[ltp] Hard disk password & linux

Martin Eslon linux-thinkpad@linux-thinkpad.org
Mon, 16 May 2005 10:02:12 +0300


Thinkpads seem to have three type of power-on passwords: power-on, harddisk=
=20
and supervisor password.
i'm using t21 and power-on password which leaves my data bare-naked if hdd=
=20
is extracted and examined with another computer.
hdd password is only any good if it does realtime encryption on all written=
=20
data and that takes some cpu power or special chip. i know that there are=20
special software (eg 'cpu power' -case) that does that (like easyguard=20
etc), but can anyone confirm that thinkpads have built in hdd-encryption=20
system which runs from hardware (eg in/with ide controller) and not just=20
some hdd-installed piece of software which can be formatted etc?

At 13:20 14.05.2005, you wrote:
>David A. Desrosiers wrote:
>>>>I thought I'd pose the question, although it has already been noted in=
=20
>>>>some thinkpad linux faqs, but here goes: is it possible to use the=20
>>>>hard-disk password with linux?  I've heard the answer is no, but was=20
>>>>wondering if there has been any progress on this front.
>>
>>>What would be the point?  You can configure Linux to run without a=
 password.
>>
>>         I think the point is to run Linux _with_ a password, and=20
>> specifically to ensure that if someone takes his machine, they can't=20
>> boot it up with KNOPPIX or similar forensics tools and get to the data=20
>> on the disk.
>>         Of course this means he'll have to be using filesystem-level=20
>> encryption on the disk and swap, but that's not hard to set up, and=20
>> there is no way anyone can get to the data on the disk (in any readible=
=20
>> way) without the key. A nice 8192 byte key should do nicely to thwart=20
>> brute force for at least the next 50 years, after which you'll be dead=20
>> anyway, and your secrets probably won't matter.
>
>Perhaps I read the question wrong, but I got the impression he was wanting=
=20
>to use the same password for both hard disk and Linux, but not have to=20
>enter it for Linux.
>
>However, I have my hard disk password enabled.  On many computers, you can=
=20
>have the hard disk and boot up passwords the same.  With the hard disk=20
>password, your disk is unusable without the password, though I don't know=
=20
>how well it would stand up to someone dismantling the drive and placing=20
>the platters in another drive.
>
>Incidentally, there was an article in the Linux Journal, a few months=20
>back, about encrypting the entire file system and booting from a pen=20
>drive.  Without the pen drive, the hard disk is unreadable.
>
>--
>The linux-thinkpad mailing list home page is at:
>http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad


K=F5ike paremat

Martin=20