Difference between revisions of "Hidden Protected Area"

From ThinkWiki
Jump to: navigation, search
m (Windows shouldn't be able to bypass secure mode too)
m (Models featuring this Technology)
 
(35 intermediate revisions by 13 users not shown)
Line 4: Line 4:
 
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
 
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
 
=== The Hidden Protected Area ===
 
=== The Hidden Protected Area ===
The Hidden Protected Area (generally known as the Host Protected Area) is a special area (usually a few gigabytes in size) located at the end of a harddisk. It is preinstalled on the harddisks of some ThinkPads. It can be hidden to the software running on your ThinkPad. It includes all the software and data needed to recover the preloaded state of the ThinkPad. The HPA also includes some diagnostic tools and a (MS Windows only) backup tool.
+
The Hidden Protected Area (also known as the Host Protected Area) is a special area (usually a few gigabytes in size) located at the end of a hard disk. It is preinstalled on the harddisks of some ThinkPads. It is normally hidden to the software running on your ThinkPad. It includes all the software and data needed to recover the preloaded state of the ThinkPad. The HPA also includes some diagnostic tools and a (MS Windows only) backup tool.
  
The HPA was introduced with the R/T/X 40 series of ThinkPads. It is refered to as the Predesktop Area in the BIOS Setup Utility. Recent ThinkPads can have a (hidden) partition that is also called [[Predesktop Area|Predesktop Area]] in the BIOS Setup Utility. That (hidden) partition is not an HPA. More information can be found in [[Rescue and Recovery | Rescue and Recovery]],
+
The HPA was introduced with the R40, T40 and X30 series of ThinkPads. It is refered to as the Predesktop Area in the BIOS Setup Utility. Recent ThinkPads can have a (hidden) partition that is also called [[Predesktop Area|Predesktop Area]] in the BIOS Setup Utility. That (hidden) partition is not an HPA. More information can be found in [[Rescue and Recovery | Rescue and Recovery]],
 
</div>
 
</div>
 
|style="vertical-align:top;padding-right:10px;width:10px;white-space:nowrap;" | [[Image:hpa.jpg|IBM PreDesktop Area]]
 
|style="vertical-align:top;padding-right:10px;width:10px;white-space:nowrap;" | [[Image:hpa.jpg|IBM PreDesktop Area]]
Line 12: Line 12:
  
 
==General information about the HPA==
 
==General information about the HPA==
As opposed to [[Rescue and Recovery|Recovery partitions]] Protected Service Areas (PSAs) such as the HPA are (lets say) images of partitions written to the end of a harddisk. They are only accessible through their BEER. The general idea is that with the correct settings in BIOS (and some cooperation of the OS) the PSAs are totally hidden from all ordinary tools. Under certain conditions they still could be accessible through special PSA tools and under GNU/Linux they are only accessible with low level tools like dd.
+
As opposed to [[Rescue and Recovery|Recovery Partitions]], Protected Service Areas (PSAs) such as the HPA are (let's say) images of partitions written to the end of a harddisk. They are only accessible through their BEER. The general idea is that, under control of the BIOS, the PSAs are totally hidden from all ordinary software, including malware (viruses, trojans, spyware). They are only accessible when permitted by the BIOS, and even then only through special HPA-aware tools. Under GNU/Linux they are only accessible with low level tools like dd.
  
The HPA seems to be using [http://www.phoenix.com/en/Products/Trusted+Applications/Phoenix+FirstWare/default.htm Phoenix FirstWare]. FirstWare is (in short) an implementation of two technologies: BEER and PARTIES. (Yes, those names are correct!) BEER (Boot Engineering Extension Record) and PARTIES (Protected Area Run Time Interface Extension Services) are described in [http://www.t13.org/project/d1367r3-PARTIES.pdf this T13 working draft]. There is a more general introduction to PARTIES on the [http://www-1.ibm.com/support/docview.wss?rs=0&uid=psg1MIGR-51248&loc=en_US IBM site].
+
The HPA is based on [http://www.phoenix.com/en/Products/Trusted+Applications/Phoenix+FirstWare/default.htm Phoenix FirstWare]. FirstWare is (in short) an implementation of two technologies: BEER and PARTIES. (Yes, those names are correct!) BEER (Boot Engineering Extension Record) and PARTIES (Protected Area Run Time Interface Extension Services) are described in [http://t13.org/Documents/UploadedDocuments/project/d1367r3-PARTIES.pdf this T13 working draft]. There is a more general introduction to PARTIES on the [http://www-1.ibm.com/support/docview.wss?rs=0&uid=psg1MIGR-51248&loc=en_US IBM site]. FirstWare depends on certain [http://en.wikipedia.org/wiki/Advanced_Technology_Attachment#ATA_standards_versions.2C_transfer_rates.2C_and_features ATA-5] commands, so it won't work with lower ATA level (earlier) drives or even with all ATA-5 drives. Unfortunately, there is no public HPA compatibility tester or list of compatible drives.
  
