[ltp] Hard disk password & linux

Yehoshua (Shay) O'Hayon Suchar linux-thinkpad@linux-thinkpad.org
Sat, 14 May 2005 21:24:38 +0300


On Sat, 2005-05-14 at 13:20 -0400, James Knott wrote:
> David A. Desrosiers wrote:
> >>>I thought I'd pose the question, although it has already been 
> >>>noted in some thinkpad linux faqs, but here goes: is it possible 
> >>>to use the hard-disk password with linux?  I've heard the answer 
> >>>is no, but was wondering if there has been any progress on this 
> >>>front.
> > 
> > 
> >>What would be the point?  You can configure Linux to run without a 
> >>password.
> > 
> > 
> > 	I think the point is to run Linux _with_ a password, and 
> > specifically to ensure that if someone takes his machine, they can't 
> > boot it up with KNOPPIX or similar forensics tools and get to the data 
> > on the disk. 
> > 
> > 	Of course this means he'll have to be using filesystem-level 
> > encryption on the disk and swap, but that's not hard to set up, and 
> > there is no way anyone can get to the data on the disk (in any 
> > readible way) without the key. A nice 8192 byte key should do nicely 
> > to thwart brute force for at least the next 50 years, after which 
> > you'll be dead anyway, and your secrets probably won't matter.
> 
> Perhaps I read the question wrong, but I got the impression he was 
> wanting to use the same password for both hard disk and Linux, but not 
> have to enter it for Linux.
> 
> However, I have my hard disk password enabled.  On many computers, you 
> can have the hard disk and boot up passwords the same.  With the hard 
> disk password, your disk is unusable without the password, though I 
> don't know how well it would stand up to someone dismantling the drive 
> and placing the platters in another drive.
> 
> Incidentally, there was an article in the Linux Journal, a few months 
> back, about encrypting the entire file system and booting from a pen 
> drive.  Without the pen drive, the hard disk is unreadable.
> 

I think that encrypting the whole partition is a good option, here's the
article that James wrote about: http://www.linuxjournal.com/article/7743

I'll try it myself when I find a spare time to backup my laptop and pen
drive, and I'll post my results somewhere, if it interests someone.

PD. Question: That hard drive password, it's in the BIOS level, right?
so, if someone removes the BIOS battery for a couple of minutos,
wouldn't this password deleted with the rest of the bios?