Hardware Reference
In-Depth Information
• Buffer type/size, indicating sector buffering or caching capabilities
• What security functions are available, and much, much more
Several freely available programs such as HWiNFO (
www.hwinfo.com
)
or CrystalDiskInfo
(
www.crystalmark.info
)
can execute this command, then translate and report the information
onscreen.
Many other enhanced commands are available, including room for a given drive manufacturer to
implement what are called
vendor-unique
commands. Certain vendors often use these commands for
features unique to that vendor. Often, vendor-unique commands control features such as low-level
formatting and defect management. This is why low-level format or initialization programs can be so
specific to a particular manufacturer's ATA drives and why many manufacturers make their own LLF
programs available.
ATA Security Mode
Support for drive passwords (called
ATA Security Mode
) was added to the ATA-3 specification in
1995. The proposal adopted in the ATA specification was originally from IBM, which had
developed this capability and had already begun incorporating it into ThinkPad systems and IBM 2.5-
inch drives. Because it was then incorporated into the official ATA-3 standard (finally published in
1997), most other drive and system manufacturers have also adopted this, especially for laptop
systems and 2.5-inch and smaller drives. Note that these passwords are
very
secure. If you lose or
forget them, they usually cannot be recovered, and you will never be able to access the data on the
drive.
More recently, ATA security has been augmented by drives that support internal
encryption/decryption using the Advanced Encryption Standard (AES). Drives supporting AES
automatically encrypt all data that is written and automatically decrypt the data when it is read. When
combined with a password set via ATA Security mode commands, the data on the drive will be
unrecoverable even if the HDD password is bypassed or the media (that is, platters or flash memory
chips) are removed from the drive and read directly. When AES encryption is employed on a drive
with a strong HDD password, without knowing the HDD password there is essentially no way to
recover the data. This type of security is recommended for laptops that can easily be lost or stolen.
Drive security passwords are set via the BIOS Setup, but not all systems support this feature. Most
laptops support drive security, but many desktops do not. If supported, two types of drive passwords
can be set, called
user
and
master
. The user password locks and unlocks the drive, whereas the
master password is used only to unlock. You can set a user password only, or you can set
user+master, but you cannot set a master password alone.
When a user password is set (with no master), or when both user+master passwords are set, access to
the drive is prevented (even if the drive is moved to a different system), unless the user (or master)
password is entered upon system startup.
The master password is designed to be an alternative or backup password for system administrators
as a master unlock. With both master and user passwords set, the user is told the user password but
not the master password. Subsequently, the user can change the user password as desired; however, a
system administrator can still gain access by using the master password.
If a user or user+master password is set, the disk must be unlocked at boot time via a BIOS-generated
password prompt. The appearance of the prompt varies from system to system. For example, in
