diff --git a/plugins/sed/sed.c b/plugins/sed/sed.c
index 9e48d83286..a616cf2270 100644
--- a/plugins/sed/sed.c
+++ b/plugins/sed/sed.c
@@ -42,6 +42,13 @@ OPT_ARGS(revert_opts) = {
 	OPT_END()
 };
 
+OPT_ARGS(lock_opts) = {
+	OPT_FLAG("read-only", 'r', &sedopal_lock_ro,
+		 "Set locking range to read-only"),
+	OPT_FLAG("ask-key", 'k', &sedopal_ask_key,
+			"prompt for SED authentication key"),
+	OPT_END()
+};
 
 /*
  * Open the NVMe device specified on the command line. It must be the
@@ -130,7 +137,7 @@ static int sed_opal_lock(int argc, char **argv, struct command *cmd,
 	const char *desc = "Lock a SED device";
 	struct nvme_dev *dev;
 
-	err = sed_opal_open_device(&dev, argc, argv, desc, key_opts);
+	err = sed_opal_open_device(&dev, argc, argv, desc, lock_opts);
 	if (err)
 		return err;
 
@@ -150,7 +157,7 @@ static int sed_opal_unlock(int argc, char **argv, struct command *cmd,
 	const char *desc = "Unlock a SED device";
 	struct nvme_dev *dev;
 
-	err = sed_opal_open_device(&dev, argc, argv, desc, key_opts);
+	err = sed_opal_open_device(&dev, argc, argv, desc, lock_opts);
 	if (err)
 		return err;
 
diff --git a/plugins/sed/sedopal_cmd.c b/plugins/sed/sedopal_cmd.c
index 46d2592d56..32ee1d9074 100644
--- a/plugins/sed/sedopal_cmd.c
+++ b/plugins/sed/sedopal_cmd.c
@@ -248,8 +248,12 @@ int sedopal_cmd_initialize(int fd)
  */
 int sedopal_cmd_lock(int fd)
 {
+	int lock_state = OPAL_LK;
 
-	return sedopal_lock_unlock(fd, OPAL_LK);
+	if (sedopal_lock_ro)
+		lock_state = OPAL_RO;
+
+	return sedopal_lock_unlock(fd, lock_state);
 }
 
 /*
@@ -258,8 +262,12 @@ int sedopal_cmd_lock(int fd)
 int sedopal_cmd_unlock(int fd)
 {
 	int rc;
+	int lock_state = OPAL_RW;
+
+	if (sedopal_lock_ro)
+		lock_state = OPAL_RO;
 
-	rc = sedopal_lock_unlock(fd, OPAL_RW);
+	rc = sedopal_lock_unlock(fd, lock_state);
 
 	/*
 	 * If the unlock was successful, force a re-read of the