Forgot your password?
typodupeerror
Compaq Portables Hardware

DriveLock on Compaq/HP Laptops? 57

Posted by Cliff
from the harddrives-wedded-to-motherboards dept.
whois asks: "I just purchased a new Compaq laptop and noticed a feature in the BIOS called 'DriveLock'. It locks the drive so a password has to be entered on startup. If you take the drive out and put it in a system without a drivelock BIOS, the system can't boot from the drive. There is very little information on the web about this feature. Most people talk about what happens if you lose your password (buy a new drive) and what happens if you want to reuse the drive in other machines (you can't). What I want to know is the tech specs on this. Is it security through obscurity, and just sets a password in the drive BIOS, or is it doing encryption in hardware? My guess is it's the former, but I'm submitting to find out if anyone knows the real story. Here is an HP doc that mentions it in passing." According to information provided by the included links, this "feature" isn't something you can disable, either. Are we likely to see more manufacturers tie hardware together like this, in the future?
This discussion has been archived. No new comments can be posted.

DriveLock on Compaq/HP Laptops?

Comments Filter:
  • by Anonymous Coward
    Then why wouldn't the drive work in another machine? It's obviously something more than that, although I doubt it's full drive encryption as that would be slow.
    • by Anonymous Coward
      Is it maybe similar to the xbox harddisk locking?
      For xbox there are tools to disable it, maybe some will follow for this harddisks.
      I also guess the disk is not fully encrypted, so its probably not really secure. If compaq/hp really think that is a clever option, then it should be an option to unlock it in the bios (oc with the correct password), everything else is just stupid and not very customer friendly.
      but good to know, i will never buy a laptop with this kind of clever security.
      • It is the EXACT same technology. Most laptop drives these days support this feature, from what I understand.

        Hmm... I wonder if swapping the controller board on the drive would workaround this "security" feature?
  • by pbox (146337) on Tuesday December 09, 2003 @08:34PM (#7675255) Journal
    I don't think its something that a new repartitioning (fdisk et al) cannot disable. They probably encode / encrypt the boot sector, but that can be fixed with fdisk. Saying that the drive is not usable in other computers is incorrect.
    • by DA-MAN (17442) on Tuesday December 09, 2003 @10:27PM (#7676185) Homepage
      The machines tend to fail to recognize the hard disk when the password is not entered. When you do boot up off a dos floppy to attempt to fdisk, it doesn't find any hard disks (assuming it's the only disk in the machine).
    • by dhwebb (526291) on Tuesday December 09, 2003 @10:47PM (#7676346) Homepage Journal
      Nortek [nortek.on.ca] claims that they can do it. They have 3 options for recovery: unlock - $85, unlock & certify - $145, and unlock, retrieve and restore data, and certify - $295.

      I received some toshiba(I think) laptop hdd's one time and they all were locked from toshiba. I called toshiba tech support and could never get it through their heads that these were hdd passwords and not CMOS/BIOS password problem. They kept telling me to just remove the battery. Needless to say, I just returned to reseller for another brand.

  • by balamw (552275) * on Tuesday December 09, 2003 @08:35PM (#7675259)

    Sounds like the same ATA standard passwords that the XBOX uses. See for example http://www.siliconice.net/XBOX/Guides/hdd_password .shtml [siliconice.net]

    Balam
  • It is, (Score:4, Interesting)

    by His name cannot be s (16831) on Tuesday December 09, 2003 @08:39PM (#7675297) Journal
    It is most likely just using the ATA password feature present on most ATA drives. Some mfrs don't implement them, but alot do.

    XBOX, UltimateTV and other systems use this to stop you from accessing the drive.

    I beleive there is two passwords for the drive, an OEM password and a user password.

    nothing magical here folks..
  • ATA Spec (Score:5, Informative)

    by MountainLogic (92466) on Tuesday December 09, 2003 @08:43PM (#7675347) Homepage
    Since ATA-4, IIRC, there has been a password call to which drives will respond. The password locatoin is not accessable to the user, could be stored in FLASH on the HDD board or on the disc proper depending on the mfg. Most drivres give you x tries (apx 4???) and then lock-up forever. I'm sure that there is a back door, but don't expect to get it unless you live in San Jose and buy lots of pizza & bear for HDD firmware engineers. The one flaw in the system is that it is easy to sniff the ATA bus and read the password when it is written. I assume that this is the flaw for x-box.
    • Re:ATA Spec (Score:5, Informative)

      by Quikah (14419) on Tuesday December 09, 2003 @08:57PM (#7675486)
      According ot HP/Compaq it is based on ATA-3 specifications. There is a whitepaper discussing it here [compaq.com].

