ThinkWiki - User contributions [en]

Talk:Hidden Protected Area

2007-07-24T23:13:54Z

Pebolle: Span File Header checksum

There is conflicting information on this page. In the introductory paragraph it says "The HPA was introduced with the R/T/X 40 series of ThinkPads." But on the bottom the X3x models are also linked as having this technology. What is right? --[[User:Rolf|Rolf]] 12:30, 19 October 2006 (CEST)

Also I know an R50e machine, that has Rescue and Recovery on a Compaq Diagnostics partition. So it shouldn't be listed either on the bottom of the page. I'm just not too sure, if I understand those technologies correctly, so I hesitate to remove it.

==Removing item "Accessing the HPA from Linux"==
I've checked the fwdir code (http://colimit.googlepages.com/fwdir.zip). This code works on a Hidden Partition (is that the same as a R and R or yet another Predesktop variant?). This code can not work with real HPAs.

I suggest we remove this section in an week or so (or move it to the discussion section) unless further info regarding those Hidden Partition is provided.

[[User:Pebolle|Paul Bolle]] 01:08, 4 January 2007 (CET)

The fwdir page is quite clear that it does '''not''' access HPAs, but rather hidden partitions. I don't know if an HPA and a phoenix HP partition have the same internal layout (they could, and it would make sense; a partition does not have to contain a filesystem, it could contain an HPA image just as easily). Also, I have no idea if IBM ships the HPA as unpartitioned area, or as a hidden partition...

If you know the answer to the two implied questions above, you know what to do.

--[[User:Hmh|hmh]] 03:22, 5 January 2007 (CET)

==FirstWare Image Backup span file format==
FWBACKUP creates an image set (a set of span files) of a Phoenix FirstWare HPA. FWRESTOR uses these span files to restore an HPA beckup image. (See the Predesktop Area white paper for usage information for FWBACKUP and FWRESTOR.) The format of a span file is straightforward.

Each span file consists of a plain (not compressed, not encrypted) copy of a number of (512 byte) sectors of the HPA. It is preceded by a 512 byte header.

The format of this 512 byte header is:
bytes description
0- 7 magic ("fwbackup")
8- 9 1 (LSB first) # version number?
10- 11 span file number, one based (LSB first)
12- 13 number of span files in image set (LSB first)
14- 17 number of sectors in span file (LSB first)
18- 21 number of sectors in image set (LSB first)
22- 25 last sector of HPA on the original hard drive, zero based (LSB first)
26- 29 first sector of HPA on the original hard drive, zero based (LSB first)
30- 37 unused
38- 53 checksum
54-511 unused

Only bytes 10-11, 14-17 and 38-53 are unique for each span file. All other bytes of the header should be equal for all span files in an image set.

This magic entry for {{cmdresult|file(1)}} can be used to identify the files part of an Phoenix FirstWare HPA backup image file set:
# File magic for Phoenix FirstWare HPA backup image
0 string fwbackup FirstWare HPA backup image
# >8 leshort # x , version %d ???
>26 lelong x (first disk sector of HPA: %d,
>22 lelong x last disk sector of HPA: %d)
>14 lelong x %d of
>18 lelong x %d image sectors
>10 leshort x (span file %d
>12 leshort x of %d)

[[User:Pebolle|Paul Bolle]] 11:27, 7 January 2007 (CET)

==Span File Header checksum==
Each FirstWare Image Backup span file has a 16 byte checksum in its header. This checksum is a md5sum derivative. It is calculated over the backup image in that span file (i.e. everything following the header). It differs from a md5sum in two (minor and related) aspects. (I'll describe it here using the well known md5 implementation of Colin Plumb, which one can find easily with a Google Code Search.) Those differences are:
-in MD5Transform you'll have to "swap" (0->3, 1->2, 2->1, 3->0) all 4 byte "in" values for all 64 invocations of MD5STEP;
- in MD5Final you'll have to also "swap" both "bit lenghts" (again 4 bytes long) that are used just before the final call of MD5Transform.

These are trivial differences. Discovering these was absolutely non-trivial!

Mail me if you'd like some code (in c).

[[User:Pebolle|Paul Bolle]] 23:13, 24 July 2007 (UTC)

== Migrating the HPA to a new hard drive (Windows) ==

The white paper referred to in the article describes a procedure for moving the HPA when upgrading the hard drive. The HPA partition can't be simply cloned because critical jump instructions used by the BIOS directly address sectors on the HDD, and thus depend on the drive geometry. (Therefore, migration to an identical replacement drive should be possible by cloning, but not to a larger drive).

The procedure involves running the system restore program residing on the HPA, interrupting it by using the (otherwise undocumented) F3 key, and copying FWBACKUP and FWRESTOR programs to a floppy disk. This may work on A series systems with internal floppy drives (with UltraBay 2000 or UltraBay Plus), but it doesn't seem to work for USB floppy drives, which are the only kind available for the R series (which has the UltraBay Enhanced internal drive, for which no FDD devices have been made available). The BIOS does recognize USB devices, and they are visible while running the system restore program, but any attempt to write to these devices fails (I've tried this with a USB floppy and a USB flash drive).

Does anyone have any suggestions for a work around? If not, I see no way to save the backup of the original system configuration when upgrading the hard drive on the R50p or similar machines. [[User:Slowthinker|Slowthinker]] 21:15, 23 July 2007 (UTC)

----

I succesfully used the method Fabrice Bellet described. It's elaborate. Send me an email if you'd like further guidance.

[[User:Pebolle|Paul Bolle]] 22:50, 24 July 2007 (UTC)

Talk:Hidden Protected Area

2007-07-24T22:51:10Z

Pebolle: It really is a checksum

There is conflicting information on this page. In the introductory paragraph it says "The HPA was introduced with the R/T/X 40 series of ThinkPads." But on the bottom the X3x models are also linked as having this technology. What is right? --[[User:Rolf|Rolf]] 12:30, 19 October 2006 (CEST)

Also I know an R50e machine, that has Rescue and Recovery on a Compaq Diagnostics partition. So it shouldn't be listed either on the bottom of the page. I'm just not too sure, if I understand those technologies correctly, so I hesitate to remove it.

==Removing item "Accessing the HPA from Linux"==
I've checked the fwdir code (http://colimit.googlepages.com/fwdir.zip). This code works on a Hidden Partition (is that the same as a R and R or yet another Predesktop variant?). This code can not work with real HPAs.

I suggest we remove this section in an week or so (or move it to the discussion section) unless further info regarding those Hidden Partition is provided.

[[User:Pebolle|Paul Bolle]] 01:08, 4 January 2007 (CET)

The fwdir page is quite clear that it does '''not''' access HPAs, but rather hidden partitions. I don't know if an HPA and a phoenix HP partition have the same internal layout (they could, and it would make sense; a partition does not have to contain a filesystem, it could contain an HPA image just as easily). Also, I have no idea if IBM ships the HPA as unpartitioned area, or as a hidden partition...

If you know the answer to the two implied questions above, you know what to do.

--[[User:Hmh|hmh]] 03:22, 5 January 2007 (CET)

==FirstWare Image Backup span file format==
FWBACKUP creates an image set (a set of span files) of a Phoenix FirstWare HPA. FWRESTOR uses these span files to restore an HPA beckup image. (See the Predesktop Area white paper for usage information for FWBACKUP and FWRESTOR.) The format of a span file is straightforward.

Each span file consists of a plain (not compressed, not encrypted) copy of a number of (512 byte) sectors of the HPA. It is preceded by a 512 byte header.

The format of this 512 byte header is:
bytes description
0- 7 magic ("fwbackup")
8- 9 1 (LSB first) # version number?
10- 11 span file number, one based (LSB first)
12- 13 number of span files in image set (LSB first)
14- 17 number of sectors in span file (LSB first)
18- 21 number of sectors in image set (LSB first)
22- 25 last sector of HPA on the original hard drive, zero based (LSB first)
26- 29 first sector of HPA on the original hard drive, zero based (LSB first)
30- 37 unused
38- 53 checksum
54-511 unused

Only bytes 10-11, 14-17 and 38-53 are unique for each span file. All other bytes of the header should be equal for all span files in an image set.

This magic entry for {{cmdresult|file(1)}} can be used to identify the files part of an Phoenix FirstWare HPA backup image file set:
# File magic for Phoenix FirstWare HPA backup image
0 string fwbackup FirstWare HPA backup image
# >8 leshort # x , version %d ???
>26 lelong x (first disk sector of HPA: %d,
>22 lelong x last disk sector of HPA: %d)
>14 lelong x %d of
>18 lelong x %d image sectors
>10 leshort x (span file %d
>12 leshort x of %d)

[[User:Pebolle|Paul Bolle]] 11:27, 7 January 2007 (CET)

== Migrating the HPA to a new hard drive (Windows) ==

The white paper referred to in the article describes a procedure for moving the HPA when upgrading the hard drive. The HPA partition can't be simply cloned because critical jump instructions used by the BIOS directly address sectors on the HDD, and thus depend on the drive geometry. (Therefore, migration to an identical replacement drive should be possible by cloning, but not to a larger drive).

The procedure involves running the system restore program residing on the HPA, interrupting it by using the (otherwise undocumented) F3 key, and copying FWBACKUP and FWRESTOR programs to a floppy disk. This may work on A series systems with internal floppy drives (with UltraBay 2000 or UltraBay Plus), but it doesn't seem to work for USB floppy drives, which are the only kind available for the R series (which has the UltraBay Enhanced internal drive, for which no FDD devices have been made available). The BIOS does recognize USB devices, and they are visible while running the system restore program, but any attempt to write to these devices fails (I've tried this with a USB floppy and a USB flash drive).