Basically, what seems to be going on is that the Phoenix BIOS hides the last few gigabytes of the harddisk (that is the HPA) to the OS. Note that this is just a setting in the BIOS and can be disabled. The HPA can be accessed by pressing {{ibmkey|Access IBM|#495988}} or {{key|Enter}} at boot time. The BIOS will then parse the BEER (128 bytes, situated in the last sector of 512 bytes of the harddisk) and the "Directory of Services" (consisting of directory entries of 64 bytes each, starting in the last sector and spilling over into the previous sectors) to see what part of the HPA should be launched. In (most?) ThinkPads the BEER tells the BIOS to launch the Access IBM Predesktop Area. The system will then actually be booting into a (minimal) DOS which is able to launch a graphical shell (called Phoenix FirstSight). IBM has simply rebranded this graphical shell to the Access IBM Predesktop Area. From this graphical shell one can launch several tools (BIOS Setup Utility, diagnostic tools, recovery tools).
+
Basically, what's going on is that the Phoenix BIOS commands the drive to hide the last few gigabytes of the hard disk (the HPA). To the non-HPA aware software, the drive appears to have a smaller size. Note that this is just a setting in the BIOS and can be disabled. The HPA can be accessed by pressing {{ibmkey|Access IBM|#495988}} or {{key|Enter}} at boot time. The BIOS will then parse the BEER (128 bytes, situated in the last sector of 512 bytes of the harddisk) and the "Directory of Services" (consisting of directory entries of 64 bytes each, starting in the last sector and spilling over into the previous sectors) to see what part of the HPA should be launched. In (most?) ThinkPads the BEER tells the BIOS to launch the Access IBM Predesktop Area. The system will then actually be booting into a (minimal) DOS environment which is able to launch a graphical shell (called Phoenix FirstSight). IBM has simply rebranded this graphical shell to the Access IBM Predesktop Area. From this graphical shell one can launch several tools (BIOS Setup Utility, diagnostic tools, recovery tools).
  
 
==Three BIOS options==
 
==Three BIOS options==
 
The BIOS has three settings for the "IBM Predesktop Area" (in the Security category):
 
The BIOS has three settings for the "IBM Predesktop Area" (in the Security category):
*Secure: No user or SW-initiated changes
+
*Secure: No user or SW-initiated changes; Contents hidden from OS
 
*Normal: Change allowed; Contents hidden from OS
 
*Normal: Change allowed; Contents hidden from OS
*Disabled: Not Usable. Visible and Reclaimable
+
*Disabled: Not Usable; Visible and Reclaimable
  
 
Normal is the default setting. One can boot into the Predesktop Area when either Secure or Normal is set. When Disabled is set the Predesktop Area will not boot. According to the [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper] the HPA is both "locked"{{footnote|1}} and "hidden" when Secure is set and only "hidden" when normal is set. In practice the result seems to be that the HPA is totally unavailable to the Linux kernel (and therefore all applications) when Secure is set. (The HPA should be unavailable in "Secure mode" for all operating systems, MS Windows included.) One would expect the HPA to be only accessable to HPA aware tools when Normal is set. However, recent kernels disable the HPA by default when Normal is set. Note that [http://marc.theaimsgroup.com/?l=linux-ide&w=2&r=1&s=Host+protected+area&q=b recent threads on linux-ide] suggest that the ThinkPad will reenable the HPA on resume and thus causing (possibly serious) conflicts with the GNU/Linux system (that assumes the HPA is still available).
 