    • Sounds like a good opportunity for a malevolent trojan.

      Somehow hit that routine and increment the 'bad password try' password a handful of times and disable the machine 'permanently'.

      Wouldn't any machine that you put the drive in need to 'respect' the ATA password scheme? What if I put the drive in an old box?
      • Re:ATA Spec (Score:5, Informative)

        by Isomer (48061) on Wednesday December 10, 2003 @06:32AM (#7678595) Homepage
        The "permanently" is until the next power cycle. There are 5 attempts before you have to completely power cycle the drive, therefore slowing down brute force attacks on the password.

        You can reset the password but you lose all the data currently on the drive, look up SMART, I believe smartmontools under linux can tinker with these settings.
    • As I said in a different comment, I have an IBM T20 that supports this drive-locking feature. The drive will prompt me up to three times before rebooting the machine. It will not, however, permanently lock the drive.

      IBM may have chosen not to enable the "lock forever after X attempts" or perhaps it takes several reboots worth of attempts - I don't know.

      Personally, I've always felt this was a rather nice feature. I haven't heard of any back doors so, if there are any, they are either just available to a
    • Re:ATA Spec (Score:3, Funny)

      by drinkypoo (153816)

      buy lots of pizza & bear for HDD firmware engineers

      I like my bear pizza with wolverine, and a side of ocelot.

      Alternatively: Wouldn't that pizza go great with a cold, frosty bear? Oh no AUGWRUIJGHBWRGLFHK!

      I could go on like this for hours but I'd prefer to keep a little bit of karma...

    • There is a ATA command that formats the whole drive (needs some time), then you have a passwordless but very empty drive which you can use again.
  • by Exocet (3998) * on Tuesday December 09, 2003 @09:09PM (#7675581) Homepage Journal
    My T20 has this drive locking feature and I've been told the same thing - do NOT forget the password or you can toss the drive. When I worked at Intel drives occasionally got tossed when people forgot their HD passwords. They did not attempt a recovery of any sort.

    I *think* the 600-series IBM laptops also supported this feature, although I wouldn't swear to it.
    • They did not attempt a recovery of any sort.

      Because they couldn't, or because they wouldn't?
      • I can tell you that Intel's IT department, from my break-fix perspective, could NOT. Now, if it was Craig Barrett's laptop, I'm sure they still could NOT but they would ship it off right quick to some place that could.

        Keep in mind that Intel's break-fix help desk was no more skilled or well-versed in hardware or software than the helpdesk at your run of the mill large corporation. Sad but true.
    • Clean-room recovery should be possible. Remove the platters from the drive, place in read assembly, read data. Of course, anyone not backing up the critical data from their laptops should be shot on SysAdmin Stress Relief Day anyway.
      • Intel "sells" two diff backup "plans" to their employees - the department pays. One, if I recall correctly, is to back up stuff to the network via some piece of client/server software. Select the files, folders, leave laptop or machine on at certain time.

        The other is basically a backpack-style drive. I saw more of the former than the latter. Can't recall how they were utilizing network drives - if people usually put all their stuff up on a network drive or not. I think they were, but it's been awhile.
  • Can't be disabled? (Score:4, Interesting)

    by gaj (1933) on Tuesday December 09, 2003 @09:09PM (#7675584) Homepage Journal
    According to the text of the third link (I know, I know, WTF am I doing reading the links? And I'm not even new here), it appears that DriveLock must be enabled.
    1.
    When the DriveLock function is enabled and the User Password is forgotten, the device can be unlocked using the Master Password. [first footnote, first page, emphasis mine]
    If anyone has evidence that HPaq sells laptops with DriveLock permanently enabled, I'd love to hear about it, as I'm shopping for a new machine. (OT, but currently my short list is down to the Dell Inspiron 8600 or the IBM ThinkPad T40, but I'm considering HPaq as a budget alternative, as both of the above are a bit more than I really want to spend)
    • T40: Great machine, absolutely fantastic. Everything you want in a laptop. Cons: it's expensive.

