Toughbook Hard Drive Encryption

I have a Panasonic Toughbook CF-Y4. I have changed the hard drive to upgrade from a 60GB to a 160GB. I used the Panasonic discs to restore my system back to its orginal state after placing the new hard drive in so I'm wondering if the new hard drive is now encrypted too. I believe there is a chip on the motherboard that is used for the hard drive encryption but I don't know if it's used in conjunction with software that Panasonic has, or that specific hard drive that was installed when my laptop was built.

If my new hard drive is not encrypted, is there a way to get the encryption back?

Thanks.

 

Are you SURE the original HD was encrypted? This is usually technology that is produced as an add-on, either by software or a combination of software and a hardware key, but not built-in from the manufacturer. Most security-minded organizations do this to keep the encryption technology secret and therefore want to keep it in-house. (Unless it was a specially-made MFR option - If anyone would do that, it would be Panasonic)

If this IS the case, then using the original restore disks SHOULD restore the software part of that package, & as long as you haven't removed the hardware key it should work exactly as before.

Just for grins & giggles, I suggest you put your old HD in an external USB enclosure and try it on a different computer. If you can read/write to it, then I'd say it was NOT encrypted. You can of course verify your NEW drive the same way as well, but that means taking the HD caddy apart.

mnem<~~~ Crypto-defenestrational*

 

http://www.truecrypt.org/

I give high praise to this program for situations where you need actual encryption. Also, its free, open source, and pretty effeciant.

 

Did I not read somewhere that there is a way to password protect the hard drive in a toughbook al-la password protection in bios?

 

I'm positive it came from the manufacturer. There's a built-in encryption using a TPM chip. Check out this link:

http://panasonic.com.sg/toughbook/business_mobile/ruggedized/

The issue is whether or not it works on any hard drive that is installed or only the factory one. The setting is in the bios so I'm assuming it will work on any drive but I need to be sure without opening this thing up again.

I've put my old drive in an enclosure and you can't read it. It's totally encrypted. There's a nice feature on this laptop where you can use an SD card as a key. If it's in the slot you don't need your password. You don't even have to hit an OK button. It just reads your pass from the card. Without the SD card it's locked down. Very cool.


I use TrueCrypt on other drives already.

 

I'm thinking I read about this in one of the user manuals. I don't have time to look right now, but I think you'll find instructions on putting the lock on the hard drive in a CF-28 manual. I believe it will work with any hard drive you install. Basically I think it's like putting a pass word in the bios.

 

Okay - I've conceded that Panasonic may have created a built-in encryption system for some of it's clients. It seems to me the next step to verify your new drive is encrypted would be to put your new drive in an external enclosure & see if it behaves the same way...

Most of the hardware encryption/security systems I've worked with will encrypt ANY data sent to any drive connected to the computer; some I've seen will even encrypt individual files stored on a flash drive WITHOUT disrupting non-encrypted content.

mnem
*pushing the crypto-envelope*

 

You're both kind of right.

That lock (which some of the toughbooks have) is kind of a sloppy two-pronged guard. On one prong, that HDD lock feature is built into the BIOS which disables access to the drive, providing the drive supports it (very few don't these days). The other prong is that the drive usually has a chip that acts like a password checker - match the BIOS part? yes = ok here you go, no = no soup for you! They have to work together. Because a chip is checking stuff, a platter reader can bypass it for data recovery without a problem and there are even a couple of really-difficult-to-find apps out that can bypass it too (theoretically you should be able to physically bypass the chip but I haven't heard anything about it). In that sense it doesn't encrypt the data, just the access to it from any cable interface which is usually good enough but also why I call it sloppy.

edit: that's just how Panasonic does it. There are companies out there that have programs to install into the BIOS that do all kinds of other things like send your IP back to them when you connect (for stolen drives/PCs), some that do actually encrypt everything, and some that require a physical key-card to be present. Again, those are 3rd party.

 

ZeroFlight -

Yeah, I just reread the webpage ht linked to - it states that the TPM chip is part of an optional Infineon TPM Professional Package, which means it IS 3rd party; I'm guessing Panasonic has some arrangement with them to provide for a custom install if the hardware portion REALLY is built-in.

Nifty.

ht - I think the only way to know for sure if your system encrypts the new HD is to try & look at it from within an external enclosure or install it as a second drive in a desktop system, as I suggested before.

mnem
*My drives are TOO HARD!!!*

 

Found this in a forum reviewfor CF-30;
"Security features include: Password Security: Supervisor, User, Hard-Disk Lock; Cable lock slot; Trusted Platform Module (TPM) v.1.2 security chip, optional finger print scanner, optional SmartCard reader"
Looks like both the "lock" and the TPM are included.
Zero, Is the lock, which I presume is in bios, stand alone or does it require hardware in the drive? This I think is the key(no pun intended) to the original question. If so the drive is not "encrypted", just locked, no?
ht, If I'm right, you should look in your setup for an option to put a password on access to your hard drive, just like other bios passwords.
Edit: Just looked a little more. On page 18 of the CF-27 Reference Manualon Modly's site are complete explanation and instructions for the "Hard Drive Lock".