Normal is the default setting. One can boot into the Predesktop Area when either Secure or Normal is set. When Disabled is set the Predesktop Area will not boot. According to the [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper] the HPA is both "locked"{{footnote|1}} and "hidden" when Secure is set and only "hidden" when normal is set. In practice the result seems to be that the HPA is totally unavailable to the Linux kernel (and therefore all applications) when Secure is set. (The HPA should be unavailable in "Secure mode" for all operating systems, MS Windows included.) One would expect the HPA to be only accessable to HPA aware tools when Normal is set. However, recent kernels disable the HPA by default when Normal is set. Note that [http://marc.theaimsgroup.com/?l=linux-ide&w=2&r=1&s=Host+protected+area&q=b recent threads on linux-ide] suggest that the ThinkPad will reenable the HPA on resume and thus causing (possibly serious) conflicts with the GNU/Linux system (that assumes the HPA is still available).
Line 31: Line 31:
 
Fabrice Bellet describes a [http://bellet.info/laptop/t40.html#the_predesktop_area technique he used] to explore the HPA of his ThinkPad T40, using GNU/Linux tools. This technique is only for the more curious or more careless people. It uses "dd" to copy the sectors on the harddisk containing the HPA from "/dev/hda" to a new file: when using "dd" on "/dev/hda" you are only one small typo away from an unrecoverable disaster!
 
Fabrice Bellet describes a [http://bellet.info/laptop/t40.html#the_predesktop_area technique he used] to explore the HPA of his ThinkPad T40, using GNU/Linux tools. This technique is only for the more curious or more careless people. It uses "dd" to copy the sectors on the harddisk containing the HPA from "/dev/hda" to a new file: when using "dd" on "/dev/hda" you are only one small typo away from an unrecoverable disaster!
  
Here follows a more detailed description of the HPA on a ThinkPad T41 (60 GB harddisk) to contrast his findings.
+
Another option is the [http://home.tiscali.nl/pebolle/code/hpafs Hidden Protected Area FileSystem], a read-only [http://fuse.sf.net FUSE] (Filesystem in USErspace). hpafs allows to analyze, backup, etc. the HPA. The current release is hpafs-0.1.0 (alpha, developers only). Check the [http://home.tiscali.nl/pebolle/code/hpafs/README README] for further details.
  
On this ThinkPad T41 the HPA is 3,4 GB in size. It contains 8 consecutive PSAs (Protected Service Areas). Six of those start with an x86 boot sector.
+
Good news for all who need to copy HPA from an old disk to a new one.
 +
[http://sourceforge.net/projects/fiesta fiesta] is an easy (hence its name) to use info/backup/restore/copy tool for HPA equipped computers. Apart from displaying detailed information about the structure of HPA, it allows for extraction of HPA "partitions", or PSA's, direct mounting (if they contain a filesystem), and most importantly, a copy of entire HPA from one disk to the other, in case of a disk up(down)grade, in a simple two-step procedure.
  
* The first PSA is 3,2 GB in size. The OEM-ID of the boot sector is: "IBM  7.1". It seems to hold a copy of the preloaded OS and everything needed to generate a bootable DVD-ROM for it, even an El Torito boot image and a boot catalog: see [[Backing up the preloaded OS]].
+
Finally, the powerful set of tools to deal with HPA and PSA's (called, very naturely, [http://freenet-homepage.de/moyamu/sw/hpatools/index.html hpatools]) is discussed in [http://www.p35-forum.de/board/thread.php?threadid=6083 this thread]. That stuff is German language only, but [http://jamesie.de/thinkpad/index.en.html here] is a translation that was successfully tested with a X31.
  
* The second PSA is exactly 2 MB in size. According to its entry in the Directory of Service it's the "BIOSWORKAREA".  
+
==How to reclaim the HPA==
 +
After disabling the "IBM Predesktop Area" (with the BIOS option "Disabled", see above) it's possible to reclaim the area used by the HPA. Then one can include that area in a partition with standard tools (i.e. fdisk, mkfs) as it will be treated just as regular free space of the hard disk.
 +
 
 +
If you'd like to use the original drive with an IDE to USB adapter after replacing it, the usb disk may still not be useable to its full capacity, since for Hitachi Travelstar hard disks the "clipping" feature may be activated to hide the HPA as well. With the Hitachi Feature Tool ftool.exe available as a bootable CD ISO (http://www.thgweb.de/downloads/display.php?id=1124) it's possible to readjust the disk capacity to its original value. This works only with the disk connected to the IDE bus during the procedure.
  