      Inspiron 8600: Pretty good, not as great performance or battery-life wise, but if you're going to be using the computer plugged in a lot then this is negligible. Cost is sig. lower than T40.

      Dunno about the HPaq, but if you've ever bought a computer from HP or Compaq then you know what to do: back away slowly and reach for your cross.

      • they are not known for fabuloso linux compat. but they're not bad, and they have effing great (high-limit but nasty interest) financing deals. That's what swayed me- I am low on cash due to purchase of a bunch of airplane tickets, but wanted to give a few computers to my [broth,sist]er in-law. They hooked me up through small-biz financing (just give ssn as tax ID) with 6500usd credit line... and I have a 6-month credit history. Maybe you can get a better box than you thought.
        • Actually, the company I work for offers employees two year interest free financing for 90% of the cost of a computer system, so financing isn't the issue -- amount spent is. We have our first little one on the way, my wife's car lease is up next month (so we'll be buying a car), etc., so I don't really want to tie up any more money that I need to, ya know?

          Thanks for the tip, though!

      • Yeah, the T40 looks like rocks, but it's $200 to $500 more than the 8600 (depending upon how I spec each). My past experience tells me they're built to last, and the fact that IBM has a page devoted to Linux on ThinkPads is a plus!

        OTOH, the 8600 seems like it fits my needs perfectly; I use my laptop as my primary machine at home. Most of its travel will be from my office to the living room to the bedroom to the dining room, etc. Several times a year I'll need to travel with it for real. Besides, the wide

        • I'll agree on the T40's - they are lovely, durable machines. Just a word of warning on the T40p with the 64M ATI Mobility Fire GL 9000 video... I've had a devil of a time getting it to work. Xwindows seems to run just fine, but there is a five second delay or so accepting keyboard input. Seen the same issue with SuSE, Fedora, and a few other distributions. No idea where the problem is.

          Anyhow, phenomenal battery life, nice screen, good tactile feedback, and fairly thin and light. Well worth a little ex
          • Heh. Maybe I should send in an ask slashdot, eh? In fact, I think I'll do a search to make sure three wasn't a recent one (there I go again ... I'm going to lose my short UID that way) and if not, submit one. This is a perinial problem, and as good as Linux on Laptops [linux-laptop.net] is when you are researching a specific machine, there's no "what won't suck" section. Actually, what would rock is a review site that does both the current kind of reviews (preview and detailed review) along with stealing from the auto indust
            • fire up a journal entry and we can take it off line...
            • I use the Compaq Evo N610c -- Like it a whole lot, runs linux relatively well (ACPI support is a bitch), has the 1400x1050 14.1 inch panel, p4-2GHz, 512/40/combo. I'd have a look at the business notebook line from Hpaq -- not the consumer crap. One of my clients uses Dell laptops and one employee keeps his screen working by using a bulldog clip. Ars just did a review of the evo n620c -- centrino based and it looks pretty good too.
              • Thanks for the tip to check out the HPaq business line ... I did that for Dell (the D600 is on my short list). You said ACPI is a bitch, but does it work once you've got everything patched and configured? Also, how is the XFree support?

                I've created a journal entry for this discusion so we can take it out of this thread. Feel free to wander over to continue this if you get a chance.

        • Your car analogy is spot-on, IBM Thinkpads and Dell Latitudes are just worlds apart. But in my experience, both work fine under Linux, as long as you don't choose some weird video controller. In any event, make sure that you get a sufficient warranty, and don't break the LCD, since those generally aren't covered under warranty (but you should check -- better warrant coverage on that kind of thing could be the deciding factor). I had a T22, but it fell out of my bag on the stairs and cracked the LCD; now
  • ATA standard (Score:4, Interesting)

    by Anonymous Coward on Tuesday December 09, 2003 @09:20PM (#7675667)
    The Hard Disk ATA Standard allows for a hard rive to be locked, and unlocked. The passwords (user, and master) are not on the platter, but stored in a register on the controller board. The logic sequence on boot up is to check if the drive is locked, and if it is it won't unlock the drive until the proper command, then the password is sent to the drive.
    • So, if the passwords are really in a register on the controller board, swapping the platters with an identical drive should enable you to access your data, right? This assumes some sort of NVRAM on the controller board.

