HDD "locking" as a means for isolated multi-boot

Ceph92

Limp Gawd
Joined
Sep 17, 2019
Messages
132
Can you use HDD Passwords (or DriveLock, or equivalent) to securely multi-boot? That is, if two hard drives are installed with HDD passwords, can the BIOS select between these and prevent access to the drive that wasn't unlocked?

So if I have:

HDD A: windows
HDD B: linux

Can I start the machine, enter password for HDD A, boot from A, but B will remain totally inaccessible?

Presumably the BIOS will boot from the drive that it can access (A), but what selects the HDD to unlock? I also haven't seen where a BIOS supports separate passwords for separate HDDs, but maybe it's possible.
 
P.S. I considered some methods of encrypting each drive, and maybe that would be good in addition to this, but ideally the "other" HDD would be locked out so it can't be analyzed or corrupted by the operating OS.
 
I think it would have to be some sort of hardware device you'd have to plug into your computer. I don't think most consumer motherboards are set up to do anything like that.
 
Why don't you enable/disable the SATA port for each HDD? Enable SATA for HDD A, install OS then disable it, enable SATA for HDD B and then install OS. That also require an extra step to change the Boot sequence but should not be too difficult.
 
Use your boot menu to switch between the drives. If you don't have one or Windows is locking it out you can always go into the bios and look for "Boot override." Using "Boot override" in the bios allows you to boot off a difference device with changing the boot order.
 
Use your boot menu to switch between the drives. If you don't have one or Windows is locking it out you can always go into the bios and look for "Boot override." Using "Boot override" in the bios allows you to boot off a difference device with changing the boot order.

He wants it physically disabled so the other OS can't see it at all. What you're saying would absolutely work fine, but the other HDD would still be visible to the other OS.
 
He wants it physically disabled so the other OS can't see it at all. What you're saying would absolutely work fine, but the other HDD would still be visible to the other OS.

Right.

As I understand it, the drive locking feature is implemented in the drive's firmware. BIOS would have to support it, or -- maybe there's a bootloader out there that would?
 
I'm considering this on several PCs, but in particular this laptop, which supports 2-3 drives (m.2 + m.2 + sata). There are mobile drive racks for m.2 drives (via u.2 adapters) which would work for a desktop, but a laptop can't do that.
 
Last edited:
I'm considering this on several PCs, but in particular this laptop, which supports 2-3 m.2 drives. There are mobile drive racks for m.2 drives (via u.2 adapters) which would work for a desktop, but a laptop can't do that.
good thing you mentioned that in your op...
no way i know of doing it in a laptop. best i can think is to get your dual boot going and then hide the drives. if you use a bootloader they can usually do it.
 
I found this article about SED drives: https://www.pugetsystems.com/labs/articles/Introduction-to-Self-Encrypting-Drives-SED-557/
Which says a few interesting things:

"While talking with Asus, Super Micro, and Samsung, we have discovered that most desktop and server motherboards do fully support SEDs, but the ability to use an Authentication Key is expressly disabled. The reason for this appears to be that manufactures are afraid that a user may accidentally lock their hard drive and not remember what they used for the Authentication Key. "

"A second downside to SED encryption is that it will only work in simple disk configurations. You can have multiple drives in one system with SED encryption enabled and even use software RAID, but doing something like hardware-level RAID is simply not supported. "

"if you put in the incorrect password after three or four attempts, the system will simply keep the drive locked and continue the boot process. If that happens, the drive becomes completely unusable by the system until the computer is powered off and the correct key is entered."
 
Last edited:
good thing you mentioned that in your op...
no way i know of doing it in a laptop. best i can think is to get your dual boot going and then hide the drives. if you use a bootloader they can usually do it.

Hide the drives? How would it do that?
 
you take away their drive letter to do a simple "hide", its there but not normally accessible. a bootloader can hide drives or partitions completely.
I use a combination of EasyBCD to multiboot and Minitool Partition Wizard to hide drive letters. Use Partition Wizard in every Windows partition.
 
The simplest way would be getting a common utility to store the grub menu and letting access to the two different drives from there.
You could add code to isolate and operate the different OSes from their respective drives.
Make a code-container that holds both of them yet keeps them separate.
 
The simplest way would be getting a common utility to store the grub menu and letting access to the two different drives from there.
You could add code to isolate and operate the different OSes from their respective drives.
Make a code-container that holds both of them yet keeps them separate.
Grub is needed IF you are booting both Windows and Linux (or some other non-Windows OS). If you are multi-booting only Windows, then see my post #15.

I consider myself pretty computer-literate, but I have found grub hard to understand. It doesn't help matters that there are multiple versions of grub running around. If someone reading this thread is grub-literature, then you would be doing everyone a great service to post some templates showing multiple partitions each of Windows and Linux with instructions for change. Bonus points if some of the boot partitions are not on the same drive as the main version of Windows. My multi-boot arrangement, in post #15, includes Windows partitions on an SSD and also on an HDD for the non-production versions that I don't use that often.
 
Back
Top