* The third PSA is only 7,4 MB in size. The OEM-ID of the boot sector is: "MSWIN4.1". It seems to be an image of a 1,44 MB bootable floppy disk (with MS DOS) and a directory containig 6 MB of FirstWare tools. It will be launched by the "Recover to factory contents" tool of the Predesktop Area. Those "factory contents" should be the data on the first PSA.
+
==Alternative uses?==
 +
It might be possible to use the FirstWare tools included in the HPA to make the HPA more useful for GNU/Linux purposes. For instance, the copy of the preloaded OS could be replaced with an emergency backup of your GNU/Linux distribution. Maybe the Predesktop area could be even used to boot into a GNU/Linux rescue system. Whether the Phoenix proprietary tools really allow alternative uses and whether those tools do not make it too hard to accomplish those cannot yet be said. It seems realistic to assume that the benefits of those alternative uses aren't worth the effort to accomplish them. Still, it might be fun (altough possibly hazardous to your system) to try ...
  
* The fourth PSA is only 1,4 MB in size. The OEM-ID of the boot sector is: "IBM  7.1". It too seems to be an image of a (sort of) 1,44 MB bootable floppy disk. It will be launched by the "Restore your backups" tool of the Predesktop Area.
+
==Problems caused by the HPA==
  
* The fifth PSA is again 7,4 MB in size. The OEM-ID of the boot sector is: "IBM 7.0". It will be launched by the "Run diagnostics" tool of the Predesktop Area.
+
===Resuming from suspend===
 +
As of Linux 2.6.18, having a HPA may cause errors when resuming the laptop from suspend-to-RAM or suspend-to-diskSee the section called "SectorIdNotFound disk errors when laptop is resumed" in [[Problems with ACPI suspend-to-ram | ACPI suspend problems]].
  
* The sixth PSA is also 7,4 MB in size and the OEM-ID of the boot sector also is: "IBM  7.0". It will be launched by the "Create diagnostic disks" tool of the Predesktop Area. It contains a copy of a (sort of) bootable 1,44 MB floppy disk, some tools and compressed copies of the diagnostic disks.
+
===Failure to boot===
 +
If the HPA is enabled in the BIOS (mode set to "Normal"), Linux may get confused about the correct partition geometry. The exact reason is not clear, but apparently a Linux installation may overwrite/damage the HPA, which then causes problems during boot. The problem may also be caused by changing the BIOS mode of the HPA after the installation of Linux.
  
* The seventh PSA is only 1,4 MB in size. The OEM-ID of the boot sector is "PHOENIX". It seems to be a copy of a (sort of) 1.44 MB bootable floppy disk too and only contains a (minimal) DOS and the FirstSight application. Basically, this is the Access IBM Predesktop Area.
+
Reported symptoms are:
 +
* Linux fails to boot: On boot, Grub displays ''Error 17''; Lilo shows ''L 99 99 99 99 ...''
 +
* Windows XP bluescreens during booting, with the message ''STOP [....] UNMOUNTABLE_BOOT_VOLUME''
  
* The eigth PSA is 101 MB in size. It doesn't have a boot sector. It contains the FirstWare Reserved Area. That probably is some sort of swap space for the FirstWare system.
+
See for example this bug report from Ubuntu:  [https://bugs.launchpad.net/ubuntu/+bug/25451 Bug #25451: Thinkpad BIOS can't hide the Predesktop area]
  
==How to reclaim the HPA==
+
This problem can apparently be fixed by setting the HPA mode to "Disable" in the BIOS setup.  
After disabling the "IBM Predesktop Area" (with the BIOS option "Disabled", see above) it's possible to reclaim the area used by the HPA. Then one can include that area in a partition with standard tools (i.e. fdisk, mkfs) as it will be treated just as regular free space of the hard disk.
 
  
==Alternative uses?==
+
Note that this setting will allow software to overwrite the HPA. In particular, a subsequent Linux installation is likely to overwrite the HPA whent it wipes the drive. If you need the recovery features of the recovery system installed in the HPA, you should probably keep the setting to "Secure". However, if you experience the boot problems describe above, your HPA is probably already destroyed, so "Disable" is the best setting (in some cases, the BIOS will actually force you to set "Disable" if it detects that the HPA has been deleted).
It might be possible to use the FirstWare tools included in the HPA to make the HPA more useful for GNU/Linux purposes. For instance, the copy of the preloaded OS could be replaced with an emergency backup of your GNU/Linux distribution. Maybe the Predesktop area could be even used to boot into a GNU/Linux rescue system. Whether the Phoenix proprietary tools really allow alternative uses and whether those tools do not make it too hard to accomplish those cannot yet be said. It seems realistic to assume that the benefits of those alternative uses aren't worth the effort to accomplish them. Still, it might be fun (altough possibly hazardous to your system) to try ...
 
