Drivelock Hard Drive Protection; Tpm Enhanced Drivelock; Securing Devices - HP Compaq NC4010 Features Manual

HP notebooks enable a hard drive security feature called DriveLock. DriveLock, if enabled, locks the
hard drive with a password. At power-on, the user is prompted for the DriveLock password. The
hard drive is accessible only after the correct DriveLock password is entered.

DriveLock hard drive protection

DriveLock is not another password that the user has to remember. DriveLock integrates with power-on
password, and if both are the same, the user is required to enter only a single password in order to
unlock the system as well as the hard drive.
The DriveLock password is stored inside the hard drive itself, and cannot be read, it can only be
authenticated against. In practical terms, this means that an unauthorized user does not have any
means to read the DriveLock password stored on a hard drive. In order to unlock the hard drive, the
correct password has to be entered.
A hard drive protected with a drive lock password stays protected even if removed from one system
and inserted into another.
DriveLock can be enabled in BIOS setup by selecting DriveLock Passwords from the Security menu.
This will prompt the user to create a master password and a user password before enabling
DriveLock.
Best Practice
Always select a strong master and user password. Insure that the master
password is different from the user password. In the event that the user
password is lost, the master password can be used to access the hard drive
and to reset the user password.

TPM enhanced DriveLock

A new enhancement to the DriveLock feature is the TPM enhanced DriveLock. TPM enhanced
DriveLock is another HP professional innovation that adds a level of security to the computer without
sacrificing usability for the authorized user.
TPM enhanced DriveLock ties pre-boot embedded security chip authentication to DriveLock by
automatically using a TPM generated 32-character DriveLock user password. This DriveLock user
password is a random number and is not stored anywhere.
At pre-boot, once a user has successfully authenticated to the embedded security chip, the 32-
character DriveLock password is automatically entered and the boot process continues.
For an authorized user, the login process is completely transparent. However, unauthorized access is
now even more difficult due to the randomly generated DriveLock user password.
TPM enhanced DriveLock protection can be enabled in the BIOS setup, in the Security menu. It can
also be enabled in the BIOS configuration for HP ProtectTools in the Security section.

Securing Devices

If a computer is allowed to boot from a device other than the primary hard drive, the user
authentication built into the operating system can easily be bypassed. HP Notebooks provide very
sophisticated functionality that gives users control over multi-boot capability and boot order, in
addition to control over individual ports.
The device security features of the BIOS are split into two categories.
1. Controlling boot order and boot devices
6