Managing Self-Encrypting Drives (SED)

TrueNAS Enterprise
UI management of Self-Encrypting Drives (SED) is an Enterprise-licensed feature in TrueNAS 25.04 (and later) that requires an active SED license. SED configuration options are not visible in the TrueNAS Community Edition. Community users wishing to implement SEDs can continue to do so using the command line sedutil-cli utility.

Supported Specifications

Legacy interface for older ATA devices (Not recommended for security-critical environments!)
TCG Opal 1 legacy specification
TCG Opal 2 standard for newer consumer-grade devices
TCG Opalite, which is a reduced form of OPAL 2
TCG Pyrite Version 1 and Version 2 are similar to Opalite, but with hardware encryption removed Pyrite provides a logical equivalent of the legacy ATA security for non-ATA devices. Only the drive firmware protects the device.
Pyrite Version 1 SEDs do not have PSID support and can become unusable if the password is lost.
TCG Enterprise is designed for systems with many data disks. These SEDs cannot unlock before the operating system boots.
TCG Ruby 1.0

See this Trusted Computing Group and NVM Express® joint white paper for more details about these specifications.

Read full post

VDEV Screens

The VDEVs screen lists VDEVS and disks configured for the selected pool. Go to Storage and click on View VDEVs on the VDEVs card to view the VDEVs screen.

Click anywhere on the VDEV to see the drives in it and the ZFS Info card for that VDEV.

Click anywhere on a drive to see the drive cards.

Read full post

Configuring SED Settings

Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes.
Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes.

TrueNAS Enterprise
UI management of Self-Encrypting Drives (SED) is an Enterprise-licensed feature in TrueNAS 25.04 (and later) that requires an active SED license. SED configuration options are not visible in the TrueNAS Community Edition. Community users wishing to implement SEDs can continue to do so using the command line sedutil-cli utility.

Read full post

Advanced Settings Screen

Advanced settings have reasonable defaults in place. A warning message displays for some settings advising of the dangers of making changes. Changing advanced settings can be dangerous when done incorrectly. Use caution before saving changes.
Make sure you are comfortable with ZFS, Linux, and system configuration, backup, and restoration before making any changes.

The Advanced Settings screen provides configuration options for the console, syslog, audit, kernel, sysctl, storage (system dataset pool), replication, WebSocket sessions, cron jobs, init/shutdown scripts, NTP servers, allowed IP addresses, isolated GPU device(s), self-encrypting drives, and global two-factor authentication.

Read full post

Industry

Use Cases

Support

Resources

Community

Managing Self-Encrypting Drives (SED)

Supported Specifications

VDEV Screens

Configuring SED Settings

Advanced Settings Screen

Search TrueNAS Documentation

Industry

Use Cases

Support

Resources

Community

Supported Specifications