Does anyone have any suggestions for a work around? If not, I see no way to save the backup of the original system configuration when upgrading the hard drive on the R50p or similar machines. [[User:Slowthinker|Slowthinker]] 21:15, 23 July 2007 (UTC)

----

I succesfully used the method Fabrice Bellet described. It's elaborate. Send me an email if you'd like further guidance.

[[User:Pebolle|Paul Bolle]] 22:50, 24 July 2007 (UTC)

Talk:Hidden Protected Area

2007-07-24T22:50:23Z

Pebolle: Rplying to Migrating the HPA ...

There is conflicting information on this page. In the introductory paragraph it says "The HPA was introduced with the R/T/X 40 series of ThinkPads." But on the bottom the X3x models are also linked as having this technology. What is right? --[[User:Rolf|Rolf]] 12:30, 19 October 2006 (CEST)

Also I know an R50e machine, that has Rescue and Recovery on a Compaq Diagnostics partition. So it shouldn't be listed either on the bottom of the page. I'm just not too sure, if I understand those technologies correctly, so I hesitate to remove it.

==Removing item "Accessing the HPA from Linux"==
I've checked the fwdir code (http://colimit.googlepages.com/fwdir.zip). This code works on a Hidden Partition (is that the same as a R and R or yet another Predesktop variant?). This code can not work with real HPAs.

I suggest we remove this section in an week or so (or move it to the discussion section) unless further info regarding those Hidden Partition is provided.

[[User:Pebolle|Paul Bolle]] 01:08, 4 January 2007 (CET)

The fwdir page is quite clear that it does '''not''' access HPAs, but rather hidden partitions. I don't know if an HPA and a phoenix HP partition have the same internal layout (they could, and it would make sense; a partition does not have to contain a filesystem, it could contain an HPA image just as easily). Also, I have no idea if IBM ships the HPA as unpartitioned area, or as a hidden partition...

If you know the answer to the two implied questions above, you know what to do.

--[[User:Hmh|hmh]] 03:22, 5 January 2007 (CET)

==FirstWare Image Backup span file format==
FWBACKUP creates an image set (a set of span files) of a Phoenix FirstWare HPA. FWRESTOR uses these span files to restore an HPA beckup image. (See the Predesktop Area white paper for usage information for FWBACKUP and FWRESTOR.) The format of a span file is straightforward.

Each span file consists of a plain (not compressed, not encrypted) copy of a number of (512 byte) sectors of the HPA. It is preceded by a 512 byte header.

The format of this 512 byte header is:
bytes description
0- 7 magic ("fwbackup")
8- 9 1 (LSB first) # version number?
10- 11 span file number, one based (LSB first)
12- 13 number of span files in image set (LSB first)
14- 17 number of sectors in span file (LSB first)
18- 21 number of sectors in image set (LSB first)
22- 25 last sector of HPA on the original hard drive, zero based (LSB first)
26- 29 first sector of HPA on the original hard drive, zero based (LSB first)
30- 37 unused
38- 53 checksum # MD5? checksum of what exactly?
54-511 unused

Only bytes 10-11, 14-17 and 38-53 are unique for each span file. All other bytes of the header should be equal for all span files in an image set.

This magic entry for {{cmdresult|file(1)}} can be used to identify the files part of an Phoenix FirstWare HPA backup image file set:
# File magic for Phoenix FirstWare HPA backup image
0 string fwbackup FirstWare HPA backup image
# >8 leshort # x , version %d ???
>26 lelong x (first disk sector of HPA: %d,
>22 lelong x last disk sector of HPA: %d)
>14 lelong x %d of
>18 lelong x %d image sectors
>10 leshort x (span file %d
>12 leshort x of %d)

[[User:Pebolle|Paul Bolle]] 11:27, 7 January 2007 (CET)

== Migrating the HPA to a new hard drive (Windows) ==

The white paper referred to in the article describes a procedure for moving the HPA when upgrading the hard drive. The HPA partition can't be simply cloned because critical jump instructions used by the BIOS directly address sectors on the HDD, and thus depend on the drive geometry. (Therefore, migration to an identical replacement drive should be possible by cloning, but not to a larger drive).

The procedure involves running the system restore program residing on the HPA, interrupting it by using the (otherwise undocumented) F3 key, and copying FWBACKUP and FWRESTOR programs to a floppy disk. This may work on A series systems with internal floppy drives (with UltraBay 2000 or UltraBay Plus), but it doesn't seem to work for USB floppy drives, which are the only kind available for the R series (which has the UltraBay Enhanced internal drive, for which no FDD devices have been made available). The BIOS does recognize USB devices, and they are visible while running the system restore program, but any attempt to write to these devices fails (I've tried this with a USB floppy and a USB flash drive).

Does anyone have any suggestions for a work around? If not, I see no way to save the backup of the original system configuration when upgrading the hard drive on the R50p or similar machines. [[User:Slowthinker|Slowthinker]] 21:15, 23 July 2007 (UTC)

----

I succesfully used the method Fabrice Bellet described. It's elaborate. Send me an email if you'd like further guidance.

[[User:Pebolle|Paul Bolle]] 22:50, 24 July 2007 (UTC)

Talk:Predesktop Area

2007-02-26T09:25:44Z

Pebolle: typo and linkify

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005
----
Update: a quick test with the current development version of grub2 (grub-1.93) showed that grub2 can chainload a block outside the partitioned area
"out of the box". That's nice. I still haven't been able to get passed the error messages generated by the boot sectors of the bootable PSAs. My guess is the BIOS provides those boot sectors with some (special) settings that grub doesn't use ...

[[User:Pebolle|Paul Bolle]] 00:40, 5 April 2006 (CEST)
----
GRUB cannot be expected to (chain)load the Predesktop Area. When showing the Predesktop Area the BIOS runs in a special mode (more specifically: using some very specific interrupts, behaving differently under normal circumstances). So this seems to be not something to merit further investigation.

[[User:Pebolle|Paul Bolle]] 19:01, 11 June 2006 (CEST)
----
Hey there - I hope to be welcome here to since I've no ThinkPad but an Samsung X20 notebook. This notebook uses also the HPA for some kind of a predesktop area - a linux
based multimedia system called "AVStation Now" which is hidden there. I used dd to dump the hpa and read the BEER table to find out what is hidden inside.

What I found out:

*the first partition (ext3) contains the rootfilesystem (funny, cause they use libdvdcss for dvd playback)

*the second partition (ext3) contained a /boot partition with a special kernel with the possibility to mount this partition (seems they use a special liloversion for booting)

*the third partition (fat?) - some html files - the firstware menu

*and at last a fourth partition i was unable to mount

[http://www.christophmueller.org/stuff/beerdump.html A dump of my BEER ;-)]

Does someone know weather it would be possible mounting souch an hpapartition without using dd - maybe kernelsupport for the BEER? - since im nither a C nor a kernelhacker im unable to continue, but there must be some kind of support cause this multimediasystem knows howto handle it.

If you need some more information you could send me an email to christoph_at_christophmueller.org

[[User:Christophmueller.org|Christoph MÃ¼ller]]
----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005
----
OK, roughly two years later I finally found the courage to really mess with the BEER in my T41. Copied the BEER and the few related sections at the end of /dev/hda (using dd), analyzed those (I have some unreleased code to parse the BEER and the DOS stuff) _hand edited_ the BEER to "remove" the OS backup data, checked again, and copied the new BEER etc. to /dev/hda (using dd again, extremely tricky!). That worked like a charm: my new HPA is now about 3G smaller. No complaints whatsoever (even when booting my T41 is "secure" mode).

So, I can't really reproduce Tims problems.

[[User:Pebolle|Paul Bolle]] 01:24, 4 January 2007 (CET)

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

In 2.6.11, I was able to re-enable HPA by commenting out the section in drivers/ide/ide-disk.c under the comment "Some maxtor support LBA48 but not accept LBA48 set max...". I suppose that wouldn't be a good idea with a Maxtor drive but it worked fine for my R50.

--[[User:Rkilian|Robert Kilian]] 21:13, 22 March 2006 (CET)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Current release is hpafs-0.1.0 (24 February 2007, alpha, developers only). It can be found at http://home.tiscali.nl/pebolle/code/hpafs .

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

{{cmdresult|$ sudo hpafs /dev/hda /mnt/hpa -o allow_other<br/>
$ ll /mnt/hpa/<br/>
total 0<br/>
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes<br/>
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot<br/>
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data<br/>
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics<br/>
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT}}

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

{{cmdresult|$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp<br/>
$ ll /mnt/tmp/<br/>
total 1454<br/>
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin<br/>
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 country<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork<br/>
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery<br/>}}

Check the [http://home.tiscali.nl/pebolle/code/hpafs/README README] for further information.

