In the process of attempting to resolve the problem with my T40, I
removed the CMOS battery for an extended period (Batteries Plus couldn't
attach the wiring harness to a new battery until the next day).
To my surprise, when I booted the machine without the CMOS battery
present, it didn't ask me for the Power-On password, asking only for my
HDD password. If I hadn't had a password on my hard drive, the machine
would have been completely unprotected at the hardware level.
Once I replaced the CMOS battery, the POST sequence reported that the
machine had been "tampered with" and wouldn't boot without the BIOS
Administrator password. Once into the BIOS setup, I found that sure
enough, the Power-On password had been cleared.
I'm not sure if this is SOP for all modern Thinkpads, but it certainly
seemed like a security hole to me. Anyone who has eschewed the HDD
password in the belief that the power-on password is sufficient might
like to think again, too.
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Thinkpad mailing list
Thinkpad@stderr.org
http://stderr.org/cgi-bin/mailman/listinfo/thinkpad
Received on Mon Oct 2 16:19:04 2006
This archive was generated by hypermail 2.1.8 : Wed Nov 01 2006 - 20:00:05 EST