HDD "locking" as a means for isolated multi-boot

Ceph92

n00b
Joined
Sep 17, 2019
Messages
40
Can you use HDD Passwords (or DriveLock, or equivalent) to securely multi-boot? That is, if two hard drives are installed with HDD passwords, can the BIOS select between these and prevent access to the drive that wasn't unlocked?

So if I have:

HDD A: windows
HDD B: linux

Can I start the machine, enter password for HDD A, boot from A, but B will remain totally inaccessible?

Presumably the BIOS will boot from the drive that it can access (A), but what selects the HDD to unlock? I also haven't seen where a BIOS supports separate passwords for separate HDDs, but maybe it's possible.
 

Ceph92

n00b
Joined
Sep 17, 2019
Messages
40
P.S. I considered some methods of encrypting each drive, and maybe that would be good in addition to this, but ideally the "other" HDD would be locked out so it can't be analyzed or corrupted by the operating OS.
 

kirbyrj

Fully [H]
Joined
Feb 1, 2005
Messages
25,814
I think it would have to be some sort of hardware device you'd have to plug into your computer. I don't think most consumer motherboards are set up to do anything like that.
 

David-Duc

[H]ard|Gawd
Joined
Dec 22, 2010
Messages
1,143
Why don't you enable/disable the SATA port for each HDD? Enable SATA for HDD A, install OS then disable it, enable SATA for HDD B and then install OS. That also require an extra step to change the Boot sequence but should not be too difficult.
 

LBJM

Limp Gawd
Joined
Dec 17, 2011
Messages
320
Use your boot menu to switch between the drives. If you don't have one or Windows is locking it out you can always go into the bios and look for "Boot override." Using "Boot override" in the bios allows you to boot off a difference device with changing the boot order.
 

kirbyrj

Fully [H]
Joined
Feb 1, 2005
Messages
25,814
Use your boot menu to switch between the drives. If you don't have one or Windows is locking it out you can always go into the bios and look for "Boot override." Using "Boot override" in the bios allows you to boot off a difference device with changing the boot order.
He wants it physically disabled so the other OS can't see it at all. What you're saying would absolutely work fine, but the other HDD would still be visible to the other OS.
 

Ceph92

n00b
Joined
Sep 17, 2019
Messages
40
He wants it physically disabled so the other OS can't see it at all. What you're saying would absolutely work fine, but the other HDD would still be visible to the other OS.
Right.

As I understand it, the drive locking feature is implemented in the drive's firmware. BIOS would have to support it, or -- maybe there's a bootloader out there that would?
 

Ceph92

n00b
Joined
Sep 17, 2019
Messages
40
I'm considering this on several PCs, but in particular this laptop, which supports 2-3 drives (m.2 + m.2 + sata). There are mobile drive racks for m.2 drives (via u.2 adapters) which would work for a desktop, but a laptop can't do that.
 
Last edited:

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
18,139
I'm considering this on several PCs, but in particular this laptop, which supports 2-3 m.2 drives. There are mobile drive racks for m.2 drives (via u.2 adapters) which would work for a desktop, but a laptop can't do that.
good thing you mentioned that in your op...
no way i know of doing it in a laptop. best i can think is to get your dual boot going and then hide the drives. if you use a bootloader they can usually do it.
 

Ceph92

n00b
Joined
Sep 17, 2019
Messages
40
I found this article about SED drives: https://www.pugetsystems.com/labs/articles/Introduction-to-Self-Encrypting-Drives-SED-557/
Which says a few interesting things:

"While talking with Asus, Super Micro, and Samsung, we have discovered that most desktop and server motherboards do fully support SEDs, but the ability to use an Authentication Key is expressly disabled. The reason for this appears to be that manufactures are afraid that a user may accidentally lock their hard drive and not remember what they used for the Authentication Key. "

"A second downside to SED encryption is that it will only work in simple disk configurations. You can have multiple drives in one system with SED encryption enabled and even use software RAID, but doing something like hardware-level RAID is simply not supported. "

"if you put in the incorrect password after three or four attempts, the system will simply keep the drive locked and continue the boot process. If that happens, the drive becomes completely unusable by the system until the computer is powered off and the correct key is entered."
 
Last edited:

Ceph92

n00b
Joined
Sep 17, 2019
Messages
40
good thing you mentioned that in your op...
no way i know of doing it in a laptop. best i can think is to get your dual boot going and then hide the drives. if you use a bootloader they can usually do it.
Hide the drives? How would it do that?
 
Top