OPAL drive state codes and transitions from state to state
The following Drive State codes apply to TCG OPAL drives - NOT normally for sharing with customers - see NDA references below.
0x0 Clean drive - all data will be passed silently to and from the disk without requiring authentication (drive is "fully open"), as from factory.
0x4 Bootlogon installed, but not encrypted or locked
0x6 Bootlogon installed, encrypted, not locked (or unlocked by authenticating - see state transitions below)
0x7 Bootlogon installed, encrypted, locked
TECHNICAL: This is how we determine if a drive is capable of Opal management (NOTE: this information is under NDA so this should NOT be shared with customers):
1) Send an ATA Identify Device command using PIO mode (not DMA) to the drive (this command should work an any machine and with any SATA drive in the world)
a. If the drive returns a status with the `TCG` bit set then the drive is a SED although it may not necessarily be an Opal drive
2) If `TCG` then we send an Opal `Level 0 Discovery` command. This command is sent via the ATA Trusted Receive command. (Not all I/O controllers support this command.)
If the drive is an Opal drive and the IO controller transfers the command and response back then we will get the Opal status that you see from the HWEMngr utility:
• Bit 0: Disk Locked
• Bit 1: LockingSP enabled (Meaning upon power cycle, disk becomes locked)
• Bit 2: LockingSP issued (Meaning MBR shadow is available)
TRANSITION STATES, AND WHAT THEY MEAN:
Below are the transitions of the status byte (i.e. all 3 bits combined) corresponding to the possible actions performed by SecureDoc:
0: Clean system
0 -> 4: BL is installed
4 -> 6: Disk encrypted via SDCC
6 -> 7: Disk locked (e.g. at PBA upon power cycle)
7 –> 6: Disk unlocked @ PBA
6 –> 4: Disk decrypted via SDCC
4 –> 0: BL uninstalled and MBR shadow is removed … (Usually this step is done together the step before)
Many thanks to Tony Kou and Garry McCracken for this information