[[User:Pebolle|Paul Bolle]] 14:12, 24 February 2007 (CET)

Hidden Protected Area

2007-02-24T15:20:54Z

Pebolle: reletated to FIXME just resolved

Predesktop Area

2007-02-24T15:19:28Z

Pebolle: Resolve FIXME

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;white-space:nowrap;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
=== The Predesktop Area ===
Predesktop Area is the name used for two different technologies: [[Hidden Protected Area| Hidden Protected Area]] and [[Rescue and Recovery | Rescue and Recovery]].
</div>
|}
== Hidden Protected Area ==
The [[Hidden Protected Area]] is a special area on your harddisk that can be hidden to the software running on your ThinkPad. It includes all the software and data needed to recover the preloaded state of the ThinkPad. The HPA also includes some diagnostic tools and a (MS Windows only) backup tool. The Hidden Protected Area was introduced with the R40, T40 and X30 series of ThinkPads. Current ThinkPads do not have Hidden Protected Areas.

== Rescue and Recovery ==
Recent ThinkPads are shipped with the [[Rescue and Recovery]] technology. That technology uses a (hidden) partition for recovery of the preloaded state and diagnostic tools.

[[Category:Glossary]]

Hidden Protected Area

2007-02-24T14:22:07Z

Pebolle: hpafs-0.1.0.tgz

Hidden Protected Area

2007-02-24T13:42:03Z

Pebolle: Removeed, as discussed in Talk:. hpafs can now be used to access a real HPA

Hidden Protected Area

2007-02-24T13:40:22Z

Pebolle: hpafs-0.1.0

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
=== The Hidden Protected Area ===
The Hidden Protected Area (also known as the Host Protected Area) is a special area (usually a few gigabytes in size) located at the end of a hard disk. It is preinstalled on the harddisks of some ThinkPads. It is normally hidden to the software running on your ThinkPad. It includes all the software and data needed to recover the preloaded state of the ThinkPad. The HPA also includes some diagnostic tools and a (MS Windows only) backup tool.

The HPA was introduced with the R/T/X 40 series of ThinkPads. It is refered to as the Predesktop Area in the BIOS Setup Utility. Recent ThinkPads can have a (hidden) partition that is also called [[Predesktop Area|Predesktop Area]] in the BIOS Setup Utility. That (hidden) partition is not an HPA. More information can be found in [[Rescue and Recovery | Rescue and Recovery]],
</div>
|style="vertical-align:top;padding-right:10px;width:10px;white-space:nowrap;" | [[Image:hpa.jpg|IBM PreDesktop Area]]
|}

==General information about the HPA==
As opposed to [[Rescue and Recovery|Recovery Partitions]], Protected Service Areas (PSAs) such as the HPA are (let's say) images of partitions written to the end of a harddisk. They are only accessible through their BEER. The general idea is that, under control of the BIOS, the PSAs are totally hidden from all ordinary software, including malware (viruses, trojans, spyware). They are only accessible when permitted by the BIOS, and even then only through special HPA-aware tools. Under GNU/Linux they are only accessible with low level tools like dd.

The HPA is based on [http://www.phoenix.com/en/Products/Trusted+Applications/Phoenix+FirstWare/default.htm Phoenix FirstWare]. FirstWare is (in short) an implementation of two technologies: BEER and PARTIES. (Yes, those names are correct!) BEER (Boot Engineering Extension Record) and PARTIES (Protected Area Run Time Interface Extension Services) are described in [http://t13.org/Documents/UploadedDocuments/project/d1367r3-PARTIES.pdf this T13 working draft]. There is a more general introduction to PARTIES on the [http://www-1.ibm.com/support/docview.wss?rs=0&uid=psg1MIGR-51248&loc=en_US IBM site]. FirstWare depends on certain [http://en.wikipedia.org/wiki/Advanced_Technology_Attachment#ATA_standards_versions.2C_transfer_rates.2C_and_features ATA-5] commands, so it won't work with lower ATA level (earlier) drives or even with all ATA-5 drives. Unfortunately, there is no public HPA compatibility tester or list of compatible drives.

Basically, what's going on is that the Phoenix BIOS commands the drive to hide the last few gigabytes of the hard disk (the HPA). The to non-HPA aware software, the drive appears to have a smaller size. Note that this is just a setting in the BIOS and can be disabled. The HPA can be accessed by pressing {{ibmkey|Access IBM|#495988}} or {{key|Enter}} at boot time. The BIOS will then parse the BEER (128 bytes, situated in the last sector of 512 bytes of the harddisk) and the "Directory of Services" (consisting of directory entries of 64 bytes each, starting in the last sector and spilling over into the previous sectors) to see what part of the HPA should be launched. In (most?) ThinkPads the BEER tells the BIOS to launch the Access IBM Predesktop Area. The system will then actually be booting into a (minimal) DOS environment which is able to launch a graphical shell (called Phoenix FirstSight). IBM has simply rebranded this graphical shell to the Access IBM Predesktop Area. From this graphical shell one can launch several tools (BIOS Setup Utility, diagnostic tools, recovery tools).

==Three BIOS options==
The BIOS has three settings for the "IBM Predesktop Area" (in the Security category):
*Secure: No user or SW-initiated changes; Contents hidden from OS
*Normal: Change allowed; Contents hidden from OS
*Disabled: Not Usable; Visible and Reclaimable

Normal is the default setting. One can boot into the Predesktop Area when either Secure or Normal is set. When Disabled is set the Predesktop Area will not boot. According to the [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper] the HPA is both "locked"{{footnote|1}} and "hidden" when Secure is set and only "hidden" when normal is set. In practice the result seems to be that the HPA is totally unavailable to the Linux kernel (and therefore all applications) when Secure is set. (The HPA should be unavailable in "Secure mode" for all operating systems, MS Windows included.) One would expect the HPA to be only accessable to HPA aware tools when Normal is set. However, recent kernels disable the HPA by default when Normal is set. Note that [http://marc.theaimsgroup.com/?l=linux-ide&w=2&r=1&s=Host+protected+area&q=b recent threads on linux-ide] suggest that the ThinkPad will reenable the HPA on resume and thus causing (possibly serious) conflicts with the GNU/Linux system (that assumes the HPA is still available).

With Disabled you should be able to safely reclaim the area used by the HPA (to GNU/Linux it basically is unallocated space on the harddisk).

==Details of the HPA==
Fabrice Bellet describes a [http://bellet.info/laptop/t40.html#the_predesktop_area technique he used] to explore the HPA of his ThinkPad T40, using GNU/Linux tools. This technique is only for the more curious or more careless people. It uses "dd" to copy the sectors on the harddisk containing the HPA from "/dev/hda" to a new file: when using "dd" on "/dev/hda" you are only one small typo away from an unrecoverable disaster!

Another option is the [http://home.tiscali.nl/pebolle/code/hpafs Hidden Protected Area FileSystem], a read-only [http://fuse.sf.net FUSE] (Filesystem in USErspace). hpafs allows to analyze, backup, etc. the HPA. The current release is hpafs-0.1.0 (alpha, developers only). Check the [http://home.tiscali.nl/pebolle/code/hpafs/README README] for further details.

==Accessing the HPA from Linux==
While Fabrice Bellet's method, described in the previous section, works in many cases, it has some serious flaws. The most important one -- is that each PSA has to be formated (i.e. has to posses a filesystem), and the size this filesystem has to be equal to the size of the PSA. If the HPA has some sort of a swap partition, or the filesystem size is a few megabytes less than the PSA's size, then we will not be able to find any following PSA(s).

A more systematic approach would be just to use the BEER record to find the exact LBA addresses of all PSA(s). The idea is to use the [http://www.t13.org/project/d1367r3-PARTIES.pdf T13 working draft] of the BEER specs. There is some serious discussion on this matter going on in [[Talk:Predesktop_Area|Talk:Predesktop_Area]], but so far they didn't release any code to the public. As an interim solution, we can use a free open-source [http://colimit.googlepages.com clone of the Phoenix utility fwdir]. If we first disable the "IBM Predesktop Area" in BIOS (which, essentially, sends appropriate SETMAX command to the harddrive), then the whole harddrive will be accessible from the userspace. Now, if we run fwdir, a typical output of this utility would look like
<div>
# ID Name 1st Sector Sectors Sec Icon Flag

0 0000h FirstWare Reserved Area 234231736 204800 0 00h 03h
1 0001h CONSOLE 234170510 61226 0 FCh 01h
2 0140h Recover Pro 234088523 81987 0 00h 01h
3 0104h Factory Restore 234085638 2885 0 03h 03h
4 0120h RADA Data 234020102 65536 0 00h 02h
5 0108h Factory Data 230026502 3993600 0 00h 02h
6 0141h Recover Pro Records 229616902 409600 0 00h 02h
</div>
Once we know all the LBA addresses of the first sectors of all PSA(s) and their sizes, we can extract any particular PSA. E.g. the "Factory Data" PSA in this example can be extracted with
<div>
dd if=/dev/hda of=/tmp/FacDat.img skip=230026502 count=3993600
</div>
But if we are only interested in the contents of this PSA partition, there is no need to extract it to a file and later mount it through a loop-device. It can be done right away with
<div>
mount /dev/hda /mnt/fwdata -t vfat -o ro,offset=`expr 512 "*" 230026502`
</div>
Of course, there is no way to know in advance which particular filesystem each PSA has (if any). This still has to be found by trial and error (because "mount -t auto" does not always work). In the above example, the "CONSOLE" PSA is formated in ext2.

==How to reclaim the HPA==
After disabling the "IBM Predesktop Area" (with the BIOS option "Disabled", see above) it's possible to reclaim the area used by the HPA. Then one can include that area in a partition with standard tools (i.e. fdisk, mkfs) as it will be treated just as regular free space of the hard disk.

