For years the LUKS2 (Linux Unified Key Setup), implemented through cryptsetup library,
provides a convenient way to setup FDE (full disk encryption) in many Linux distributions.
Until recently cryptsetup project rejected any suggestion for adding support for closed
hardware-based FDE implementations. This changed with a recent version of cryptsetup
(2.7.0) where we introduced support for OPAL2 standardised self-encrypting drives directly
in LUKS2 format.

In this presentation, we will outline a series of improvements in Linux kernel that opened
the way to integrate OPAL2 drives with LUKS2 format.

We will focus on the integration of the OPAL2 enabled drives in the systems, and how it may
help harden data at rest encryption security and what other benefits the feature brings
to both personal laptop users and enterprise customers where requirements for compliance
with FDE criteria may apply.

In the end, we will demonstrate in the current
Fedora distribution the seamless integration of LUKS2 OPAL2 device ready to use out-of-the-box.