[ltp] Hard disk password & linux

Matthias Posseldt linux-thinkpad@linux-thinkpad.org
Tue, 17 May 2005 18:32:05 +0200 

On Monday 16 May 2005 09:02, Martin Eslon wrote:
> Thinkpads seem to have three type of power-on passwords: power-on,
> harddisk and supervisor password.

Right.

> i'm using t21 and power-on password which leaves my data bare-naked
> if hdd is extracted and examined with another computer.

Right, because the power-on password does not in any way affect the 
harddisk. It is stored in an EEPROM or similar and can be erased by 
removing the battery pack and the small battery which provides power to 
hold BIOS and clock settings.

> hdd password is only any good if it does realtime encryption on all
> written data and that takes some cpu power or special chip. i know
> that there are special software (eg 'cpu power' -case) that does that
> (like easyguard etc), but can anyone confirm that thinkpads have
> built in hdd-encryption system which runs from hardware (eg in/with
> ide controller) and not just some hdd-installed piece of software
> which can be formatted etc?

The harddisk password as supported by IBM Thinkpads and other notebooks 
and desktop PCs uses a harddisk function which is present in the ATA 
standard for IDE drives.

While it does not encrypt the data, it effectively denies access to the 
data right after powering the harddisk on until the correct password is 
given (not only on the computer where the harddisk was locked but on 
any computer). But, according to an article in the German computer 
magazine c't at least one company has the knowledge to recover files 
even from password protected harddisks even without opening the 
harddisk.

So, it seems that there are ways to recover data from a locked 
harddrive, but it is very expensive and difficult to do. Strong 
whole-disk encryption continues to be the only way to truly protect 
sensitive data in the long term. But using the ATA harddisk passwords 
is a further obstacle one can use to make it more difficult to retrieve 
sensitive data.

Regards,
Matthias

-- 
There is still the danger of EU software patents!

http://swpat.ffii.org/