==Alternative uses?==
It might be possible to use the FirstWare tools included in the HPA to make the HPA more useful for GNU/Linux purposes. For instance, the copy of the preloaded OS could be replaced with an emergency backup of your GNU/Linux distribution. Maybe the Predesktop area could be even used to boot into a GNU/Linux rescue system. Whether the Phoenix proprietary tools really allow alternative uses and whether those tools do not make it too hard to accomplish those cannot yet be said. It seems realistic to assume that the benefits of those alternative uses aren't worth the effort to accomplish them. Still, it might be fun (altough possibly hazardous to your system) to try ...

==Problems caused by the HPA==
As of Linux 2.6.18, having a HPA may cause errors when resuming the laptop from suspend-to-RAM or suspend-to-disk. See the section called "SectorIdNotFound disk errors when laptop is resumed" in [[Problems with ACPI suspend-to-ram | ACPI suspend problems]].

==External Sources==
*[http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper]
*[http://www-3.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46025 Predesktop Aministrator Utility (DOS)]
*[http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+INCITS+346-2001 Protected Area Run Time Interface Extension Services (PARTIES) ANSI INCITS 346-2001 ($30)]
*[http://t13.org/Documents/UploadedDocuments/project/d1367r3-PARTIES.pdf The latest free draft of ANSI INCITS 346-2001 (BEER specs)]
*[http://www.phoenix.com/NR/rdonlyres/7465D3CF-B0E3-4F64-9122-47D9C83028D0/0/cme_firstware_wp.pdf Phoenix FirstWare White Paper]
*[http://www.win.tue.nl/~aeb/linux/Large-Disk-11.html Section 11 of the Large Disk HOWTO (Clipped disks)]

==Models featuring this Technology==
*ThinkPad {{R40}}, {{R40e}}, {{R50}}, {{R50e}}, {{R50p}}, {{R51}}, {{R52}}
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
*ThinkPad {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}
*ThinkPad {{Z61m}}

{{footnotes|
# Presumably by having the BIOS use the SET MAX security extension. The BIOS seems to set a password for the HPA at boot (using the SETMAX-SET PASSWORD command) and after that use that password to issue a SETMAX-LOCK command. Since the password is unknown (and most likely changes at every Secure boot) the HPA is inaccessable to all programs running on the ThinkPad.<BR><BR>Something similar would be possible running in Normal mode. Then a program could issue the SETMAX-SET PASSWORD command. At the moment there's no program running under GNU/Linux capable of doing that. Of course this is possibly less secure: it's (theoretically) possible that other (rogue) programs get hold of that password.
}}

[[Category:Glossary]]

Talk:Predesktop Area

2007-02-24T13:12:24Z

Pebolle: hpafs-0.1.0 "released"

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005
----
Update: a quick test with the current development version of grub2 (grub-1.93) showed that grub2 can chainload a block outside the partitioned area
"out of the box". That's nice. I still haven't been able to get passed the error messages generated by the boot sectors of the bootable PSAs. My guess is the BIOS provides those boot sectors with some (special) settings that grub doesn't use ...

[[User:Pebolle|Paul Bolle]] 00:40, 5 April 2006 (CEST)
----
GRUB cannot be expected to (chain)load the Predesktop Area. When showing the Predesktop Area the BIOS runs in a special mode (more specifically: using some very specific interrupts, behaving differently under normal circumstances). So this seems to be not something to merit further investigation.

[[User:Pebolle|Paul Bolle]] 19:01, 11 June 2006 (CEST)
----
Hey there - I hope to be welcome here to since I've no ThinkPad but an Samsung X20 notebook. This notebook uses also the HPA for some kind of a predesktop area - a linux
based multimedia system called "AVStation Now" which is hidden there. I used dd to dump the hpa and read the BEER table to find out what is hidden inside.

What I found out:

*the first partition (ext3) contains the rootfilesystem (funny, cause they use libdvdcss for dvd playback)

*the second partition (ext3) contained a /boot partition with a special kernel with the possibility to mount this partition (seems they use a special liloversion for booting)

*the third partition (fat?) - some html files - the firstware menu

*and at last a fourth partition i was unable to mount

[http://www.christophmueller.org/stuff/beerdump.html A dump of my BEER ;-)]

Does someone know weather it would be possible mounting souch an hpapartition without using dd - maybe kernelsupport for the BEER? - since im nither a C nor a kernelhacker im unable to continue, but there must be some kind of support cause this multimediasystem knows howto handle it.

If you need some more information you could send me an email to christoph_at_christophmueller.org

[[User:Christophmueller.org|Christoph MÃ¼ller]]
----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005
----
OK, roughly two years later I finally found the courage to really mess with the BEER in my T41. Copied the BEER and the few related sections at the end of /dev/hda (using dd), analyzed those (I have some unreleased code to parse the BEER and the DOS stuff) _hand edited_ the BEER to "remove" the OS backup data, checked again, and copied the new BEER etc. to /dev/hda (using dd again, extremely tricky!). That worked like a charm: my new HPA is now about 3G smaller. No complaints whatsoever (even when booting my T41 is "secure" mode).

So, I can't really reproduce Tims problems.

[[User:Pebolle|Paul Bolle]] 01:24, 4 January 2007 (CET)

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

In 2.6.11, I was able to re-enable HPA by commenting out the section in drivers/ide/ide-disk.c under the comment "Some maxtor support LBA48 but not accept LBA48 set max...". I suppose that wouldn't be a good idea with a Maxtor drive but it worked fine for my R50.

--[[User:Rkilian|Robert Kilian]] 21:13, 22 March 2006 (CET)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Current release is hpafs-0.1.0 (24 Febraury 2007, alpha, developers only). It can be found at http://home.tiscali.nl/pebolle/code/hpafs .

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

{{cmdresult|$ sudo hpafs /dev/hda /mnt/hpa -o allow_other<br/>
$ ll /mnt/hpa/<br/>
total 0<br/>
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes<br/>
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot<br/>
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data<br/>
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics<br/>
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT}}

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

{{cmdresult|$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp<br/>
$ ll /mnt/tmp/<br/>
total 1454<br/>
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin<br/>
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 country<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork<br/>
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery<br/>}}

Check the README for further information.

[[User:Pebolle|Paul Bolle]] 14:12, 24 February 2007 (CET)

Talk:Hidden Protected Area

2007-01-07T10:27:39Z

Pebolle: Description of the files of a FirstWare HPA backup image file set

Talk:Predesktop Area

2007-01-04T00:24:22Z

Pebolle: managed to _hand edit_ a live BEER!

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005
----
Update: a quick test with the current development version of grub2 (grub-1.93) showed that grub2 can chainload a block outside the partitioned area
"out of the box". That's nice. I still haven't been able to get passed the error messages generated by the boot sectors of the bootable PSAs. My guess is the BIOS provides those boot sectors with some (special) settings that grub doesn't use ...

[[User:Pebolle|Paul Bolle]] 00:40, 5 April 2006 (CEST)
----
GRUB cannot be expected to (chain)load the Predesktop Area. When showing the Predesktop Area the BIOS runs in a special mode (more specifically: using some very specific interrupts, behaving differently under normal circumstances). So this seems to be not something to merit further investigation.

[[User:Pebolle|Paul Bolle]] 19:01, 11 June 2006 (CEST)
----
Hey there - I hope to be welcome here to since I've no ThinkPad but an Samsung X20 notebook. This notebook uses also the HPA for some kind of a predesktop area - a linux
based multimedia system called "AVStation Now" which is hidden there. I used dd to dump the hpa and read the BEER table to find out what is hidden inside.

What I found out:

*the first partition (ext3) contains the rootfilesystem (funny, cause they use libdvdcss for dvd playback)

*the second partition (ext3) contained a /boot partition with a special kernel with the possibility to mount this partition (seems they use a special liloversion for booting)

*the third partition (fat?) - some html files - the firstware menu

*and at last a fourth partition i was unable to mount

[http://www.christophmueller.org/stuff/beerdump.html A dump of my BEER ;-)]

Does someone know weather it would be possible mounting souch an hpapartition without using dd - maybe kernelsupport for the BEER? - since im nither a C nor a kernelhacker im unable to continue, but there must be some kind of support cause this multimediasystem knows howto handle it.

If you need some more information you could send me an email to christoph_at_christophmueller.org

[[User:Christophmueller.org|Christoph MÃ¼ller]]
----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005
----
OK, roughly two years later I finally found the courage to really mess with the BEER in my T41. Copied the BEER and the few related sections at the end of /dev/hda (using dd), analyzed those (I have some unreleased code to parse the BEER and the DOS stuff) _hand edited_ the BEER to "remove" the OS backup data, checked again, and copied the new BEER etc. to /dev/hda (using dd again, extremely tricky!). That worked like a charm: my new HPA is now about 3G smaller. No complaints whatsoever (even when booting my T41 is "secure" mode).

So, I can't really reproduce Tims problems.

[[User:Pebolle|Paul Bolle]] 01:24, 4 January 2007 (CET)

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

In 2.6.11, I was able to re-enable HPA by commenting out the section in drivers/ide/ide-disk.c under the comment "Some maxtor support LBA48 but not accept LBA48 set max...". I suppose that wouldn't be a good idea with a Maxtor drive but it worked fine for my R50.

--[[User:Rkilian|Robert Kilian]] 21:13, 22 March 2006 (CET)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Alpha quality at best. Mail me if you'd like to test it, hack on it. Now about 1100 LOC. The binary is a mere 33 KB (this is with debugging symbols). Rather i386 centric.

