diff --git a/include/x86/ahci.h b/include/x86/ahci.h
index 831fa8b0..2b96ef72 100644
--- a/include/x86/ahci.h
+++ b/include/x86/ahci.h
@@ -174,6 +174,6 @@ struct ahci_received_fis {
 uint32_t ahci_enable(uint32_t bus, uint32_t dev, uint32_t fun);
 void sata_enable(uint32_t base);
 void sata_disable(uint32_t base);
-int sata_unlock_disk(int drv);
+int sata_unlock_disk(int drv, int freeze);
 
 #endif /* AHCI_H */
diff --git a/src/update_disk.c b/src/update_disk.c
index ca73d1e3..b6c9e5c7 100644
--- a/src/update_disk.c
+++ b/src/update_disk.c
@@ -97,7 +97,7 @@ void RAMFUNCTION wolfBoot_start(void)
     if (ret != 0)
         panic();
 #if defined(WOLFBOOT_ATA_DISK_LOCK)
-    ret = sata_unlock_disk(BOOT_DISK);
+    ret = sata_unlock_disk(BOOT_DISK, 1);
     if (ret != 0)
         panic();
 #endif /* WOLFBOOT_ATA_DISK_LOCK */
diff --git a/src/x86/ahci.c b/src/x86/ahci.c
index bcc0ac3f..e232c27d 100644
--- a/src/x86/ahci.c
+++ b/src/x86/ahci.c
@@ -387,7 +387,7 @@ static int sata_get_unlock_secret(uint8_t *secret, int *secret_size)
 }
 #endif /* WOLFBOOT_TPM_SEAL */
 
-int sata_unlock_disk(int drv)
+int sata_unlock_disk(int drv, int freeze)
 {
     int secret_size = ATA_UNLOCK_DISK_KEY_SZ;
     uint8_t secret[ATA_UNLOCK_DISK_KEY_SZ];
@@ -404,9 +404,15 @@ int sata_unlock_disk(int drv)
     ata_st = ata_security_get_state(drv);
     wolfBoot_printf("ATA: Security state SEC%d\r\n", ata_st);
     if (ata_st == ATA_SEC1) {
-        AHCI_DEBUG_PRINTF("ATA identify: calling freeze lock\r\n", r);
-        r = ata_security_freeze_lock(drv);
-        AHCI_DEBUG_PRINTF("ATA security freeze lock: returned %d\r\n", r);
+        if (freeze) {
+            AHCI_DEBUG_PRINTF("ATA identify: calling freeze lock\r\n", r);
+            r = ata_security_freeze_lock(drv);
+            AHCI_DEBUG_PRINTF("ATA security freeze lock: returned %d\r\n", r);
+            if (r != 0)
+                return -1;
+        } else {
+            AHCI_DEBUG_PRINTF("ATA security freeze skipped\r\n");
+        }
         r = ata_identify_device(drv);
         AHCI_DEBUG_PRINTF("ATA identify: returned %d\r\n", r);
         ata_st = ata_security_get_state(drv);
@@ -420,14 +426,22 @@ int sata_unlock_disk(int drv)
         AHCI_DEBUG_PRINTF("ATA identify: returned %d\r\n", r);
         ata_st = ata_security_get_state(drv);
         if (ata_st == ATA_SEC5) {
-            AHCI_DEBUG_PRINTF("ATA identify: calling device freeze\r\n", r);
-            r = ata_security_freeze_lock(drv);
-            AHCI_DEBUG_PRINTF("ATA device freeze: returned %d\r\n", r);
+            if (freeze) {
+                AHCI_DEBUG_PRINTF("ATA identify: calling freeze lock\r\n", r);
+                r = ata_security_freeze_lock(drv);
+                AHCI_DEBUG_PRINTF("ATA security freeze lock: returned %d\r\n",
+                                  r);
+                if (r != 0)
+                    return -1;
+            } else {
+                AHCI_DEBUG_PRINTF("ATA security freeze skipped\r\n");
+            }
             r = ata_identify_device(drv);
             AHCI_DEBUG_PRINTF("ATA identify: returned %d\r\n", r);
         }
         ata_st = ata_security_get_state(drv);
-        if (ata_st != ATA_SEC6) {
+        AHCI_DEBUG_PRINTF("ATA: Security enabled. State SEC%d\r\n", ata_st);
+        if ((freeze && ata_st != ATA_SEC6) || (!freeze && ata_st != ATA_SEC5)) {
             panic();
         }
         ata_st = ata_security_get_state(drv);