Table 4-2
Security features overview
Feature
Purpose
How it is established
Removable Media Boot Control Prevents booting from removable media
drives
From the Computer Setup (F10)
Utility menu
Serial, Parallel, USB,
or Infrared Interface Control
Prevents transfer of data through the
integrated serial, parallel, USB, or infrared
interface
From the Computer Setup (F10)
Utility menu
Power-On Password
Prevents use of the workstation until the
password is entered (applies to initial system
startup and restarts)
From the Computer Setup (F10)
Utility menu
Setup Password
Prevents reconfiguration of the workstation
(use of the Setup utility) until the password is
entered
From the Computer Setup (F10)
Utility menu
Network Server Mode
Provides unique security features for
workstations used as servers
From the Computer Setup (F10)
Utility menu
SATA hard disk drive security
HP workstations include the HP DriveLock facility for SATA hard disk drives to prevent unauthorized
access to data.
WARNING!
Enabling DriveLock can render a SATA hard disk drive permanently inaccessible if the
master password is lost or forgotten. No method exists to recover the password or access the data.
DriveLock has been implemented as an extension to Computer Setup (F10) functions. It is only available
when hard disk drives that support the ATA security command set are detected. On HP workstations, it
is not available when the SATA emulation mode is RAID+AHCI or RAID.
DriveLock is for HP customers for whom data security is a paramount concern. For such customers, the
cost of a hard disk drive and the loss of the data stored on it is inconsequential when compared to the
damage that could result from unauthorized access to its contents.
To balance this level of security with the need to address the issue of a forgotten password, the HP
implementation of DriveLock employs a two-password security scheme. One password is intended to be
set and used by a system administrator, while the other is typically set and used by the user.
No "back door" can be used to unlock the drive if both passwords are lost. Therefore, DriveLock is
most safely used when the data contained on the hard disk drive is replicated on a corporate
information system or is regularly backed up.
If both DriveLock passwords are lost, the hard disk drive is rendered unusable. For users who do not fit
the previously defined customer profile, this might not be acceptable. For users who fit this profile, it
might be a tolerable risk, given the nature of the data stored on the hard disk drive.
54
Chapter 4 System management
ENWW