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

{{cmdresult|$ sudo hpafs /dev/hda /mnt/hpa -o allow_other<br/>
$ ll /mnt/hpa/<br/>
total 0<br/>
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes<br/>
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot<br/>
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data<br/>
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics<br/>
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT}}

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

{{cmdresult|$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp<br/>
$ ll /mnt/tmp/<br/>
total 1454<br/>
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin<br/>
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 country<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork<br/>
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery<br/>}}

To be continued ...

[[User:Pebolle|Paul Bolle]] 00:56, 2 March 2006 (CET)

Talk:Hidden Protected Area

2007-01-04T00:08:17Z

Pebolle: Re: 5 Accessing the HPA from Linux: was that really an HPA?

Hidden Protected Area

2007-01-03T23:50:31Z

Pebolle: updated t13 link (twice)

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
=== The Hidden Protected Area ===
The Hidden Protected Area (also known as the Host Protected Area) is a special area (usually a few gigabytes in size) located at the end of a hard disk. It is preinstalled on the harddisks of some ThinkPads. It is normally hidden to the software running on your ThinkPad. It includes all the software and data needed to recover the preloaded state of the ThinkPad. The HPA also includes some diagnostic tools and a (MS Windows only) backup tool.

The HPA was introduced with the R/T/X 40 series of ThinkPads. It is refered to as the Predesktop Area in the BIOS Setup Utility. Recent ThinkPads can have a (hidden) partition that is also called [[Predesktop Area|Predesktop Area]] in the BIOS Setup Utility. That (hidden) partition is not an HPA. More information can be found in [[Rescue and Recovery | Rescue and Recovery]],
</div>
|style="vertical-align:top;padding-right:10px;width:10px;white-space:nowrap;" | [[Image:hpa.jpg|IBM PreDesktop Area]]
|}

==General information about the HPA==
As opposed to [[Rescue and Recovery|Recovery Partitions]], Protected Service Areas (PSAs) such as the HPA are (let's say) images of partitions written to the end of a harddisk. They are only accessible through their BEER. The general idea is that, under control of the BIOS, the PSAs are totally hidden from all ordinary software, including malware (viruses, trojans, spyware). They are only accessible when permitted by the BIOS, and even then only through special HPA-aware tools. Under GNU/Linux they are only accessible with low level tools like dd.

The HPA is based on [http://www.phoenix.com/en/Products/Trusted+Applications/Phoenix+FirstWare/default.htm Phoenix FirstWare]. FirstWare is (in short) an implementation of two technologies: BEER and PARTIES. (Yes, those names are correct!) BEER (Boot Engineering Extension Record) and PARTIES (Protected Area Run Time Interface Extension Services) are described in [http://t13.org/Documents/UploadedDocuments/project/d1367r3-PARTIES.pdf this T13 working draft]. There is a more general introduction to PARTIES on the [http://www-1.ibm.com/support/docview.wss?rs=0&uid=psg1MIGR-51248&loc=en_US IBM site]. FirstWare depends on certain [http://en.wikipedia.org/wiki/Advanced_Technology_Attachment#ATA_standards_versions.2C_transfer_rates.2C_and_features ATA-5] commands, so it won't work with lower ATA level (earlier) drives or even with all ATA-5 drives. Unfortunately, there is no public HPA compatibility tester or list of compatible drives.

Basically, what's going on is that the Phoenix BIOS commands the drive to hide the last few gigabytes of the hard disk (the HPA). The to non-HPA aware software, the drive appears to have a smaller size. Note that this is just a setting in the BIOS and can be disabled. The HPA can be accessed by pressing {{ibmkey|Access IBM|#495988}} or {{key|Enter}} at boot time. The BIOS will then parse the BEER (128 bytes, situated in the last sector of 512 bytes of the harddisk) and the "Directory of Services" (consisting of directory entries of 64 bytes each, starting in the last sector and spilling over into the previous sectors) to see what part of the HPA should be launched. In (most?) ThinkPads the BEER tells the BIOS to launch the Access IBM Predesktop Area. The system will then actually be booting into a (minimal) DOS environment which is able to launch a graphical shell (called Phoenix FirstSight). IBM has simply rebranded this graphical shell to the Access IBM Predesktop Area. From this graphical shell one can launch several tools (BIOS Setup Utility, diagnostic tools, recovery tools).

==Three BIOS options==
The BIOS has three settings for the "IBM Predesktop Area" (in the Security category):
*Secure: No user or SW-initiated changes; Contents hidden from OS
*Normal: Change allowed; Contents hidden from OS
*Disabled: Not Usable; Visible and Reclaimable

Normal is the default setting. One can boot into the Predesktop Area when either Secure or Normal is set. When Disabled is set the Predesktop Area will not boot. According to the [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper] the HPA is both "locked"{{footnote|1}} and "hidden" when Secure is set and only "hidden" when normal is set. In practice the result seems to be that the HPA is totally unavailable to the Linux kernel (and therefore all applications) when Secure is set. (The HPA should be unavailable in "Secure mode" for all operating systems, MS Windows included.) One would expect the HPA to be only accessable to HPA aware tools when Normal is set. However, recent kernels disable the HPA by default when Normal is set. Note that [http://marc.theaimsgroup.com/?l=linux-ide&w=2&r=1&s=Host+protected+area&q=b recent threads on linux-ide] suggest that the ThinkPad will reenable the HPA on resume and thus causing (possibly serious) conflicts with the GNU/Linux system (that assumes the HPA is still available).

With Disabled you should be able to safely reclaim the area used by the HPA (to GNU/Linux it basically is unallocated space on the harddisk).

==Details of the HPA==
Fabrice Bellet describes a [http://bellet.info/laptop/t40.html#the_predesktop_area technique he used] to explore the HPA of his ThinkPad T40, using GNU/Linux tools. This technique is only for the more curious or more careless people. It uses "dd" to copy the sectors on the harddisk containing the HPA from "/dev/hda" to a new file: when using "dd" on "/dev/hda" you are only one small typo away from an unrecoverable disaster!

Here follows a more detailed description of the HPA on a ThinkPad T41 (60 GB harddisk) to contrast his findings.

On this ThinkPad T41 the HPA is 3,4 GB in size. It contains 8 consecutive PSAs (Protected Service Areas). Six of those start with an x86 boot sector.

* The first PSA is 3,2 GB in size. The OEM-ID of the boot sector is: "IBM 7.1". It seems to hold a copy of the preloaded OS and everything needed to generate a bootable DVD-ROM for it, even an El Torito boot image and a boot catalog: see [[Backing up the preloaded OS]].

* The second PSA is exactly 2 MB in size. According to its entry in the Directory of Service it's the "BIOSWORKAREA".

* The third PSA is only 7,4 MB in size. The OEM-ID of the boot sector is: "MSWIN4.1". It seems to be an image of a 1,44 MB bootable floppy disk (with MS DOS) and a directory containig 6 MB of FirstWare tools. It will be launched by the "Recover to factory contents" tool of the Predesktop Area. Those "factory contents" should be the data on the first PSA.

* The fourth PSA is only 1,4 MB in size. The OEM-ID of the boot sector is: "IBM 7.1". It too seems to be an image of a (sort of) 1,44 MB bootable floppy disk. It will be launched by the "Restore your backups" tool of the Predesktop Area.

* The fifth PSA is again 7,4 MB in size. The OEM-ID of the boot sector is: "IBM 7.0". It will be launched by the "Run diagnostics" tool of the Predesktop Area.

* The sixth PSA is also 7,4 MB in size and the OEM-ID of the boot sector also is: "IBM 7.0". It will be launched by the "Create diagnostic disks" tool of the Predesktop Area. It contains a copy of a (sort of) bootable 1,44 MB floppy disk, some tools and compressed copies of the diagnostic disks.

* The seventh PSA is only 1,4 MB in size. The OEM-ID of the boot sector is "PHOENIX". It seems to be a copy of a (sort of) 1.44 MB bootable floppy disk too and only contains a (minimal) DOS and the FirstSight application. Basically, this is the Access IBM Predesktop Area.

* The eigth PSA is 101 MB in size. It doesn't have a boot sector. It contains the FirstWare Reserved Area. That probably is some sort of swap space for the FirstWare system.

==Accessing the HPA from Linux==
While Fabrice Bellet's method, described in the previous section, works in many cases, it has some serious flaws. The most important one -- is that each PSA has to be formated (i.e. has to posses a filesystem), and the size this filesystem has to be equal to the size of the PSA. If the HPA has some sort of a swap partition, or the filesystem size is a few megabytes less than the PSA's size, then we will not be able to find any following PSA(s).

