How do I check if TPM is enabled without CSS installed?

Performance, hardware, software, general buying and gaming discussion..
Post Reply
Message
Author
eecon
Senior Member
Senior Member
Posts: 706
Joined: Sat Jul 14, 2007 6:58 pm
Location: West Coast, USA

How do I check if TPM is enabled without CSS installed?

#1 Post by eecon » Sat Sep 12, 2009 1:39 am

After searching for "TPM" in our forum's search engine, I'm still left with a couple of questions for my two identical T61p ThinkPads, both with WinXP SP3 as described below in my signature line ..... Note: Lenovo's CSS and R&R have been uninstalled by me. Each unit has two 7k320 Hitachi BDE drives (using ultrabay adapters for the 2nd drive in each) and both machines have the HDD PWs enabled. I have to actually enter two separate HDD PWs each time I power up either machine (even if the PWs are the same on each HDD). In addition to the four 7k320 BDE HDDs across both machines, I keep four more Acronis-cloned backup 7k320 BDE drives at any given time stored safely in another building.

Question 1:

Since I can not find the Amtel TPM listed in Device Manager on either machine and I do not have CSS installed, may I assume my TPMs are disabled? Lending further evidence to that assumption is that I can swap any of my eight PW protected HDDs between the two machines (after a power-down) and they accept the different HDDs at power-up just fine after entering the correct HDD PWs. I even use two different passwords across the eight HDDs …. that is, a different unique HDD PW for each machine.

Question 2:

If my TPMs are in fact disabled, then my BDE drives may not be encrypting data. I think I read somewhere that BDE/FDE drives use the TPM and the HDD PW to generate the encryption key or keys. If they were encrypting the data on the disks, then I should not be able to swap them between different machines (i.e different TPMs) like I can at present. Does that sound correct?

Question 3:

If my assumption that enabling TPM will limit the use of my HDDs to only one unique machine, then may I presume that the BDE hardware-based encryption feature of my HDDs is not best suited for my situation of needing to be able to swap HDDs between two different machines on a moment's notice .... and that software based encryption (like I use on my external HDDs) would be more suitable?

Question 4:

Is it true that HDDs (non-FDE/BDE and FDE/BDE) that are used on a TPM "enabled" laptop (with a HDD PW also enabled) can lead to major data transfer headaches if your laptop TPM ever fails and/or the motherboard is replaced (i.e. your PW protected Hard Drives may not be useable on the repaired machine, including your back-up data from cloned PW protected backup HDDs)?

I thought I read somewhere that a PW protected HDD on a ThinkPad (with TPM enabled) will only work on that one ThinkPad.

If my understanding of how TPM works with HDD PWs (both regular and BDE/FDE drives), then what's the big deal about all the virtues of TPM and CSS for units that need to swap-in different data HDDs from other machines?

Is the TPM feature most suitable for traveling situations where potential theft of the laptop and its data is the major risk (rather than something like a failed motherboard that has to be replaced along with its TPM chip)?

Sorry for the long winded post …… Thanks :thumbs-UP:
Two - T61p 15.4" WS T9300 2.5Ghz units, August 2008 08/08 Builds + Nvidia FX570M GPUs, One - T42 15" Flexview 1.8GHz + ATI GPU for travel, Two - T500 15.4" T9600 & T9400 CPUs with ATI HD3650 GPUs, One - Stupidly Fast W520 15.6" i7-2860QM + Nvidia 2000M GPU + Series 3 Dock w/USB 3.0

eecon
Senior Member
Senior Member
Posts: 706
Joined: Sat Jul 14, 2007 6:58 pm
Location: West Coast, USA

Re: How do I check if TPM is enabled without CSS installed?

#2 Post by eecon » Sun Sep 20, 2009 12:38 pm

:thumbs-UP: Okay .... Here is an update to what I've learned from some experimentation and more Googling and Binging:

The TPM chip can be enabled and disabled from within my T61p BIOS and does not require CSS.

So far so good.

Now, according to Hitachi's tech support, the ThinkPad TPM is not required for their Bulk Disk Encryption hard drives to encrypt the platter data .... I only need to set a HDD password from BIOS to enable the HDD's automatic on-the-fly hardware-based encryption and when I clear the HDD PW in BIOS, the platters become unencrypted again ...... almost like an on-off switch (sounds like hardware-based encryption works pretty fast and may be a bit different than software-based encryption). They commented that HDD Passwords can not be "recovered" so do not forget them or you are toast. I asked them about claims that some people have successfully "cleared" HDD passwords and they said that's pretty darn next to impossible, plus that would still leave the data on the HDD platters encrypted because the correct HDD PW is still required to generate the encryption keys. I assume the same applies for the Seagate FDE units.

As for swapping HDDs between my two T61ps, I discovered that the TPMs were disabled on both T61p units and so I enabled TPM on both units but it made no difference in my ability to readily swap both encrypted and unencrypted HDDs between my two T61p units. Apparently the TPM may be for working with other stuff like CSS, Vista or software-based encryption programs.

I wonder if TPM is required for the fingerprint reader (which I don't use)?

Thus, TPM is of little or no apparent value to me as long as I can:

1. Still swap my password protected HDDs (or continue using them after a mobo or TPM failure and replacement), and;

2. My BDE hard drives will still encrypt data as long as I have a HDD PW set (even without TPM enabled). :thumbs-UP:
Two - T61p 15.4" WS T9300 2.5Ghz units, August 2008 08/08 Builds + Nvidia FX570M GPUs, One - T42 15" Flexview 1.8GHz + ATI GPU for travel, Two - T500 15.4" T9600 & T9400 CPUs with ATI HD3650 GPUs, One - Stupidly Fast W520 15.6" i7-2860QM + Nvidia 2000M GPU + Series 3 Dock w/USB 3.0

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Thinkpad - General HARDWARE/SOFTWARE questions”

Who is online

Users browsing this forum: No registered users and 3 guests