  
 
==External Sources==
 
==External Sources==
 
*[http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper]
 
*[http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper]
 
*[http://www-3.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46025 Predesktop Aministrator Utility (DOS)]
 
*[http://www-3.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46025 Predesktop Aministrator Utility (DOS)]
*[http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+INCITS+346-2001 Protected Area Run Time Interface Extension Services (PARTIES) ANSI INCITS 346-2001 ($18)]
+
*[http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+INCITS+346-2001+(R2006) Protected Area Run Time Interface Extension Services (PARTIES) ANSI INCITS 346-2001 ($30)]
 +
*[http://t13.org/Documents/UploadedDocuments/project/d1367r3-PARTIES.pdf The latest free draft of ANSI INCITS 346-2001 (BEER specs)]
 
*[http://www.phoenix.com/NR/rdonlyres/7465D3CF-B0E3-4F64-9122-47D9C83028D0/0/cme_firstware_wp.pdf Phoenix FirstWare White Paper]
 
*[http://www.phoenix.com/NR/rdonlyres/7465D3CF-B0E3-4F64-9122-47D9C83028D0/0/cme_firstware_wp.pdf Phoenix FirstWare White Paper]
 
*[http://www.win.tue.nl/~aeb/linux/Large-Disk-11.html Section 11 of the Large Disk HOWTO (Clipped disks)]
 
*[http://www.win.tue.nl/~aeb/linux/Large-Disk-11.html Section 11 of the Large Disk HOWTO (Clipped disks)]
 
+
*[http://home.tiscali.nl/pebolle/code/hpafs/hpafs-0.1.0.tgz hpafs-0.1.0.tgz]
 +
*[http://sourceforge.net/projects/fiesta fiesta]
 +
*[http://freenet-homepage.de/moyamu/sw/hpatools/index.html hpatools]
 
==Models featuring this Technology==
 
==Models featuring this Technology==
 +
*ThinkPad {{G40}}
 
*ThinkPad {{R40}}, {{R40e}}, {{R50}}, {{R50e}}, {{R50p}}, {{R51}}, {{R52}}
 
*ThinkPad {{R40}}, {{R40e}}, {{R50}}, {{R50e}}, {{R50p}}, {{R51}}, {{R52}}
 
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
 
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
*ThinkPad {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}
+
*ThinkPad {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}, {{X61s}}, {{X61_Tablet}}
 +
*ThinkPad {{Z61m}}
  
 
{{footnotes|
 
{{footnotes|
# Presumably by having the BIOS use the SET MAX security extension. The BIOS seems to set a password for the HPA at boot (using the SETMAX-SET PASSWORD command) and after that use that password to issue a SETMAX-LOCK command. Since the password is unknown (and most likely changes at every Secure boot) the HPA is inaccessable to all programs running on the ThinkPad.  
+
# Presumably by having the BIOS use the SET MAX security extension. The BIOS seems to set a password for the HPA at boot (using the SETMAX-SET PASSWORD command) and after that use that password to issue a SETMAX-LOCK command. Since the password is unknown (and most likely changes at every Secure boot) the HPA is inaccessable to all programs running on the ThinkPad.<BR><BR>Something similar would be possible running in Normal mode. Then a program could issue the SETMAX-SET PASSWORD command. At the moment there's no program running under GNU/Linux capable of doing that. Of course this is possibly less secure: it's (theoretically) possible that other (rogue) programs get hold of that password.
 
 
Something similar would be possible running in Normal mode. Then a program could issue the SETMAX-SET PASSWORD command. At the moment there's no program running under GNU/Linux capable of doing that. Of course this is possibly less secure: it's (theoretically) possible that other (rogue) programs get hold of that password.
 
