It's possible to encrypt and decrypt a drive with hdparm coupled with Full Disk Encryption like some Samsung and Intel SSDs. What I'm curious about is if it's possible to use with a Desktop motherboard.
Seeing as there is very little support for desktop motherboards with HDD password BIOS/EFI settings, is it possible to boot into a temporary space issue the hdparm commands and continue booting without power cycling? What would be the most non obtrusive way to set this up?
SEDs (or FDEs) are locked again on power-loss, therefore they should stay unlocked during a reboot. You should be able to boot your PC from a live stick or CD, enter the ATA pw (e.g. with hdparam), remove the live CD and simply reboot the PC. The problem is, that you have to do it every time you start your PC.
Note that this current behaviour of SEDs is the basis for the hot plug attack. If the SED/the PC is still on, but maybe locked, the data cable can be plugged off and connected to another PC while still maintaining the power connection to the first PC. The SED will not notice the change of the data cable and you have connected the unlocked SED to another PC and can access the disk. This becomes even more simple, if the other PC supports SATA hot plugging.
Note: A few BIOSes send a LOCK command upon reboot, therefore entering the ATA pw is necessary again. This is a simple software solution to enhance security. Also here, a well timed disconnect and swift reconnect of the data cable allows an additional attack vector. You will have to try if your particular BIOS sends a LOCK command. I would guess, that if the BIOS has no ATA pw functionality at all, it is most likely, it will not send a LOCK command, but you can only be certain if you test it by yourself.