A more systematic approach would be just to use the BEER record to find the exact LBA addresses of all PSA(s). The idea is to use the [http://www.t13.org/project/d1367r3-PARTIES.pdf T13 working draft] of the BEER specs. There is some serious discussion on this matter going on in [[Talk:Predesktop_Area|Talk:Predesktop_Area]], but so far they didn't release any code to the public. As an interim solution, we can use a free open-source [http://colimit.googlepages.com clone of the Phoenix utility fwdir]. If we first disable the "IBM Predesktop Area" in BIOS (which, essentially, sends appropriate SETMAX command to the harddrive), then the whole harddrive will be accessible from the userspace. Now, if we run fwdir, a typical output of this utility would look like
<div>
# ID Name 1st Sector Sectors Sec Icon Flag

0 0000h FirstWare Reserved Area 234231736 204800 0 00h 03h
1 0001h CONSOLE 234170510 61226 0 FCh 01h
2 0140h Recover Pro 234088523 81987 0 00h 01h
3 0104h Factory Restore 234085638 2885 0 03h 03h
4 0120h RADA Data 234020102 65536 0 00h 02h
5 0108h Factory Data 230026502 3993600 0 00h 02h
6 0141h Recover Pro Records 229616902 409600 0 00h 02h
</div>
Once we know all the LBA addresses of the first sectors of all PSA(s) and their sizes, we can extract any particular PSA. E.g. the "Factory Data" PSA in this example can be extracted with
<div>
dd if=/dev/hda of=/tmp/FacDat.img skip=230026502 count=3993600
</div>
But if we are only interested in the contents of this PSA partition, there is no need to extract it to a file and later mount it through a loop-device. It can be done right away with
<div>
mount /dev/hda /mnt/fwdata -t vfat -o ro,offset=`expr 512 "*" 230026502`
</div>
Of course, there is no way to know in advance which particular filesystem each PSA has (if any). This still has to be found by trial and error (because "mount -t auto" does not always work). In the above example, the "CONSOLE" PSA is formated in ext2.

==How to reclaim the HPA==
After disabling the "IBM Predesktop Area" (with the BIOS option "Disabled", see above) it's possible to reclaim the area used by the HPA. Then one can include that area in a partition with standard tools (i.e. fdisk, mkfs) as it will be treated just as regular free space of the hard disk.

==Alternative uses?==
It might be possible to use the FirstWare tools included in the HPA to make the HPA more useful for GNU/Linux purposes. For instance, the copy of the preloaded OS could be replaced with an emergency backup of your GNU/Linux distribution. Maybe the Predesktop area could be even used to boot into a GNU/Linux rescue system. Whether the Phoenix proprietary tools really allow alternative uses and whether those tools do not make it too hard to accomplish those cannot yet be said. It seems realistic to assume that the benefits of those alternative uses aren't worth the effort to accomplish them. Still, it might be fun (altough possibly hazardous to your system) to try ...

==Problems caused by the HPA==
As of Linux 2.6.18, having a HPA may cause errors when resuming the laptop from suspend-to-RAM or suspend-to-disk. See the section called "SectorIdNotFound disk errors when laptop is resumed" in [[Problems with ACPI suspend-to-ram | ACPI suspend problems]].

==External Sources==
*[http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper]
*[http://www-3.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46025 Predesktop Aministrator Utility (DOS)]
*[http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+INCITS+346-2001 Protected Area Run Time Interface Extension Services (PARTIES) ANSI INCITS 346-2001 ($30)]
*[http://t13.org/Documents/UploadedDocuments/project/d1367r3-PARTIES.pdf The latest free draft of ANSI INCITS 346-2001 (BEER specs)]
*[http://www.phoenix.com/NR/rdonlyres/7465D3CF-B0E3-4F64-9122-47D9C83028D0/0/cme_firstware_wp.pdf Phoenix FirstWare White Paper]
*[http://www.win.tue.nl/~aeb/linux/Large-Disk-11.html Section 11 of the Large Disk HOWTO (Clipped disks)]

==Models featuring this Technology==
*ThinkPad {{R40}}, {{R40e}}, {{R50}}, {{R50e}}, {{R50p}}, {{R51}}, {{R52}}
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
*ThinkPad {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}
*ThinkPad {{Z61m}}

{{footnotes|
# Presumably by having the BIOS use the SET MAX security extension. The BIOS seems to set a password for the HPA at boot (using the SETMAX-SET PASSWORD command) and after that use that password to issue a SETMAX-LOCK command. Since the password is unknown (and most likely changes at every Secure boot) the HPA is inaccessable to all programs running on the ThinkPad.<BR><BR>Something similar would be possible running in Normal mode. Then a program could issue the SETMAX-SET PASSWORD command. At the moment there's no program running under GNU/Linux capable of doing that. Of course this is possibly less secure: it's (theoretically) possible that other (rogue) programs get hold of that password.
}}

[[Category:Glossary]]

Hidden Protected Area

2007-01-03T23:44:53Z

Pebolle: Using Predesktop Area here is rather confusing

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
=== The Hidden Protected Area ===
The Hidden Protected Area (also known as the Host Protected Area) is a special area (usually a few gigabytes in size) located at the end of a hard disk. It is preinstalled on the harddisks of some ThinkPads. It is normally hidden to the software running on your ThinkPad. It includes all the software and data needed to recover the preloaded state of the ThinkPad. The HPA also includes some diagnostic tools and a (MS Windows only) backup tool.

The HPA was introduced with the R/T/X 40 series of ThinkPads. It is refered to as the Predesktop Area in the BIOS Setup Utility. Recent ThinkPads can have a (hidden) partition that is also called [[Predesktop Area|Predesktop Area]] in the BIOS Setup Utility. That (hidden) partition is not an HPA. More information can be found in [[Rescue and Recovery | Rescue and Recovery]],
</div>
|style="vertical-align:top;padding-right:10px;width:10px;white-space:nowrap;" | [[Image:hpa.jpg|IBM PreDesktop Area]]
|}

==General information about the HPA==
As opposed to [[Rescue and Recovery|Recovery Partitions]], Protected Service Areas (PSAs) such as the HPA are (let's say) images of partitions written to the end of a harddisk. They are only accessible through their BEER. The general idea is that, under control of the BIOS, the PSAs are totally hidden from all ordinary software, including malware (viruses, trojans, spyware). They are only accessible when permitted by the BIOS, and even then only through special HPA-aware tools. Under GNU/Linux they are only accessible with low level tools like dd.

The HPA is based on [http://www.phoenix.com/en/Products/Trusted+Applications/Phoenix+FirstWare/default.htm Phoenix FirstWare]. FirstWare is (in short) an implementation of two technologies: BEER and PARTIES. (Yes, those names are correct!) BEER (Boot Engineering Extension Record) and PARTIES (Protected Area Run Time Interface Extension Services) are described in [http://www.t13.org/project/d1367r3-PARTIES.pdf this T13 working draft]. There is a more general introduction to PARTIES on the [http://www-1.ibm.com/support/docview.wss?rs=0&uid=psg1MIGR-51248&loc=en_US IBM site]. FirstWare depends on certain [http://en.wikipedia.org/wiki/Advanced_Technology_Attachment#ATA_standards_versions.2C_transfer_rates.2C_and_features ATA-5] commands, so it won't work with lower ATA level (earlier) drives or even with all ATA-5 drives. Unfortunately, there is no public HPA compatibility tester or list of compatible drives.

Basically, what's going on is that the Phoenix BIOS commands the drive to hide the last few gigabytes of the hard disk (the HPA). The to non-HPA aware software, the drive appears to have a smaller size. Note that this is just a setting in the BIOS and can be disabled. The HPA can be accessed by pressing {{ibmkey|Access IBM|#495988}} or {{key|Enter}} at boot time. The BIOS will then parse the BEER (128 bytes, situated in the last sector of 512 bytes of the harddisk) and the "Directory of Services" (consisting of directory entries of 64 bytes each, starting in the last sector and spilling over into the previous sectors) to see what part of the HPA should be launched. In (most?) ThinkPads the BEER tells the BIOS to launch the Access IBM Predesktop Area. The system will then actually be booting into a (minimal) DOS environment which is able to launch a graphical shell (called Phoenix FirstSight). IBM has simply rebranded this graphical shell to the Access IBM Predesktop Area. From this graphical shell one can launch several tools (BIOS Setup Utility, diagnostic tools, recovery tools).

==Three BIOS options==
The BIOS has three settings for the "IBM Predesktop Area" (in the Security category):
*Secure: No user or SW-initiated changes; Contents hidden from OS
*Normal: Change allowed; Contents hidden from OS
*Disabled: Not Usable; Visible and Reclaimable

Normal is the default setting. One can boot into the Predesktop Area when either Secure or Normal is set. When Disabled is set the Predesktop Area will not boot. According to the [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper] the HPA is both "locked"{{footnote|1}} and "hidden" when Secure is set and only "hidden" when normal is set. In practice the result seems to be that the HPA is totally unavailable to the Linux kernel (and therefore all applications) when Secure is set. (The HPA should be unavailable in "Secure mode" for all operating systems, MS Windows included.) One would expect the HPA to be only accessable to HPA aware tools when Normal is set. However, recent kernels disable the HPA by default when Normal is set. Note that [http://marc.theaimsgroup.com/?l=linux-ide&w=2&r=1&s=Host+protected+area&q=b recent threads on linux-ide] suggest that the ThinkPad will reenable the HPA on resume and thus causing (possibly serious) conflicts with the GNU/Linux system (that assumes the HPA is still available).

With Disabled you should be able to safely reclaim the area used by the HPA (to GNU/Linux it basically is unallocated space on the harddisk).

==Details of the HPA==
Fabrice Bellet describes a [http://bellet.info/laptop/t40.html#the_predesktop_area technique he used] to explore the HPA of his ThinkPad T40, using GNU/Linux tools. This technique is only for the more curious or more careless people. It uses "dd" to copy the sectors on the harddisk containing the HPA from "/dev/hda" to a new file: when using "dd" on "/dev/hda" you are only one small typo away from an unrecoverable disaster!

