[ltp] Harddisk locking features

Georg Sauthoff linux-thinkpad@linux-thinkpad.org
Mon, 24 May 2004 10:03:12 +0200


--Boundary-02=_GxasA91yIZnggbH
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi,

the harddisk of my IBM R40 2722 thinkpad seems to have some locking feature=
s.=20
I.e. you can enable a User and a Master password in the BIOS, so you have t=
o=20
enter the passwort at every hardware boot.
I read some information about this security features at the Usenet/Web, but=
=20
some items are not clear to me.

i) How safe is this lok really? Is it possible to flash the drives firmware=
=20
with a patched firmware, if the lock is enabled. So you can bypass the=20
locking?

ii) Is there something like a maximum number of tries until the drive is=20
locked by a "superpin" like by cellular phones?

iii) How can I unlock it with other computers? Specially how can I do that=
=20
under Linux how is it possible if the drive is attached via an adapter box =
at=20
the USB or Firewire port?

iv) What character encoding is used? Does lower/upper case and special=20
characters are stored? What length is possible?

I tried the locking feature at my thinkpad. There it works fine. But I trie=
d=20
to use the locked harddisk at a desktop and this didn't work because 1st I=
=20
couldn't find any tools for linux. 2nd the funny DOS tools didn't work, too.
I found hdunlock.exe and atapwd.exe. First with source code second without.=
=20
However, they didn't unlock the drive.
Perhaps it has something to do with (iv) because I used upper/lower case an=
d=20
alphanumeric characters. Anyway, at the IBM BIOS prompt make upper/lower ca=
se=20
no different. But perhaps the BIOS could to a lower/upper case on all=20
characters before sending them to the harddisk firmware.

So if you have some information about the quality of the security and some=
=20
link to the corresponding standard, this would be nice.

Regards
Georg Sauthoff

--Boundary-02=_GxasA91yIZnggbH
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQBAsaxGatOJi5ztkoARAvPzAJ9M4tsCKGed+GHEh6uODB4N4suF0wCfQdtC
FIuEiVkxPdWpfj8lb9qQMqg=
=dXVe
-----END PGP SIGNATURE-----

--Boundary-02=_GxasA91yIZnggbH--