diff --git a/tests/opal2-test b/tests/opal2-test
index 4f41b016..fb071055 100755
--- a/tests/opal2-test
+++ b/tests/opal2-test
@@ -6,6 +6,7 @@ CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
 
 PWD1="93R4P4pIqAH8"
 DEV_NAME=dummy
+HDR_FILE=opal2_test_hdr_file
 
 FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
 
@@ -22,6 +23,7 @@ function remove_mapping()
 {
 	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
 	[ -b /dev/mapper/$DEV_NAME-dif ] && dmsetup remove --retry $DEV_NAME-dif
+	[ -f $HDR_FILE ] && rm -f $HDR_FILE
 }
 
 function skip()
@@ -31,51 +33,61 @@ function skip()
 	exit 77
 }
 
+function test_device() #opal_mode, #format_params, #--integrity-no-wipe
+{
+	echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 $1 $2 $3 -q $FAST_PBKDF_OPT $OPAL2_DEV || fail
+	echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail
+	test -z "$3" ||	dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail
+	$CRYPTSETUP luksSuspend $DEV_NAME || fail
+	dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
+	echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
+	dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail
+	$CRYPTSETUP close $DEV_NAME || fail
+	dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
+	echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail
+}
+
+function test_device_detached_header() #hdr, #opal_mode, #format_params, #--integrity-no-wipe
+{
+	echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --header $1 $2 $3 $4 -q $FAST_PBKDF_OPT $OPAL2_DEV || fail
+	echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --header $1 || fail
+	test -z "$4" ||	dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail
+	$CRYPTSETUP luksSuspend $DEV_NAME || fail
+	dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail
+	echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
+	echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $1 || fail
+	dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail
+	$CRYPTSETUP close $DEV_NAME || fail
+	dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail
+	echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME --header $1 || fail
+	$CRYPTSETUP close $DEV_NAME --header $1 || fail
+	dd if=$OPAL2_DEV of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 && fail
+	echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q --header $1 || fail
+	rm -f $1
+}
+
 # Do not run automatically.
 [ -z "$OPAL2_DEV" ] && skip "WARNING: Variable OPAL2_DEV must be defined (partition or block dev), test skipped."
 [ -z "$OPAL2_ADMIN_PIN" ] && skip "WARNING: Variable OPAL2_ADMIN_PIN must be defined, test skipped."
 
 echo "[1] OPAL2 HW only"
-echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal-only -q $FAST_PBKDF_OPT $OPAL2_DEV || fail
-echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail
-$CRYPTSETUP luksSuspend $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
-dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail
-$CRYPTSETUP close $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail
+test_device --hw-opal-only
 
 echo "[2] OPAL2 + dmcrypt"
-echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal -q $FAST_PBKDF_OPT $OPAL2_DEV || fail
-echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail
-$CRYPTSETUP luksSuspend $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
-dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail
-$CRYPTSETUP close $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail
+test_device --hw-opal
 
 echo "[3] OPAL2 + auth encryption"
-echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal -q $FAST_PBKDF_OPT $OPAL2_DEV -c aes-gcm-random --integrity aead --integrity-no-wipe  || fail
-echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail
-dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail
-$CRYPTSETUP luksSuspend $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
-dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail
-$CRYPTSETUP close $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail
+test_device --hw-opal "-c aes-gcm-random --integrity aead" --integrity-no-wipe
+test_device --hw-opal "-s 280 -c aes-ccm-random --integrity aead" --integrity-no-wipe
 
-echo -e "$PWD1\n$OPAL2_ADMIN_PIN" | $CRYPTSETUP luksFormat --type luks2 --hw-opal -q $FAST_PBKDF_OPT $OPAL2_DEV -s 280 -c aes-ccm-random --integrity aead --integrity-no-wipe  || fail
-echo $PWD1 | $CRYPTSETUP open $OPAL2_DEV $DEV_NAME || fail
-dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=1 oflag=direct >/dev/null 2>&1 || fail
-$CRYPTSETUP luksSuspend $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
-dd if=/dev/mapper/$DEV_NAME of=/dev/zero bs=1M count=1 iflag=direct >/dev/null 2>&1 || fail
-$CRYPTSETUP close $DEV_NAME || fail
-dd if=$OPAL2_DEV of=/dev/zero bs=1M skip=16 count=1 iflag=direct >/dev/null 2>&1 && fail
-echo $OPAL2_ADMIN_PIN | $CRYPTSETUP luksErase $OPAL2_DEV -q || fail
+wipefs -a $OPAL2_DEV
+
+echo "[4] OPAL2 HW only (detached header)"
+test_device_detached_header $HDR_FILE --hw-opal-only
+
+echo "[5] OPAL2 + dmcrypt (detached header)"
+test_device_detached_header $HDR_FILE --hw-opal
+
+echo "[6] OPAL2 + auth encryption (detached header)"
+test_device_detached_header $HDR_FILE --hw-opal "-c aes-gcm-random --integrity aead" --integrity-no-wipe
+test_device_detached_header $HDR_FILE --hw-opal "-s 280 -c aes-ccm-random --integrity aead" --integrity-no-wipe