thinkpads.com Support Community Forum Index Bill Morrow's thinkpads.com Open Forum - The Original Thinkpad Support Forum
Follow ThinkpadsForum on Twitter
 Support this forum, shop at newmodeus.com
 Support the forum, shop at newmodeus.com
System backups occur about 7:00 am EDT and last about 10 minutes. This will slow performance. RSS feeds have been added to the forum.
Donate if you wish to:
bill at thinkpads dot com

It is currently Thu Apr 24, 2014 9:04 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Sat Sep 12, 2009 1:39 am 
Offline
Senior Member
Senior Member

Joined: Sat Jul 14, 2007 6:58 pm
Posts: 706
Location: West Coast, USA
After searching for "TPM" in our forum's search engine, I'm still left with a couple of questions for my two identical T61p ThinkPads, both with WinXP SP3 as described below in my signature line ..... Note: Lenovo's CSS and R&R have been uninstalled by me. Each unit has two 7k320 Hitachi BDE drives (using ultrabay adapters for the 2nd drive in each) and both machines have the HDD PWs enabled. I have to actually enter two separate HDD PWs each time I power up either machine (even if the PWs are the same on each HDD). In addition to the four 7k320 BDE HDDs across both machines, I keep four more Acronis-cloned backup 7k320 BDE drives at any given time stored safely in another building.

Question 1:

Since I can not find the Amtel TPM listed in Device Manager on either machine and I do not have CSS installed, may I assume my TPMs are disabled? Lending further evidence to that assumption is that I can swap any of my eight PW protected HDDs between the two machines (after a power-down) and they accept the different HDDs at power-up just fine after entering the correct HDD PWs. I even use two different passwords across the eight HDDs …. that is, a different unique HDD PW for each machine.

Question 2:

If my TPMs are in fact disabled, then my BDE drives may not be encrypting data. I think I read somewhere that BDE/FDE drives use the TPM and the HDD PW to generate the encryption key or keys. If they were encrypting the data on the disks, then I should not be able to swap them between different machines (i.e different TPMs) like I can at present. Does that sound correct?

Question 3:

If my assumption that enabling TPM will limit the use of my HDDs to only one unique machine, then may I presume that the BDE hardware-based encryption feature of my HDDs is not best suited for my situation of needing to be able to swap HDDs between two different machines on a moment's notice .... and that software based encryption (like I use on my external HDDs) would be more suitable?

Question 4:

Is it true that HDDs (non-FDE/BDE and FDE/BDE) that are used on a TPM "enabled" laptop (with a HDD PW also enabled) can lead to major data transfer headaches if your laptop TPM ever fails and/or the motherboard is replaced (i.e. your PW protected Hard Drives may not be useable on the repaired machine, including your back-up data from cloned PW protected backup HDDs)?

I thought I read somewhere that a PW protected HDD on a ThinkPad (with TPM enabled) will only work on that one ThinkPad.

If my understanding of how TPM works with HDD PWs (both regular and BDE/FDE drives), then what's the big deal about all the virtues of TPM and CSS for units that need to swap-in different data HDDs from other machines?

Is the TPM feature most suitable for traveling situations where potential theft of the laptop and its data is the major risk (rather than something like a failed motherboard that has to be replaced along with its TPM chip)?

Sorry for the long winded post …… Thanks :thumbs-UP:

_________________
Three - T61p 15.4" WS T9300 2.5Ghz units, August 2008 08/08 Builds + Nvidia FX570M GPUs, One - T42 15" Flexview 1.8GHz + ATI GPU for travel, Three - T500 15.4" T9600 & T9400 CPUs with ATI HD3650 GPUs, One - Stupid Fast W520 15.6" i7-2860QM + Nvidia 2000M GPU + Series 3 Dock w/USB 3.0


Top
 Profile  
 
PostPosted: Sun Sep 20, 2009 12:38 pm 
Offline
Senior Member
Senior Member

Joined: Sat Jul 14, 2007 6:58 pm
Posts: 706
Location: West Coast, USA
:thumbs-UP: Okay .... Here is an update to what I've learned from some experimentation and more Googling and Binging:

The TPM chip can be enabled and disabled from within my T61p BIOS and does not require CSS.

So far so good.

Now, according to Hitachi's tech support, the ThinkPad TPM is not required for their Bulk Disk Encryption hard drives to encrypt the platter data .... I only need to set a HDD password from BIOS to enable the HDD's automatic on-the-fly hardware-based encryption and when I clear the HDD PW in BIOS, the platters become unencrypted again ...... almost like an on-off switch (sounds like hardware-based encryption works pretty fast and may be a bit different than software-based encryption). They commented that HDD Passwords can not be "recovered" so do not forget them or you are toast. I asked them about claims that some people have successfully "cleared" HDD passwords and they said that's pretty darn next to impossible, plus that would still leave the data on the HDD platters encrypted because the correct HDD PW is still required to generate the encryption keys. I assume the same applies for the Seagate FDE units.

As for swapping HDDs between my two T61ps, I discovered that the TPMs were disabled on both T61p units and so I enabled TPM on both units but it made no difference in my ability to readily swap both encrypted and unencrypted HDDs between my two T61p units. Apparently the TPM may be for working with other stuff like CSS, Vista or software-based encryption programs.

I wonder if TPM is required for the fingerprint reader (which I don't use)?

Thus, TPM is of little or no apparent value to me as long as I can:

1. Still swap my password protected HDDs (or continue using them after a mobo or TPM failure and replacement), and;

2. My BDE hard drives will still encrypt data as long as I have a HDD PW set (even without TPM enabled). :thumbs-UP:

_________________
Three - T61p 15.4" WS T9300 2.5Ghz units, August 2008 08/08 Builds + Nvidia FX570M GPUs, One - T42 15" Flexview 1.8GHz + ATI GPU for travel, Three - T500 15.4" T9600 & T9400 CPUs with ATI HD3650 GPUs, One - Stupid Fast W520 15.6" i7-2860QM + Nvidia 2000M GPU + Series 3 Dock w/USB 3.0


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group