In addition to system and admin passwords, HDD password adds a security layer to the systems to prevent unauthorized access to the HDD(s). If HDD password is set, then system generates the HDD password prompt and verifies the HDD password during boot.
UEFI BIOS supports Secure Erase feature in order to provide more security to the data stored in HDD. If this feature is enabled on your HDD, Secure Erase wipes all data from the hard disk when it is unlocked using the master password. While setting HDD password, system prompts to enable the support for a Secure Erase feature.
Figure 1: Internal HDD-1 Password
After clicking on 'yes', system again prompts for confirmation of enabling the support for a Secure Erase feature
Figure 2: Security Erase
Master HDD Password
Master HDD password is used to clear the HDD password in case HDD password is set but unknown. The master HDD password is very secure password generated by Dell using secure algorithms involving the HDD serial number. Master HDD password can be entered at the HDD password prompt using CTRL-Enter. Master HDD Passwords are only given on a needed basis to customers and others
Configuring HDD passwordYou can set, modify and clear HDD password using Dell Command | PowerShell Provider (DCPP). You can also verify whether the system has HDD password set, Secure Erase feature support, etc using HDDInfo. To know about installing and configuring Dell Command | PowerShell Provider module on your system, refer Download and Installation section in user guide. To download the user guide, click here.
To get this information using Dell Command | PowerShell provider, run the following command:
Get-Item -Path DellSmbios:\Security\HDDInfo | Select -ExpandProperty CurrentValue
Figure 3: ExpandProperty CurrentValue
In the image above, no password is set for both hard disks and other fields are also showing "no".
Setting HDD Password
HDD password contains minimum 1 and maximum 32 characters. To set the password, use the following command:
Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd"
Figure 4: SecureErase Supported
As we can see from image above, pending restart for both the hard disks is showing "Yes". Restart the system to apply the changes. After restart system prompts during boot as shown below.
Figure 5: Dell Security Manager
To apply the change or to configure the HDD password, click Modify. Click Ignore to cancel the changes. The system prompts for each hard disk separately. If you click Modify, HDDInfo displays the information as shown in the image below.
Figure 6: SecureEraseEnabled
If admin password is set,
Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -Password "$AdminPwd"
If system password is set,
Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -Password "$SystemPwd"
Modifying/Clearing HDD Password
To modify HDD password, run the following command:
Set-Item -Path DellSmbios:\Security\HDDPassword "$NewHDDPwd" -Password "$OldHDDPwd"
To clear HDD password, run the following command:
Set-Item -Path DellSmbios:\Security\HDDPassword "" -Password "$OldHDDPwd"
Additional Parameters of HDD password
Dell Command | PowerShell Provider supports two additional parameters to configure HDD password.
Provide Admin password by using "AdminPassword" parameter if administrator has restricted the changes to HDD password.
To provide this parameter, run the following command:
Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -AdminPassword "$AdminPwd"
Provide value to this parameter either as '0' or '1'. To configure HHD password in a in a maximum security mode (Secure Erase), provide value as '1' to this parameter.
To provide this parameter, run the following command.
Set-Item -Path DellSmbios:\Security\HDDPassword "$HDDPwd" -ATAMaximumSecurityMode "1"
Figure 7: Path Dellsmbios
Article ID: SLN312179
Last Date Modified: 08/17/2018 10:16 AM
Thank you for your feedback.