> From: [email protected] [mailto:[email protected]] On > Behalf Of John Orthoefer > > This is where the "hook" is for FDE drives. So it is encrypted if you > have a self encrypting drive. But if you don't have an encrypting > drive. It's up to the BIOS to enforce the password.
Either I'm misunderstanding you, or I have to simply respond: "No, no, no." In all my Dell Latitude and Precision laptops, for the last approx 5-6 years, the following options are available in BIOS, and I just never bothered reading them. Please read them. Particularly the "admin" and "HDD" passwords are interesting: *** Admin Password Restricts changes to BIOS Restricts boot devices Prohibits change of password or asset tags If admin password is set before system password or HDD password, then admin password allows you to delete the system or HDD password. For this reason, you cannot set an admin password if a system password or HDD password is already set. *** System Password When this password is set, it requires the password be entered when the system is powered on (including when restarting from StandBy.) *** Internal HDD Password When an HDD password is set, it travels with the hard disk, so the disk is protected even if it is placed into another computer. You must enter the password for a protected HDD whenever the drive is powered on (including when restarting from StandBy.) If you do not enter the correct password, the HDD will simply not function. It will remain in this state until the system is powered off and powered on again, and the correct password is entered. *** TPM Security When enabled, the BIOS will turn on the TPM during POST so that it can be used by the operating system. > This is where the "hook" is for FDE drives. So it is encrypted if you > have a self encrypting drive. But if you don't have an encrypting > drive. It's up to the BIOS to enforce the password. The point that I'm taking from above is: If a HDD password is set, then the drive will simply refuse to work, unless the BIOS has the capability of understanding that the drive has a password, and you're able to provide the correct password. It is NOT up to the BIOS to enforce the password. The HDD itself enforces the password. It's up to the BIOS to humbly talk to the HDD in a nice and kind voice, hat in hand, "Please, HDD, will you work with me? The user says the password is ..." I presume the HDD pass is stored on the HDD circuit board. In which case, you could forcibly unlock the drive (possibly) by replacing the circuit board. Or by disassembling in a clean room. > As far as nothing to do about it. Turns out Dell can generate a > OTP/Key based off the "serial number" presented at boot up. What you talkin' 'bout Willis? _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
