Setup MASTER SED password

TrueNAS General
,
1

Hello, I’m trying to setup global SED password accroding to Managing Self-Encrypting Drives (SED) however I can configure separate MASTER and USER passwords in web admin but sedhelper take only single password.

  • Does this script handle only USER password ?
  • How or when is the MASTER password configured in web admin used in TrueNAS ?
  • Isn’t it security issue if MASTER password is not handled/setup by the script (e.g. retaining well known default factory MASTER password in the worst case) ?
  • Shouldn’t be there mention how to setup MASTER password in the documentation since not doing so may be a severe security issue ?
2

If I setup password with sedhelper does it mean master password is not configured ?

ChatGPT said:

Yes — if you set a password using sedhelper, it configures only the USER password, and the MASTER password remains at its factory default or unset, depending on the drive.

:mag: What sedhelper Does

  • Sets the ATA USER password to lock the drive.
  • Enables ATA security (if it wasn’t already).
  • Stores the USER password in TrueNAS for automatic unlock at boot.

:x: What sedhelper Does NOT Do

  • It does NOT configure the MASTER password.
  • It does not verify or change the existing MASTER password.
  • It does not give recovery access via MASTER if the USER password is lost.

:warning: Implication

If you use sedhelper without setting a MASTER password manually:

  • You lose recovery capabilities unless the MASTER password was manually configured beforehand.
  • Some drives ship with a default MASTER password (often known or empty), which may be a security risk.
  • Other drives have Master Password Revision Code (MPRC) set to disable MASTER password usage.