opal Lock is available for Windows 10/11, Windows Server 2019/2022. Opal Lock is compatible with SATA, NVMe, USB and other third party drivers like the SAS host adapter, including both hard disk drives (HDDs) and solid state drives (SSDs). An unused USB drive is also required for setup.

Your data cannot be accessed without your password. An adversary would be unable to decrypt the data and would only be able to execute a cryptographic erase, which would erase all data on the drive without exposing it.

Opal Lock enables the drive’s built-in encryption. When the drive is locked, all data on the drive is encrypted using hardware-based encryption.

Opal Lock is coming soon for Mac but unfortunately currently not available for mobile devices.

Unfortunately, Opal Lock does not support namespaces.

This happens when Preboot Image is not written on the Shadow MBR of the system drive at the time of Setting up the System drive. In this case “Recovery USB” can be used to unlock the System drive.

Understanding Block SID– Block SID (Security ID) is a security feature in self-encrypting drives (SEDs) that comply with Opal standards. It restricts certain operations when the drive is locked to enhance security.
Solution– Disable Block SID in the BIOS: To set up such drives using Opal Lock, you’ll need to disable the Block SID feature in the BIOS settings. This option is typically found under the Security or Advanced Settings section of the BIOS. Once Block SID is disabled, retry the operation with Opal Lock. With Block SID turned off, Opal Lock should be able to perform the desired operation on Drive without encountering compatibility issues.
Note– It’s important to note that the Block SID feature status will revert to its original value upon system reboot. This means that if you disable Block SID in the BIOS settings to perform the desired operation with Opal Lock, the feature will be re-enabled automatically when the system restarts.