Page 1 of 1
BIOS disk password
Posted: Wed Feb 02, 2011 9:50 am
by Caterpillar
Can anyone explain what does the Thinkpads's BIOS disk password? Does it encrypt disks?
Re: BIOS disk password
Posted: Wed Feb 02, 2011 10:54 am
by RealBlackStuff
No, it just blocks access to the hard disk.
You can not do anything with that hard disk without the password.
The password is stored on the HD itself, and is practically unbreakable, unless you have a forensic laboratory.
Without the password, you just have a door stopper.
Re: BIOS disk password
Posted: Wed Feb 02, 2011 10:59 am
by comps
The "classic" BIOS disk password / fingerprint protection uses security features available on most HDDs. It locks the drive and unlocks it only after entering a valid password/valid fingerprint. I can imagine it using the TPM to generate a unique HDD "password" out of your password/fingerprint using the TPM's private key, making you unable to unlock the drive outside your thinkpad machine (well, it's theoretically possible, but who does that?).
Please note that this kind of protection is NOT full disk encryption (FDE). It merely uses HDD firmware to lock the drive. One can probably recover a locked drive by using the SECURITY ERASE ATA commands (which will erase all data on the drive).
Again, the data itself are NOT encrypted. A data recovery company (or somebody else with similar equipment) can still open the drive physically and read it block-by-block.
Re: BIOS disk password
Posted: Wed Feb 02, 2011 11:07 pm
by ajkula66
comps wrote:
I can imagine it using the TPM to generate a unique HDD "password" out of your password/fingerprint using the TPM's private key, making you unable to unlock the drive outside your thinkpad machine
True for the most part, but the ability to lock the hard drive on ThinkPads is older than the implementation of TPM. And it worked well back in the days...
Re: BIOS disk password
Posted: Sun Feb 13, 2011 4:32 am
by Caterpillar
Thank you for all so good explainations.
And what about security chip options in BIOS settings?
Active
Inactive
Disabled
What does it do?
Re: BIOS disk password
Posted: Sun Feb 13, 2011 8:46 am
by RealBlackStuff
It wouldn't be secure anymore if we told you, wouldn't it?
Anyway, I always disable them on my laptops, as they rarely leave the house.
Re: BIOS disk password
Posted: Sun Feb 13, 2011 6:44 pm
by Caterpillar
RealBlackStuff wrote:It wouldn't be secure anymore if we told you, wouldn't it?
Anyway, I always disable them on my laptops, as they rarely leave the house.
Ah, so it is like a "general power switch". Disabling it will disable all security on laptop
Re: BIOS disk password
Posted: Sun Feb 13, 2011 7:52 pm
by comps
Caterpillar wrote:Disabling it will disable all security on laptop
Depends on what you define as "security". It will simply disable the TPM, so you probably won't be able to do things that involve TPM, like setting a power-on password or using TPM-related software.
It won't affect any other "security" like TrueCrypt, linux dm-crypt, encryption acceleration on some CPUs, etc.