 
}}
 
}}
  
 
[[Category:Glossary]]
 
[[Category:Glossary]]

Latest revision as of 22:37, 27 January 2014

The Hidden Protected Area

The Hidden Protected Area (also known as the Host Protected Area) is a special area (usually a few gigabytes in size) located at the end of a hard disk. It is preinstalled on the harddisks of some ThinkPads. It is normally hidden to the software running on your ThinkPad. It includes all the software and data needed to recover the preloaded state of the ThinkPad. The HPA also includes some diagnostic tools and a (MS Windows only) backup tool.

The HPA was introduced with the R40, T40 and X30 series of ThinkPads. It is refered to as the Predesktop Area in the BIOS Setup Utility. Recent ThinkPads can have a (hidden) partition that is also called Predesktop Area in the BIOS Setup Utility. That (hidden) partition is not an HPA. More information can be found in Rescue and Recovery,

IBM PreDesktop Area

General information about the HPA

As opposed to Recovery Partitions, Protected Service Areas (PSAs) such as the HPA are (let's say) images of partitions written to the end of a harddisk. They are only accessible through their BEER. The general idea is that, under control of the BIOS, the PSAs are totally hidden from all ordinary software, including malware (viruses, trojans, spyware). They are only accessible when permitted by the BIOS, and even then only through special HPA-aware tools. Under GNU/Linux they are only accessible with low level tools like dd.

The HPA is based on Phoenix FirstWare. FirstWare is (in short) an implementation of two technologies: BEER and PARTIES. (Yes, those names are correct!) BEER (Boot Engineering Extension Record) and PARTIES (Protected Area Run Time Interface Extension Services) are described in this T13 working draft. There is a more general introduction to PARTIES on the IBM site. FirstWare depends on certain ATA-5 commands, so it won't work with lower ATA level (earlier) drives or even with all ATA-5 drives. Unfortunately, there is no public HPA compatibility tester or list of compatible drives.

Basically, what's going on is that the Phoenix BIOS commands the drive to hide the last few gigabytes of the hard disk (the HPA). To the non-HPA aware software, the drive appears to have a smaller size. Note that this is just a setting in the BIOS and can be disabled. The HPA can be accessed by pressing Access IBM or Enter at boot time. The BIOS will then parse the BEER (128 bytes, situated in the last sector of 512 bytes of the harddisk) and the "Directory of Services" (consisting of directory entries of 64 bytes each, starting in the last sector and spilling over into the previous sectors) to see what part of the HPA should be launched. In (most?) ThinkPads the BEER tells the BIOS to launch the Access IBM Predesktop Area. The system will then actually be booting into a (minimal) DOS environment which is able to launch a graphical shell (called Phoenix FirstSight). IBM has simply rebranded this graphical shell to the Access IBM Predesktop Area. From this graphical shell one can launch several tools (BIOS Setup Utility, diagnostic tools, recovery tools).

Three BIOS options

The BIOS has three settings for the "IBM Predesktop Area" (in the Security category):

  • Secure: No user or SW-initiated changes; Contents hidden from OS
  • Normal: Change allowed; Contents hidden from OS
  • Disabled: Not Usable; Visible and Reclaimable

Normal is the default setting. One can boot into the Predesktop Area when either Secure or Normal is set. When Disabled is set the Predesktop Area will not boot. According to the Predesktop Area white paper the HPA is both "locked"1 and "hidden" when Secure is set and only "hidden" when normal is set. In practice the result seems to be that the HPA is totally unavailable to the Linux kernel (and therefore all applications) when Secure is set. (The HPA should be unavailable in "Secure mode" for all operating systems, MS Windows included.) One would expect the HPA to be only accessable to HPA aware tools when Normal is set. However, recent kernels disable the HPA by default when Normal is set. Note that recent threads on linux-ide suggest that the ThinkPad will reenable the HPA on resume and thus causing (possibly serious) conflicts with the GNU/Linux system (that assumes the HPA is still available).

With Disabled you should be able to safely reclaim the area used by the HPA (to GNU/Linux it basically is unallocated space on the harddisk).

Details of the HPA

Fabrice Bellet describes a technique he used to explore the HPA of his ThinkPad T40, using GNU/Linux tools. This technique is only for the more curious or more careless people. It uses "dd" to copy the sectors on the harddisk containing the HPA from "/dev/hda" to a new file: when using "dd" on "/dev/hda" you are only one small typo away from an unrecoverable disaster!

