Hi,

I'm fitting a new larger Nvme drive into my ZBook 15 Fury G8. It has the latest BIOS installed. I want to use hardware encryption (TCG OPAL), and I bought a Samsung 990 Evo Plus. Which supports TCG and OPAL.
I enabled encryption to be used on the drive, using Samsung's Magician software, which said after I trigger an erase, it would be then active (or words to a similar effect).
In the BIOS, I also ensured the "allow SID" setting was toggled too. It asked me to type in a confirmation number, to allow this setting, which it showed on the screen. I did this successfully.
I'm basically following the instructions in the SED white paper from HP at: https://h20195.www2.hp.com/v2/GetDocument.aspx?docname=4AA4-4992ENW
I'm new to TCG OPAL, and I'm not full sure I'm doing this correctly, or if the white paper is up to date. Although its not clear who sets up exactly what (would the BIOS do it all now, or must I use Samsung's Magician ?), I thought that after the reboot, I would be at least asked to setup a password.

So now I followed what the new disk asked for, in the details provided by the Magician software, and in the BIOS I selected a secure erase, believing the SSD would be erased. It did actually complete successfully in a few seconds. Although it did say it might take 5 mins. I did not interrupt the process, I just waited until it had successfully completely, when I could hit on "OK" if I remember correctly, when the BIOS responded to the secure erase.

I then wanted to install windows 11 again. As its a new SSD, I didn't mind doing a new install. I'm not sure if the laptop resarted, I don't think it did a full reboot. It came out of the BIOS, and booted up normally. But the drive wasn't fully accessible.
I rebooted again, and then I was asked for a drive lock password. I had never set a drive look password.
It basically will not let me boot from a USB, or my old original nvme drive if the new 990 drive is in a slot in the laptop.
I have to take the new drive out, to be able to use my old nvmw drive again, and get the laptop to work

I don't know what has happened, but the new 990 drive now has drive lock enabled, even though I did not set up a password, or was asked to setup a password.
I thought that maybe the confirmation number I had to type in, would be a password, but this didn't work. I tried 0000 etc etc, but no luck guessing.
I'm wondering if the secure erase somehow failed, and the secure erase on startup sets a temporary ATA password, and hasn't removed it.

What can I do ? I don't have a different machine to plug the new drive into. I have the PSID of the new drive, so I assume I could recover it. I have full physical access to the drive. Also there is noting on it, so I don't care about the data on it.
But I don't know how I can unlock it. Using a nvme to USB convertor ? Could I then access the drive, and hope that the Magician software sees it ? Or use hdparm from a Linux usb stick, if I can get a nvme to usb to work ?

Does anyone know what I've don't incorrectly, and how I can recover the drive ? I've not read any good guides about setting up HW encryption either. My assumption is that it will work similar to an ATA password too. But there is also a “Shadow Master Boot Record” created on SED. Who creates the “Shadow Master Boot Record” ? Does the BIOS do that ?
Although at the moment, I just want my new drive to work again, I want to recover it. I don't care if it gets erased, There is nothing on it anyway. I hope the community can help. Thanks for reading