03-30-2015 12:46 AM
I purchased a T440s with a 500GB OPAL HDD. I know the drive actual encrypts everything and automatically decrypts the data when the drive is accessed. To "activate" encryption I set up a HDD password in the BIOS setup. So whenever I power up my laptop, I'm prompted for this password.
I just purchased a Samsung EVO 500GB SSD which is also OPAL compliant. So likewise I know that everything written to it is actually encrypted. It came with software to clone my original HDD. My plans are to basically connect the new SSD as a USB connected drive and clone my HDD over to it. Then open up the laptop and swap the HDD with the new SSD.
So here are my questions:
1) When I set up a password in the BIOS for the HDD, does system actually write a copy of the password to my 500GB HDD? So when I remove the HDD drive and use it as a USB connected external drive I would still have to provide that password to gain access?
I kind of assume that this is how it works in order to actually protect my data on the drive. Otherwise if my laptop were ever stolen, to get around the hard drive password, all the thief would have to do is merely remove my drive from my laptop and connecting it to another laptop via a usb connection to get around the bios password.
2) So if I merely swap the two drives, the BIOS setup will still have the hard drive password. Once I swap the drives and boot up on my new SSD would the BIOS then write my hard drive password to the new SSD.
If a USB drive can't support the harddrive password then I would need to turn it off in the BIOS before removing the HDD and installing the SSD in its place and then turn by on the drive password in the BIOS.
Hoping someone has dealt with this before and has the answers. It would be nice if I could keep the password on the old HDD that I will use as an external USB backup. that way if it should ever get stolen my data is still protected.
Solved! Go to Solution.
03-31-2015 10:40 AM
You will not be able to access the drive in your USB enclosure if the drive has an ATA (BIOS) password configured. Before you remove it from the ThinkPad, you need to disable/clear the password in BIOS setup.
BIOS itself has no idea what the password is. So when you install the new drive, you will need to configure the password on it, in BIOS setup. This is not something that happens automatically.
So in summary, disable/clear the password from the old drive, physically remove the old drive, physically install the new drive, and then enable/set the password on the new drive.
As for your question about how to encrypt the data on your drive in the USB enclosure. The only choices I know are (1) use software encryption or (2) specialized USB enclosures like this:
03-31-2015 02:21 PM
Thanks!! This very helpful. It saved me from trying to remove the drive with the password still in place and then having to swap it back in again in order to remove it.