T61 - SED HDD?!

[Boy2006]

Sorry for my Bad English...
Some Project required an SED HDD white FIPS. Now i ask in the German Thinkpad Board some People if does it work and the say Yes.
Now i order this HDD: SEAGATE ST500LT015 and but in my T61. After some f..... Error i could rum Windows7.

In my Pc i use an Raid Controller white Encryption and 3.5Zoll Segate SED and i have to encrypt it bevor i could use them.
Now my Question what did i have to do to encrypt the HDD in my Thinkpad?
That must be FIPS compliant!!!!

THX!!!

[QWERTY Andreas]

As far as i know, you can just use the hardware encryption from the machine

You can activate it in BIOS.

Best regards

[Boy2006]

omg that sucks...
I have to use an real SED...
What can i do now?

[QWERTY Andreas]

Activate the encryption ?

If i understand your question correftly

[Boy2006]

But what kind of encryption is it SED+FIPS or some Lenovo Thinkpad custom whatever....

[QWERTY Andreas]

You can read it here; http://www.lenovo.com/us/en/PDFs/lenovo ... yption.pdf

From what i can understand it is SED+FIPS

[Boy2006]

It look like an additional Software....

[Boy2006]

eeeeekkkkkkkkkkkkkkkkkkk
some of you know my old T61 is death and my dad both an refurbish. Now i put my SED HDD in and the PC was bootet up....
So what happend?! What does i wrong?! That shuld not happen its the worst case scenario....

the old HDD: http://www.hgst.com/tech/techlib.nsf/te ... K200DS.pdf
HTS722016K9SA00

[RealBlackStuff]

Please find someone with good knowledge of English, to help you explain your problem.

[Boy2006]

my english isnt so bad...
so what do i wrong?

[FryPpy]

my english isnt so bad...

I am not english speaker too - but more practice makes it all good. Read and write and read what you have written. You can use google translator to check or for help in hard words... but it is not the best helper
BTW
Thanks to this forum - now i can wirite english more flowlesly....

so what do i wrong?

If your HDD can start and grant access to data (OS boots) in other computer and dont ask for password - so it is unprotected!

I know that from T61 series thinkpads can be shipped with FDE (full disk encryption) harddrives (42T1311 or 42T1463). So if you can find one it can be used in thinkpad right out of the box. I don't know if that drives FIPS complait.

Some thoughts:
It's better to use normal 9.5mm 2.5" harddrives in thinkpad. Thin 7mm harddrives can be used but not fixed in rubber rails good (without adapter)
For basic storage protection you can set harddrive password in thinkpad BIOS.
Any encription needs a key!
Some SSDs can provide encryption (is it FIPS complaint). And some of them (samsung?) activate encryption when you set harddrive password (it uses password as encryption key).
Some thinkpads have TPM module. It can store some security date (eg encription keys) secure. May be it is needed that TPM can talk to you harddrive to transfer encryption key before OS boots up. So TPM must be activated!
FDE with password (encryption key) entered from special app from loaded OS it is non sense! Key must be entered before OS boots up.

[Boy2006]

If your HDD can start and grant access to data (OS boots) in other computer and dont ask for password - so it is unprotected!

that is the problem!

I don't know if that drives FIPS complait.

yes i spend some cent more for an FIPS compliant HDD.

Thin 7mm harddrives can be used but not fixed in rubber rails good (without adapter)

my drive fit perfect.

Some thinkpads have TPM module. It can store some security date (eg encription keys) secure. May be it is needed that TPM can talk to you harddrive to transfer encryption key before OS boots up. So TPM must be activated!

Thats only for Windows encryption.

An SSD dont need any PW! I use Seagate SED HDD on my Server and i book up normal white out any PW! The Key is stored in the Raidcontroller and if someone remove a HDD or ersase it the Key will be delete and the Data are Secured.

[twistero]

So let me get this straight.

You had a ThinkPad T61. You needed to encrypt your entire hard drive in order to comply to some FIPS standard. (Which standard exactly? FIPS 140-2 Level 2 or something else? Or do you just need some encryption, and do not have to meet any specific standard?)

