Exactly what is Disk Encryption on the T61 200Gb HD?

[XCoalMiner]

A T61 has an option for a 200 Gb 7200 RPM hard drive. And the Lenovo order page describes that drive as '...with Disk Encryption'.

Exactly what is this? And is there some documentation for it somewhere?

And more importantly, if a unit is built with this drive, are there any special considerations if ever replacing the drive? Can you use any SATA drive, such as the Hitachi TravelStar drives, or must you use another HD with Disk Encryption because of some hardware limitation?

[basketb]

maybe this faq helps:
http://www-307.ibm.com/pc/support/site. ... 69621.html

[Peak2Peak]

...and here's Hitachi take on Bulk Data Encryption: http://www.hitachigst.com/hdd/support/bulk_faqs.htm

[XCoalMiner]

Exactly what I was looking for, thanks to both of you.

This statement from Hitachi is interesting:
Q: Does the Bulk Data Encryption technology work with hard drives installed in an external USB or Firewire enclosure?
A: No, although the hard drive is capable of Bulk Data Encryption, the security command feature cannot be transferred via USB or Firewire links.

This is really referring to the plain old HD password (the one supported by the ATA command set). And so there's nothing new here, because independent of BDE, if you set a HD password via a laptop with a BIOS supporting it, you will not be able to access the HD via a USB enclosure.

Now maybe to close the loop on this, can a HD with a HD password set be accessed via an UltraBay Slim 2nd HD Adapter? I think yes, because this adapter configured in and possibly controlled via the BIOS? But I'd want to verify it as working before depending on it in a crisis.

[basketb]

...
Now maybe to close the loop on this, can a HD with a HD password set be accessed via an UltraBay Slim 2nd HD Adapter? I think yes, because this adapter configured in and possibly controlled via the BIOS? But I'd want to verify it as working before depending on it in a crisis.

Yes, you can have the password set on a HD in the UltraBay slim adapter. But, AFAIK, it must be inserted in the Thinkpad when you power up the system and you'll be asked for the password (I'm currently using this set up). It won't work if you try to hot-swap in the adapter when the system is already running.

[XCoalMiner]

Having the adapter in there before powering up makes sense. The BIOS wouldn't get to interact and do it's thing during a hot swap.

I wish I could find a laymans write up on how they HD passwords are implemented in a PC and hoy they interact with a BIOS (or why they aren't implemented in most cases).

This topic seems to be understood by very few. For ex., why isn't the command set implemented on a USB drive/driver? Is it not possible or not implemented for some other reason?

[XCoalMiner]

An update. Hitachi's web site shows all these drives are "unavailable". What's going on? Subsequent to the above posts, I learned that Hitachi's 7K100 PATA/IDE drives are effectievly unavailable, and now the 7K200 with BDE seem to be the same.

Explanations?

[meditate2001]

i dont know.

but i would recommend instead the seagate 7200.2 momentus. they are faster and quiter. and the disc encryption you can get the same and more result with the opensource programm diskcrypt...

[basketb]

i dont know.

but i would recommend instead the seagate 7200.2 momentus. they are faster and quiter. and the disc encryption you can get the same and more result with the opensource programm diskcrypt...

I do not have any experience with either the Hitachi HD with full disk encryption or this diskcrypt program; and I am not sure what you mean by "the disc encryption you can get the same and more result with...". Presumably, the objective of the encryption (whether by the hard disk itself or a program) is that the data cannot be read without knowing the password. Then the only other difference is how fast it is done. And here I am very doubtful that a software-based solution that relies on the computer's CPU can be as efficient as a hardware-based solution as found in the Hitachi drive.

[khaverblad]

If you want to have a well integrated and smooth solution I would recommend that you try out Utimaco SafeGuard Easy; trial version can be requested from www.utimaco.com. Hardware based FDE might be preferred; but on todays newer system you won't notice FED based software. I'm using T60 together with software based FDE and it works like a charm; most of the disk intensive applications I've used has been image and video software editing and I can't say that I noticed any major differers.

[Wiz]

I been using both safeguard easy and drivecrypt pluspack and found both to work pretty good with almost no performance loss. So it's a good solution if encryption is required and you don't have a FDE disk. There are other software as well which is supposed to work good, but most of the software encryption solutions have a couple of disvantages.
If you have a problem with you computer so the OS doesn't boot....for example a bluescreen during boot. In that case you cannot access the OS or use standard recovery software to fix the problem because the partition will not be recognised. Then you might have to decrypt the harddisk to be able to fix the problem. Depending of the size of you harddisk the decryption might take 4-5 hours or even more with large hdd's. Then you can fix the problem and encrypt the harddisk again which will take just as long. It happened to me once and pretty annoying to spend 10 hours decrypting/encrypting the harddisk to fix the problem. I guess the worst part is to spend 5 hours to decrypt before you can start troubleshooting. With the FDE disk you won't have any such problems.
Another issue i had with drivecrypt pluspack is that the backup software I been using (Acronis TI) did neither recognise the partition so to take a image backup i had to do a sector-by-sector backup. The disadvantage with a sector-by-sector backup is that the backup will be the same size as the harddisk even if the harddisk is empty. So if you create a backup of a 250gb harddisk where you only have 50gb stored the backup will be 250gb. Without software encryption the same backup will be 50gb or even smaller with compression.
Using safeguard easy i did not have to create a sector-by-sector backup, but safeguard easy does not support Windows Vista so when i decided to install Vista i couldn't use it anymore.
I also been thinking about what will happen if some files get corrupted and one of those file is the driver required for the encryption software to work. Will i ever be able to boot that OS again.

These problems might not be relevant for all software encryption software, but i find the FDE to be a better and more simple solution and most likely a bit faster. So if you need full disk encryption and can afford the new harddisk i would recommend hardware encryption instead of software encryption even if i found sw encryption to work pretty good in general. With the FDE disk you won't notice any difference compared to a standard harddisk without encryption.