Here follows a more detailed description of the HPA on a ThinkPad T41 (60 GB harddisk) to contrast his findings.

On this ThinkPad T41 the HPA is 3,4 GB in size. It contains 8 consecutive PSAs (Protected Service Areas). Six of those start with an x86 boot sector.

* The first PSA is 3,2 GB in size. The OEM-ID of the boot sector is: "IBM 7.1". It seems to hold a copy of the preloaded OS and everything needed to generate a bootable DVD-ROM for it, even an El Torito boot image and a boot catalog: see [[Backing up the preloaded OS]].

* The second PSA is exactly 2 MB in size. According to its entry in the Directory of Service it's the "BIOSWORKAREA".

* The third PSA is only 7,4 MB in size. The OEM-ID of the boot sector is: "MSWIN4.1". It seems to be an image of a 1,44 MB bootable floppy disk (with MS DOS) and a directory containig 6 MB of FirstWare tools. It will be launched by the "Recover to factory contents" tool of the Predesktop Area. Those "factory contents" should be the data on the first PSA.

* The fourth PSA is only 1,4 MB in size. The OEM-ID of the boot sector is: "IBM 7.1". It too seems to be an image of a (sort of) 1,44 MB bootable floppy disk. It will be launched by the "Restore your backups" tool of the Predesktop Area.

* The fifth PSA is again 7,4 MB in size. The OEM-ID of the boot sector is: "IBM 7.0". It will be launched by the "Run diagnostics" tool of the Predesktop Area.

* The sixth PSA is also 7,4 MB in size and the OEM-ID of the boot sector also is: "IBM 7.0". It will be launched by the "Create diagnostic disks" tool of the Predesktop Area. It contains a copy of a (sort of) bootable 1,44 MB floppy disk, some tools and compressed copies of the diagnostic disks.

* The seventh PSA is only 1,4 MB in size. The OEM-ID of the boot sector is "PHOENIX". It seems to be a copy of a (sort of) 1.44 MB bootable floppy disk too and only contains a (minimal) DOS and the FirstSight application. Basically, this is the Access IBM Predesktop Area.

* The eigth PSA is 101 MB in size. It doesn't have a boot sector. It contains the FirstWare Reserved Area. That probably is some sort of swap space for the FirstWare system.

==Accessing the HPA from Linux==
While Fabrice Bellet's method, described in the previous section, works in many cases, it has some serious flaws. The most important one -- is that each PSA has to be formated (i.e. has to posses a filesystem), and the size this filesystem has to be equal to the size of the PSA. If the HPA has some sort of a swap partition, or the filesystem size is a few megabytes less than the PSA's size, then we will not be able to find any following PSA(s).

A more systematic approach would be just to use the BEER record to find the exact LBA addresses of all PSA(s). The idea is to use the [http://www.t13.org/project/d1367r3-PARTIES.pdf T13 working draft] of the BEER specs. There is some serious discussion on this matter going on in [[Talk:Predesktop_Area|Talk:Predesktop_Area]], but so far they didn't release any code to the public. As an interim solution, we can use a free open-source [http://colimit.googlepages.com clone of the Phoenix utility fwdir]. If we first disable the "IBM Predesktop Area" in BIOS (which, essentially, sends appropriate SETMAX command to the harddrive), then the whole harddrive will be accessible from the userspace. Now, if we run fwdir, a typical output of this utility would look like
<div>
# ID Name 1st Sector Sectors Sec Icon Flag

0 0000h FirstWare Reserved Area 234231736 204800 0 00h 03h
1 0001h CONSOLE 234170510 61226 0 FCh 01h
2 0140h Recover Pro 234088523 81987 0 00h 01h
3 0104h Factory Restore 234085638 2885 0 03h 03h
4 0120h RADA Data 234020102 65536 0 00h 02h
5 0108h Factory Data 230026502 3993600 0 00h 02h
6 0141h Recover Pro Records 229616902 409600 0 00h 02h
</div>
Once we know all the LBA addresses of the first sectors of all PSA(s) and their sizes, we can extract any particular PSA. E.g. the "Factory Data" PSA in this example can be extracted with
<div>
dd if=/dev/hda of=/tmp/FacDat.img skip=230026502 count=3993600
</div>
But if we are only interested in the contents of this PSA partition, there is no need to extract it to a file and later mount it through a loop-device. It can be done right away with
<div>
mount /dev/hda /mnt/fwdata -t vfat -o ro,offset=`expr 512 "*" 230026502`
</div>
Of course, there is no way to know in advance which particular filesystem each PSA has (if any). This still has to be found by trial and error (because "mount -t auto" does not always work). In the above example, the "CONSOLE" PSA is formated in ext2.

==How to reclaim the HPA==
After disabling the "IBM Predesktop Area" (with the BIOS option "Disabled", see above) it's possible to reclaim the area used by the HPA. Then one can include that area in a partition with standard tools (i.e. fdisk, mkfs) as it will be treated just as regular free space of the hard disk.

==Alternative uses?==
It might be possible to use the FirstWare tools included in the HPA to make the HPA more useful for GNU/Linux purposes. For instance, the copy of the preloaded OS could be replaced with an emergency backup of your GNU/Linux distribution. Maybe the Predesktop area could be even used to boot into a GNU/Linux rescue system. Whether the Phoenix proprietary tools really allow alternative uses and whether those tools do not make it too hard to accomplish those cannot yet be said. It seems realistic to assume that the benefits of those alternative uses aren't worth the effort to accomplish them. Still, it might be fun (altough possibly hazardous to your system) to try ...

==Problems caused by the HPA==
As of Linux 2.6.18, having a HPA may cause errors when resuming the laptop from suspend-to-RAM or suspend-to-disk. See the section called "SectorIdNotFound disk errors when laptop is resumed" in [[Problems with ACPI suspend-to-ram | ACPI suspend problems]].

==External Sources==
*[http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46023 Predesktop Area white paper]
*[http://www-3.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46025 Predesktop Aministrator Utility (DOS)]
*[http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+INCITS+346-2001 Protected Area Run Time Interface Extension Services (PARTIES) ANSI INCITS 346-2001 ($30)]
*[http://www.t13.org/project/d1367r3-PARTIES.pdf The latest free draft of ANSI INCITS 346-2001 (BEER specs)]
*[http://www.phoenix.com/NR/rdonlyres/7465D3CF-B0E3-4F64-9122-47D9C83028D0/0/cme_firstware_wp.pdf Phoenix FirstWare White Paper]
*[http://www.win.tue.nl/~aeb/linux/Large-Disk-11.html Section 11 of the Large Disk HOWTO (Clipped disks)]

==Models featuring this Technology==
*ThinkPad {{R40}}, {{R40e}}, {{R50}}, {{R50e}}, {{R50p}}, {{R51}}, {{R52}}
*ThinkPad {{T40}}, {{T40p}}, {{T41}}, {{T41p}}, {{T42}}, {{T42p}}, {{T43}}, {{T43p}}
*ThinkPad {{X31}}, {{X32}}, {{X40}}, {{X41}}, {{X41T}}
*ThinkPad {{Z61m}}

{{footnotes|
# Presumably by having the BIOS use the SET MAX security extension. The BIOS seems to set a password for the HPA at boot (using the SETMAX-SET PASSWORD command) and after that use that password to issue a SETMAX-LOCK command. Since the password is unknown (and most likely changes at every Secure boot) the HPA is inaccessable to all programs running on the ThinkPad.<BR><BR>Something similar would be possible running in Normal mode. Then a program could issue the SETMAX-SET PASSWORD command. At the moment there's no program running under GNU/Linux capable of doing that. Of course this is possibly less secure: it's (theoretically) possible that other (rogue) programs get hold of that password.
}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T21:21:35Z

Pebolle: third try

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Only tinker with the MBR and the Rescue and Recovery partition if you know what you're doing. Mistakes can leave the system unbootable and can make it very difficult to retrieve the data on the harddisk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to launch the Rescue and Recovery application by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, also preserving the Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
{{Fixme|name of this boot manager needed}}
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue and Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T21:15:38Z

Pebolle: oops

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Only tinker with the MBR and the Rescue and Recovery partition if you know what you're doing. Mistakes can leave the system unbootable and can make it very difficult to retrieve the data on the harddisk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to launch the Rescue and Recovery application by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, also preserving the Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
{{FIXME|name of this boot manager needed}}
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue and Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T21:13:16Z

Pebolle: Name of the old boot manager?