You installed a hard drive that supposedly supports encryption in your old T61. The hard drive has model number HTS722016K9SA00.

Now your old T61 is dead, and you purchased another T61. When you put the old hard drive into your new T61, the computer boots normally.

Is all the above correct?

If so, the yes, you have been using your old T61 without proper protection.

First of all, not all Hitachi 7k200 hard drives support "bulk data encryption" (BDE). Here's an incomplete list of the part numbers that do have BDE:

0A53066 – 80GB
0A53067 -100GB
0A53068 – 120GB
0A53069 – 160GB
0A53070 – 200GB

Again, this list is incomplete. If your hard drive is not among these part numbers, ask Hitachi / HGST.

Second, if your hard drive does support BDE, then you will have to enable hard disk password in BIOS to protect your data. If you do not enable HDD password, then everyone can simply connect the hard drive to their computer and read everything. If you do enable HDD password, then the hard drive can only be read if you enter the correct password at startup.

Read HGST's guide to BDE here: http://www.hgst.com/tech/techlib.nsf/te ... _final.pdf

Also read this thread: http://forum.thinkpads.com/viewtopic.php?p=319400

Please be responsible and understand what you're doing, if you're working with an important project that warrants encryption!

[Boy2006]

i use that hdd now: Self-Encrypting Drive FIPS 140-2 Validated - ST500LT015
http://www.seagate.com/www-content/prod ... 1402us.pdf

You needed to encrypt your entire hard drive in order to comply to some FIPS standard.

Yes that is that was my Raidcontroller exactly do. I use some Seagate Server HDD in my Server and that works perfect.

Or do you just need some encryption, and do not have to meet any specific standard?

Yes and No i ned an real Full Encryption not an PW only...

The hard drive has model number HTS722016K9SA00.

Thats the old one and the next to much power.

When you put the old hard drive into your new T61, the computer boots normally.

sure

then everyone can simply connect the hard drive to their computer and read everything.

so then is the system not FIPS compliance. A SED HDD dont need any PW.

[twistero]

You seem very confused.

First of all, FIPS 140.2 is aU.S. government computer security standard used to accredit cryptographic modules. Saying you "require FIPS" generally implies you are working for either the U.S. federal government or some U.S. organization that handles sensitive data, requires such data to always be encrypted, and require such encryption to meet the FIPS 140.2 standard at some Level for bureaucratic purposes. Is this the case here? Do you actually work for some U.S. organization with such a requirement?

Second, a piece of equipment being FIPS 140.2 Level X validated does not mean it will magically protect you and your data. It merely means it is capable of implementing certain cryptographic features, and it's up to you to use it correctly.

Third. I'll use the Hitachi hard drive as an example, but I do believe that most "self-encrypting hard drives" work the same way.
The Hitachi hard drive with Bulk Data Encryption always encrypts data written to the hard drive platters, whether you set a Hard Disk Password or not. If you do not set a password, then the encryption keys are simply saved in the hard drive controller's memory, and automatically loaded each time the drive powers on. As a result, even though the data is encrypted, anyone can access all data on the hard drive by plugging it into their computer.
If you do set a hard disk password, then the password is used to encrypt the data encryption key, and only the encrypted key is saved in the controller. When you power on the hard drive, it will need the password in order to decrypt the key, and then it can use the key to access data on the platters. In this case the data is encrypted, and only people with the password can access data.
Therefore, using a self-encrypting hard drive without a hard drive password is pointless.

[Boy2006]

Is this the case here?

No

[Temetka]

Language barriers suck.

That being said, I'd be really curious as to what the OP needs full FIPS compliant encryption for. If he works for a government agency or private company, then the IT department should supply the laptop with encryption already set up.

If he's just trying to hide his collection of porn, then truecrypt will work just fine.

[Boy2006]

No i use my Laptop to decode some Signal who come over the Air so if someone take my Laptop away nobody should see anything.