Since I can not find the Amtel TPM listed in Device Manager on either machine and I do not have CSS installed, may I assume my TPMs are disabled? Lending further evidence to that assumption is that I can swap any of my eight PW protected HDDs between the two machines (after a power-down) and they accept the different HDDs at power-up just fine after entering the correct HDD PWs. I even use two different passwords across the eight HDDs …. that is, a different unique HDD PW for each machine.
If my TPMs are in fact disabled, then my BDE drives may not be encrypting data. I think I read somewhere that BDE/FDE drives use the TPM and the HDD PW to generate the encryption key or keys. If they were encrypting the data on the disks, then I should not be able to swap them between different machines (i.e different TPMs) like I can at present. Does that sound correct?
If my assumption that enabling TPM will limit the use of my HDDs to only one unique machine, then may I presume that the BDE hardware-based encryption feature of my HDDs is not best suited for my situation of needing to be able to swap HDDs between two different machines on a moment's notice .... and that software based encryption (like I use on my external HDDs) would be more suitable?
Is it true that HDDs (non-FDE/BDE and FDE/BDE) that are used on a TPM "enabled" laptop (with a HDD PW also enabled) can lead to major data transfer headaches if your laptop TPM ever fails and/or the motherboard is replaced (i.e. your PW protected Hard Drives may not be useable on the repaired machine, including your back-up data from cloned PW protected backup HDDs)?
I thought I read somewhere that a PW protected HDD on a ThinkPad (with TPM enabled) will only work on that one ThinkPad.
If my understanding of how TPM works with HDD PWs (both regular and BDE/FDE drives), then what's the big deal about all the virtues of TPM and CSS for units that need to swap-in different data HDDs from other machines?
Is the TPM feature most suitable for traveling situations where potential theft of the laptop and its data is the major risk (rather than something like a failed motherboard that has to be replaced along with its TPM chip)?
Sorry for the long winded post …… Thanks
The TPM chip can be enabled and disabled from within my T61p BIOS and does not require CSS.
So far so good.
Now, according to Hitachi's tech support, the ThinkPad TPM is not required for their Bulk Disk Encryption hard drives to encrypt the platter data .... I only need to set a HDD password from BIOS to enable the HDD's automatic on-the-fly hardware-based encryption and when I clear the HDD PW in BIOS, the platters become unencrypted again ...... almost like an on-off switch (sounds like hardware-based encryption works pretty fast and may be a bit different than software-based encryption). They commented that HDD Passwords can not be "recovered" so do not forget them or you are toast. I asked them about claims that some people have successfully "cleared" HDD passwords and they said that's pretty darn next to impossible, plus that would still leave the data on the HDD platters encrypted because the correct HDD PW is still required to generate the encryption keys. I assume the same applies for the Seagate FDE units.
As for swapping HDDs between my two T61ps, I discovered that the TPMs were disabled on both T61p units and so I enabled TPM on both units but it made no difference in my ability to readily swap both encrypted and unencrypted HDDs between my two T61p units. Apparently the TPM may be for working with other stuff like CSS, Vista or software-based encryption programs.
I wonder if TPM is required for the fingerprint reader (which I don't use)?
Thus, TPM is of little or no apparent value to me as long as I can:
1. Still swap my password protected HDDs (or continue using them after a mobo or TPM failure and replacement), and;
2. My BDE hard drives will still encrypt data as long as I have a HDD PW set (even without TPM enabled).
- Similar Topics
- Last post
Who is online
Users browsing this forum: No registered users and 4 guests