Thinkpads Forum

Hi ThinkPaders, could anyone tell me, where ThinkPad stores passwords?

Especially Power On (also bios setting protection + supervisor) and HDD password? Is it stored in TPM or in BIOS?

I have a R60 with TPM + fingerprint.

Thanks for your replies.

A hash (not the actual password) of the power-on and BIOS admin passwords are stored in flash memory. A hash of the HDD password is stored in the HDD controller. None of these passwords are related to the TPM in any way.

BTW, a TPM does not store passwords. All it does is generate keys that can only be used by the TPM to encrypt/decrypt data that is stored somewhere else. I am simplifying things somewhat but my point is that the TPM does not store anything. The only applications that use the TPM are Lenovo Client Security Solution and the bitlocker feature that is included with Windows Vista.

That means, if someone reset the bios (for example remove the bios battery), all my passwords will be removed?

It´s not much secure for me. If somebody will steal my TP, he could use it, when he reset bios? Which give him full access to my TP?

My experience tells me that the bios password is stored in CMOS, which can be cleared by removing the bios battery. The motherboard/supervisor password is stored in a ATMEL chip, which can only be changed/cleared through BIOS or customized reader through serial connection. The hard drive password can only be changed through BIOS.

And no, if you have your supervisor password or hard drive password set, removing and resetting the bios battery will have no effect on them.

As someotherguy pointed out TPM doesn't store/create passwords. It only does encryption and create identity certificates to make sure the hardware components are trusted and such.

teetee