      If the lock is written on the platters themselves, then I guess you're out of luck unless you know somebody with a rogue controller that'll ignore or overwrite the lock. I expect the manufacturer and Ontrack have these. If I were building HDDs this way, I'd have an undocumented unlock comman
  • Sitting on my workbench right now is an old IBM thinkpad with the hard drive password locked. If this password were to be lost, I would have two options:

    1) Send the drive out to be "unlocked" by IBM (at great expense I may add)

    2) Throw it away

    Those would be my options. Luckily I have the password so everything is fine. This is an old feature that it seems a lot of people have either forgotten or are too new to remember.

    Cliff H

    P.S. Just for future reference, it's a 760E. :)

  • Same Issue (Score:5, Interesting)

    by DA-MAN (17442) on Tuesday December 09, 2003 @10:35PM (#7676248) Homepage
    My friend gave me an HD that he didn't need anymore, and it had a password set. My laptop did not recognize the drive when I didn't enter the password and my friend didn't remember his password.

    Just by dumb luck, I happen to have an external USB enclosure [outpost.com] and I figured what the hell. I put the drive in this and it worked fine as an external drive. However no amount of fdisk'ing, low level formatting or anything would remove the password. Oh well, it makes for a great Ghost'ing/portable hd that works (with fat16 or fat32) with just about every major OS out there.

    I believe it stores the information in some sort of NVRAM on the hard disk. Using a dumber implementation of IDE (I.E. the USB Enclosure) got around it, so it must require the BIOS to honor the password stored in NVRAM. Don't know much else.
    • The TravelStar series from IBM store the password in EEPROM on the logic board. So if you lost the password, the drive is useless. I think you might be able salvage the data buy simply swaping logic boards though. But, if the servo data has a serial number encoded someplace on the platter to reflect what's in EEPROM, then your SOL. At that point, physically break the drive (for peace of mind) and throw away.

    • That was something I guessed would work, but never had the opportunity to experiment. I assumed that the ATA drive locking used standard ATA INT 13 calls. External drives handle that through software and many don't (or optionally do) support INT 13. Good to know someone has tried it and it works.
  • All it does is lock the hardware and require a password! That's security by obscurity and is a bad thing!
  • It seems to be the ATA password. As it can be enabled and disabled and set at will, there is no encryption of the data stored on the maginetic surface itself, otherwise the disk would need awful lot of time to encrypt/decrypt everything. As most disks have only the head amplifiers inside the box with the platters and heads, I suppose the password itself will be located in some chip on the circuitboard, which is exchangeable. I'd love if someone here would try to swap the boards between passworded and unpass
  • Possible solution? (Score:2, Informative)

    by jgoemat (565882)
    I don't know if this will work in a general for hard drive locking or if the locking described is TiVo-specific, but here are some links...

    TiVo hacking faq on drive locking [samba.org]
    Unlock program for Quantum TiVo hard drive [9thtee.com]

    Supposedly the QUnlock.exe program will permanently unlock the drive, but then again it could be some kind of TiVo "locking" and not the hard drive password locking we're talking about.

  • If you do forget your password, you aren't entirely screwed. The locking doesn't actually encrypt anything, it just prevents access. Your data is still physically stored "in the clear" on the platters.

    So all you need to do is find an exact duplicate of the drive-- same model, same size, same revision, same everything. Make sure the password is null, or at least known. Remove the circuit board from the bad drive, replace it with the board from the good drive, and you're done.

    This is enough of a pain in the
  • by Blackheim (661904)
    I work as a tech repairing Compaq and Toshiba laptops. This locking was told to me at a recent training course with Toshiba. I don't know about Compaq (I guess its just that they use the Toshiba HDD's) but if you enable the feature you must sign a document with Toshiba that voids your warranty on the HDD for failure. The lock is actually a chip internal to the HDD itself and is not on the controller. If this chip locks. The drive is throwable, even data recovery centers are unable to recover the data. I am
  • I've got a Compaq (HP Compaq, bought it last year on Black Friday) laptop.

    Model: Presario 915US

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.

Working...