Endpoint Encryption

 View Only
  • 1.  Using PE Recovery with Hardware Encrypted Opal Drive

    Posted Apr 27, 2021 01:31 PM
    All,

    I've created a Win PE recovery disk that I've used with success with software encrypted drives for years.

    I have not been able to get it to work with hardware encrypted ones, even though the drive is on the whitelist.

    When trying to decrypt, the eedrecoverygui.exe fails with an error and if I try from the command line, it claims to have successfully sent the start command but never actually starts.

    I can't find anything about an issue like this.  Has anyone seen it before?  Is there any way around this?  Assume that I can't boot the computer into Windows for whatever reason.

    Regards,

    Mark Housler
    mhousler@nassconorfolk.com

    ------------------------------
    Best regards!

    Mark Housler
    Help Desk Manager
    GD NASSCO-Norfolk
    mhousler@nassconorfolk.com
    ------------------------------


  • 2.  RE: Using PE Recovery with Hardware Encrypted Opal Drive

    Broadcom Employee
    Posted Apr 28, 2021 07:42 PM
    Process of creating a recovery disk for hardware encrypted Opal drive managed with SEE is bit different.

    Please follow the steps mentioned in the article : https://knowledge.broadcom.com/external/article/162743/creating-and-using-a-recovery-usb-drive.html


  • 3.  RE: Using PE Recovery with Hardware Encrypted Opal Drive

    Broadcom Employee
    Posted Apr 28, 2021 07:42 PM
    You can follow the steps mentioned in the below article to create a recovery disk for Opal drive.

    https://knowledge.broadcom.com/external/article/162743/creating-and-using-a-recovery-usb-drive.html


  • 4.  RE: Using PE Recovery with Hardware Encrypted Opal Drive

    Posted Apr 29, 2021 07:10 AM
    Hello and thank you for the information.

    I tried as you suggested and have an additional question.

    When I authenticated, I used a client administrator with "unlock" permissions only and it decrypted the drive.  Is this by design?  I would have expected it to require a full client administrator.  Can any registered user also decrypt the drive?  

    Regards,

    Mark Housler
    mhousler@nassconorfolk.com

    ------------------------------
    Best regards!

    Mark Housler
    Help Desk Manager
    GD NASSCO-Norfolk
    mhousler@nassconorfolk.com
    ------------------------------



  • 5.  RE: Using PE Recovery with Hardware Encrypted Opal Drive

    Broadcom Employee
    Posted Apr 29, 2021 08:11 AM
    Hi Mark,

    Yes, for recovery of the hardware encrypted Opal drive, any register user can decrypt the disk after successful authentication.

    Thanks,
    Prashant