Removable Media Boot Control
USB Interface Control
Network Server Mode
SATA hard drive security
HP computers include the HP DriveLock facility for SATA hard drives to prevent unauthorized access to data.
password is lost or forgotten. No method exists to recover the password or access the data.
DriveLock has been implemented as an extension to Computer Setup (F10) Utility functions. It is only
available when hard drives that support the ATA security command set are detected. On HP computers, it is
not available when the SATA emulation mode is RAID.
DriveLock is for HP customers for whom data security is the paramount concern. For such customers, the cost
of a hard drive and the loss of the data stored on it is inconsequential when compared to the damage that
could result from unauthorized access to its contents.
To balance this level of security with the need to address the issue of a forgotten password, the HP
implementation of DriveLock employs a two-password security scheme. One password is intended to be set
and used by a system administrator, while the other is typically set and used by the user.
No "back door" can be used to unlock the drive if both passwords are lost. Therefore, DriveLock is most safely
used when the data contained on the hard drive is replicated on a corporate information system or is regularly
If both DriveLock passwords are lost, the hard drive is inaccessible. For users who do not fit the previously
defined customer profile, this outcome might not be acceptable. For users who fit this profile, the outcome
might be a tolerable risk, given the nature of the data stored on the hard drive.
The most practical use of DriveLock is in a corporate environment. The system administrator would be
responsible for configuring the hard drive, which involves setting the DriveLock master password and a
temporary user password. If the system administrator forgets the user password or if the equipment is
passed on to another employee, the master password can be used to reset the user password and restore
access to the hard drive.
HP recommends that corporate system administrators who enable DriveLock also establish a corporate policy
for setting and maintaining master passwords. This precaution will prevent loss of information if an employee
sets both DriveLock passwords before leaving the company. In such a scenario, the hard drive is inaccessible
and must be replaced. Likewise, by not setting a master password, system administrators might find
themselves locked out of a hard drive and unable to perform routine checks for unauthorized software, other
asset control functions, and support.
For users with less stringent security requirements, HP does not recommend enabling DriveLock. Users in this
category include personal users, or users who do not maintain sensitive data on their hard drives as a
Chapter 2 System management
Prevents booting from removable media drives
Prevents transfer of data through the integrated USB interface
Prevents use of the computer until the password is entered (applies to initial system
startup and restarts)
Prevents reconfiguration of the computer (through Computer Setup (F10) Utility) until
the password is entered
Provides unique security features for computers used as servers
Enabling DriveLock can render a SATA hard drive permanently inaccessible if the master