Am Samstag, 22. April 2017, 13:29:03 CEST schrieb Carlos E. R.:
On 2017-04-22 12:45, Jan Ritzerfeld wrote: [...]
It is done by the "BIOS".
How?
For Lenovo: http://monitor.espec.ws/files/lewnovo_password_399.pdf
I have not seen any option in the BIOS mentioning this feature, on several computers. Where to enable it?
[Reading the blog later, it appears that some BIOSES do have this feature]
IIRC I've seen that on Lenovos, Dells and HPs. Maybe only business or rugged models.
And there is no standard how the "BIOS" translates your key presses into the password that you can use with hdparm.
To use with hdparm it is the Linux keyboard drivers and maps, not the bios.
And then you can't use the BIOS to unlock the disk.
To activate the disk before booting with the bios would be the bios, the same keyboard native to the computer, which is used on the several bios screens. It is even better with UEFI, it seems.
It could but often it does not use the keyboard layout but scancodes.
So, if your computer dies and you have to move your disk to another computer, you will not be able to unlock it and all your data will be lost. This is unacceptable. You can boot with another disk, then enable the encrypted disk using hdparm in Linux.
If you know the algorithm and all other key used by the BIOS.
Besides the "BIOS" may reduce your password strength and might even store it: https://jbeekman.nl/blog/2015/03/lenovo-thinkpad-hdd-password/ Luckily I was curious enough to check this before I activated the hardware encryption on my new SSD...
Ah. The inability to access the disk refers to Lenovo and SSDs, not necessarily to all implementations.
It is not that specific to Lenovo and SSDs. HDDs use the same encryption standard and other manufactures also use scancodes: http://www.tomshardware.co.uk/forum/290824-32-password-dead-computer
Ant the blog author has written a tool to open the disk with hdparm.
According to the comments, the tool works only for some models.
The problem is (reading the blog) that the BIOS changes the password before sending it to the disk in a bios specific way for that computer.
Exactly.
And the second problem is that, the blog says, all SSD drives use encryption already without the user knowing. When the user enables it, what it does is place a password on top of the password (or something similar, read the article for correct details).
Well, I don't think that this a big problem.
Nasty.
You can use encryption safely only if you manage to, after setting it up in the bios, you can manage to access it using hdparm.
Yes. Gruß Jan -- Any system that depends on human reliability is unreliable. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org