Another option is the Hidden Protected Area FileSystem, a read-only FUSE (Filesystem in USErspace). hpafs allows to analyze, backup, etc. the HPA. The current release is hpafs-0.1.0 (alpha, developers only). Check the README for further details.

Good news for all who need to copy HPA from an old disk to a new one. fiesta is an easy (hence its name) to use info/backup/restore/copy tool for HPA equipped computers. Apart from displaying detailed information about the structure of HPA, it allows for extraction of HPA "partitions", or PSA's, direct mounting (if they contain a filesystem), and most importantly, a copy of entire HPA from one disk to the other, in case of a disk up(down)grade, in a simple two-step procedure.

Finally, the powerful set of tools to deal with HPA and PSA's (called, very naturely, hpatools) is discussed in this thread. That stuff is German language only, but here is a translation that was successfully tested with a X31.

How to reclaim the HPA

After disabling the "IBM Predesktop Area" (with the BIOS option "Disabled", see above) it's possible to reclaim the area used by the HPA. Then one can include that area in a partition with standard tools (i.e. fdisk, mkfs) as it will be treated just as regular free space of the hard disk.

If you'd like to use the original drive with an IDE to USB adapter after replacing it, the usb disk may still not be useable to its full capacity, since for Hitachi Travelstar hard disks the "clipping" feature may be activated to hide the HPA as well. With the Hitachi Feature Tool ftool.exe available as a bootable CD ISO (http://www.thgweb.de/downloads/display.php?id=1124) it's possible to readjust the disk capacity to its original value. This works only with the disk connected to the IDE bus during the procedure.

Alternative uses?

It might be possible to use the FirstWare tools included in the HPA to make the HPA more useful for GNU/Linux purposes. For instance, the copy of the preloaded OS could be replaced with an emergency backup of your GNU/Linux distribution. Maybe the Predesktop area could be even used to boot into a GNU/Linux rescue system. Whether the Phoenix proprietary tools really allow alternative uses and whether those tools do not make it too hard to accomplish those cannot yet be said. It seems realistic to assume that the benefits of those alternative uses aren't worth the effort to accomplish them. Still, it might be fun (altough possibly hazardous to your system) to try ...

Problems caused by the HPA

Resuming from suspend

As of Linux 2.6.18, having a HPA may cause errors when resuming the laptop from suspend-to-RAM or suspend-to-disk. See the section called "SectorIdNotFound disk errors when laptop is resumed" in ACPI suspend problems.

Failure to boot

If the HPA is enabled in the BIOS (mode set to "Normal"), Linux may get confused about the correct partition geometry. The exact reason is not clear, but apparently a Linux installation may overwrite/damage the HPA, which then causes problems during boot. The problem may also be caused by changing the BIOS mode of the HPA after the installation of Linux.

Reported symptoms are:

  • Linux fails to boot: On boot, Grub displays Error 17; Lilo shows L 99 99 99 99 ...
  • Windows XP bluescreens during booting, with the message STOP [....] UNMOUNTABLE_BOOT_VOLUME

See for example this bug report from Ubuntu: Bug #25451: Thinkpad BIOS can't hide the Predesktop area

This problem can apparently be fixed by setting the HPA mode to "Disable" in the BIOS setup.

Note that this setting will allow software to overwrite the HPA. In particular, a subsequent Linux installation is likely to overwrite the HPA whent it wipes the drive. If you need the recovery features of the recovery system installed in the HPA, you should probably keep the setting to "Secure". However, if you experience the boot problems describe above, your HPA is probably already destroyed, so "Disable" is the best setting (in some cases, the BIOS will actually force you to set "Disable" if it detects that the HPA has been deleted).

External Sources

Models featuring this Technology


FOOTNOTES [Δ]
  1. Presumably by having the BIOS use the SET MAX security extension. The BIOS seems to set a password for the HPA at boot (using the SETMAX-SET PASSWORD command) and after that use that password to issue a SETMAX-LOCK command. Since the password is unknown (and most likely changes at every Secure boot) the HPA is inaccessable to all programs running on the ThinkPad.

    Something similar would be possible running in Normal mode. Then a program could issue the SETMAX-SET PASSWORD command. At the moment there's no program running under GNU/Linux capable of doing that. Of course this is possibly less secure: it's (theoretically) possible that other (rogue) programs get hold of that password.