Ahci_sbe is a software that I wrote in 2014. Here is a quick summary of the scenario in which it is helpful:
ahci_sbe is a BIOS extension that runs before the operating system is started and allows you to enter passwords to unlock SATA drives. See here for more info.
Installing ahci_sbe is not easy, because you need to either modify your BIOS image or write the image to the option ROM of a PCI extension card.
In this post I want to address the installation problem, especially explain how I have done it and how I would recommend other people to try it.
Please keep in mind that ahci_sbe is experimental software and might or might not work in your configuration. Do not expect too much.
I have not done this and do not recommend it to others. First, if you are unlucky and flash a faulty BIOS image to your motherboard, your motherboard will be unusable afterwards. But if you feel comfortable with modifying your BIOS image and have experience with it, go ahead. There might be some helpful information in the comment section of the ahci_sbe website. The great thing in favor of this approach is that you have to buy no additional hardware and have to use no extension slots of your motherboard for this.
This is what I have done and what I would also recommend to others. You get a PCI network card with an option ROM. The option ROMs on network cards are meant to add an option for network boot to your computer, but the ROM can usually be replaced with whatever you want, for example ahci_sbe. Unfortunately, network boot and option ROMs seem to become less and less popular nowadays and it gets harder to find suitable network cards. (Might this be because many motherboards already come with a network port and support for network boot out of the box?)
My research has led me to recommend old network cards like this one to install ahci_sbe on:
This one uses the Realtek RTL8139 controller, which is my recommendation. Network cards with the RTL8139 are easy and cheap to find on the second hand market, just look on eBay if you do not happen to find out in your old hardware box. The network card should come with an unpopulated DIP-28 socket, so you will also need to get a DIP-28 EEPROM as the actual option ROM. Any ROM that sells as "28C64" should be compatible. Just hope that your network card supports 5 volt ROMs.
Here is a bad picture of how a ROM could look like that you install on the network card. Make sure the mark on the socket is on the same side as the mark on the chip. ;-)
Side note: Many newer network cards, such as this one with the RTL8169 controller only support 3.3 volt ROMs. The DIP-32 socket deceptively suggests that plugging an actual ROM chip in here will be easy, but I have not been able to find a comptabile ROM anywhere. In theory 3.3 volt ROMs compatible with the newer cards should be called "29LV040" and similar, but I have only found them with a PLCC package (e. g. as MX29LV040CQI-70G), so to fit into the DIP socket we would need an adapter.
Here you have two options:
Use the open-source flashrom tool tool to flash ahci_sbe to your network card's option ROM. They have support for the RTL8139 with the flag
Use an EEPROM programmer (cheap option would be the TL866 from eBay) and flash the EEPROM before you put it in your card. This gives you the most freedom to experiment.
Another useful place for information on how to flash option ROMs might be the website of the Etherboot / gPXE project, as the people there face the same problem.
Use a EEPROM programmer on machine A and have your network card in machine B. For each "test cycle", write the new software to the ROM and plug it back into machine B's network card. To make plugging the ROM in and out more comfortable, install a ZIF socket (zero insertion force) on your networkk card, just like I did in the development phase:
If your motherboard only has PCIe slots, you obviously need a PCIe network card with option ROM (the option ROMs are then typically not DIP chips, but much smaller chips that use some serial interface). Intel makes a few such cards, but they are pricey and I did not try it.
I also had some reports where it did not work on recent boards. I suspect this has something to do with UEFI. You can still try it, but I can not help with that, sorry.
Some final idea: When you get a new motherboard (or laptop) and you want to use (S)ATA security features, make sure in advance that the motherboard supports that.
Good luck to everyone and thanks for using ahci_sbe!