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Only tinker with the MBR and the Rescue and Recovery partition if you know what you're doing. Mistakes can leave the system unbootable and can make it very difficult to retrieve the data on the harddisk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to launch the Rescue and Recovery application by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, also preserving the Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
{{Fixme:name of this boot manager needed}}
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue and Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T21:10:53Z

Pebolle: s/&/and/

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Only tinker with the MBR and the Rescue and Recovery partition if you know what you're doing. Mistakes can leave the system unbootable and can make it very difficult to retrieve the data on the harddisk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to launch the Rescue and Recovery application by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, also preserving the Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue and Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T21:08:51Z

Pebolle: typo; clarifications

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Only tinker with the MBR and the Rescue and Recovery partition if you know what you're doing. Mistakes can leave the system unbootable and can make it very difficult to retrieve the data on the harddisk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to launch the Rescue and Recovery application by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, also preserving the Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T21:05:42Z

Pebolle: stylistic

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Only tinker with the MBR and the Rescue and Recovery partition if you know what you're doing. Mistakes can leave the system unbootable and can make it very difficult to retrieve the data on the harddisk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to launch the Rescue and Recovery application by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T21:04:09Z

Pebolle: Tone down the warning

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Only tinker with the MBR and the Rescue and Recovery partition if you know what you're doing. Mistakes can leave the system unbootable and can make it very difficult to retrieve the data on the harddisk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T20:58:41Z

Pebolle: oops; previoes edit was minor too

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T20:57:48Z

Pebolle:

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it could look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry could now look like this:
title Windows
root (hd0,0)h
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T20:53:53Z

Pebolle: Further clarifications and stylistic issues

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and launch the Rescue and Recovery application in that case
*before launching the Rescue and Recovery application at system boot, the default bootloader changes the partition type of the Rescue and Recovery partiton to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the Rescue and Recovery application assumes that the first partition contains Windows
*the Rescue and Recovery partition needs to be of type 0x0b (FAT32) otherwise the default bootloader will not launch the Rescue and Recovery application

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

IBM provides a program to manage the Rescue and Recovery bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the MBR if it was written by another bootloader.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to launch the Rescue and Recovery application. However if you leave the type of the Rescue and Recovery partition to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to launch it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the Rescue and Recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your Rescue and Recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the Rescue and Recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T20:40:59Z

Pebolle: As far as I know "sharadware" is not reallu authorative

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default bootloader changes its partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

The IBM provides a program to manage the R&R bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the R&R MBR if it was overwritten.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to boot the Rescue and Recovery partition. However if you leave its partition's type to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to boot it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T20:39:40Z

Pebolle: 0x1c is "hidden FAT32, LBA-mapped" according to Andries Brouwer (google for it)

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default bootloader changes its partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

The IBM provides a program to manage the R&R bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the R&R MBR if it was overwritten.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to boot the Rescue and Recovery partition. However if you leave its partition's type to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to boot it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, LBA-mapped (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T20:35:01Z

Pebolle: various clarfications etc.

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB have written it. The following is the case:
*the default bootloader seems to ignore the active bit and always boots the first partition instead
*the default bootloader contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default bootloader changes its partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Since neither LILO nor GRUB catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

The IBM provides a program to manage the R&R bootloader. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the R&R MBR if it was overwritten.

===MBR written by GRUB===
If the MBR was written by GRUB you can still use GRUB to boot the Rescue and Recovery partition. However if you leave its partition's type to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to boot it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

Also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active. This will leave the MBR untouched.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink the Windows partition. In that case the Windows bootloader can be used to boot Windows and Linux, preserving teh Rescue and Recovery functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this boot partition as active.

===Using NTLDR to boot Linux===
It is possible to configure the Windows bootloader to also boot Linux (installed on separate partition). This allows to preserve the Rescue and Recovery functionality at system boot (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick and dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-06-28T20:17:14Z

Pebolle: Revert last edit for various reasons. Maybe this can be resubmit as "Talk" for this page.

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB has been installed in it as the following is the case:
*the default MBR seems to ignore the active bit and always boots the first partition instead
*the default MBR contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default MBR changes its partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Since neither LILO nor GRUB can catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

The IBM provides a program to manage the R&R MBR. It is located in {{path|C:\Program Files\IBM ThinkVantage\Common\BMGR}}. It can select the partition to boot, and also allows for rewriting the R&R MBR if it was overwritten.

===GRUB in the MBR===
You can, however, boot the Rescue and Recovery partition from within a GRUB residing in your MBR. However if you leave its partition's type to 0x12 (Compaq diagnostics), this will result in an error message "c000021a, Fatal System Error" if you try to boot it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partition's entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

We also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we don't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

Now you should be able to boot the R&R partition from within GRUB, residing in your MBR.

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one. In most recent Linux distributions - for example Ubuntu - it is not easy to create /boot as first partition and shrink Windows partition. In such case Windows XP bootloader can be used to boot Windows and Linux, preserving Access IBM functionality. See below.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distribution's installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this partition as active. Leave the MBR alone.

===Using NTLDR to boot Linux===
It is possible to use Windows XP bootloader to boot also Linux installed on separate partition. This allows to preserve Access IBM functionality (as MBR is not modified), Windows XP (booted via its native bootloader) and Linux (booted from its own partition by Windows XP bootloader). A quick & dirty howto, regarding applying this procedure to Ubuntu Dapper Drake installation can be found [http://http://gawrysiak.org/corvus/?p=4 here].

==Older versions of Rescue and Recovery==
Some Thinkpads (e.g., T23 and T30) do not come with a Recovery CD, but also do not support the [[Hidden Protected Area]]. These ThinkPads have an older version of Rescue and Recovery preloaded on the hard disk to implement the factory recovery function. Most of the comments above also apply to the older versions, with the following differences:
*The recovery partition type is 0x1c, hidden FAT32, (or 0xc when unhidden).
*The boot manager program is in {{path|C:\IBMTOOLS\RECOVERY}} and only runs in a 16-bit DOS environment
*The IBM Predesktop area runs atop of Windows 98 (command-line) instead of WinPE

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBM page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T23}}, {{T30}} (R&R 2.0)
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Talk:Predesktop Area

2006-06-11T17:01:58Z

Pebolle: GRUB won't work ..

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005
----
Update: a quick test with the current development version of grub2 (grub-1.93) showed that grub2 can chainload a block outside the partitioned area
"out of the box". That's nice. I still haven't been able to get passed the error messages generated by the boot sectors of the bootable PSAs. My guess is the BIOS provides those boot sectors with some (special) settings that grub doesn't use ...

[[User:Pebolle|Paul Bolle]] 00:40, 5 April 2006 (CEST)
----
GRUB cannot be expected to (chain)load the Predesktop Area. When showing the Predesktop Area the BIOS runs in a special mode (more specifically: using some very specific interrupts, behaving differently under normal circumstances). So this seems to be not something to merit further investigation.

[[User:Pebolle|Paul Bolle]] 19:01, 11 June 2006 (CEST)
----
Hey there - I hope to be welcome here to since I've no ThinkPad but an Samsung X20 notebook. This notebook uses also the HPA for some kind of a predesktop area - a linux
based multimedia system called "AVStation Now" which is hidden there. I used dd to dump the hpa and read the BEER table to find out what is hidden inside.

What I found out:

*the first partition (ext3) contains the rootfilesystem (funny, cause they use libdvdcss for dvd playback)

*the second partition (ext3) contained a /boot partition with a special kernel with the possibility to mount this partition (seems they use a special liloversion for booting)

*the third partition (fat?) - some html files - the firstware menu

*and at last a fourth partition i was unable to mount

[http://www.christophmueller.org/stuff/beerdump.html A dump of my BEER ;-)]

Does someone know weather it would be possible mounting souch an hpapartition without using dd - maybe kernelsupport for the BEER? - since im nither a C nor a kernelhacker im unable to continue, but there must be some kind of support cause this multimediasystem knows howto handle it.

If you need some more information you could send me an email to christoph_at_christophmueller.org

[[User:Christophmueller.org|Christoph MÃ¼ller]]
----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

In 2.6.11, I was able to re-enable HPA by commenting out the section in drivers/ide/ide-disk.c under the comment "Some maxtor support LBA48 but not accept LBA48 set max...". I suppose that wouldn't be a good idea with a Maxtor drive but it worked fine for my R50.

--[[User:Rkilian|Robert Kilian]] 21:13, 22 March 2006 (CET)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Alpha quality at best. Mail me if you'd like to test it, hack on it. Now about 1100 LOC. The binary is a mere 33 KB (this is with debugging symbols). Rather i386 centric.

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

{{cmdresult|$ sudo hpafs /dev/hda /mnt/hpa -o allow_other<br/>
$ ll /mnt/hpa/<br/>
total 0<br/>
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes<br/>
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot<br/>
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data<br/>
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics<br/>
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT}}

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

{{cmdresult|$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp<br/>
$ ll /mnt/tmp/<br/>
total 1454<br/>
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin<br/>
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 country<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork<br/>
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery<br/>}}

To be continued ...

[[User:Pebolle|Paul Bolle]] 00:56, 2 March 2006 (CET)

Talk:Predesktop Area

2006-06-11T16:48:44Z

Pebolle: minor reorganization of comments

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005
----
Update: a quick test with the current development version of grub2 (grub-1.93) showed that grub2 can chainload a block outside the partitioned area
"out of the box". That's nice. I still haven't been able to get passed the error messages generated by the boot sectors of the bootable PSAs. My guess is the BIOS provides those boot sectors with some (special) settings that grub doesn't use ...

[[User:Pebolle|Paul Bolle]] 00:40, 5 April 2006 (CEST)
----
Hey there - I hope to be welcome here to since I've no ThinkPad but an Samsung X20 notebook. This notebook uses also the HPA for some kind of a predesktop area - a linux
based multimedia system called "AVStation Now" which is hidden there. I used dd to dump the hpa and read the BEER table to find out what is hidden inside.

What I found out:

*the first partition (ext3) contains the rootfilesystem (funny, cause they use libdvdcss for dvd playback)

*the second partition (ext3) contained a /boot partition with a special kernel with the possibility to mount this partition (seems they use a special liloversion for booting)

*the third partition (fat?) - some html files - the firstware menu

*and at last a fourth partition i was unable to mount

[http://www.christophmueller.org/stuff/beerdump.html A dump of my BEER ;-)]

Does someone know weather it would be possible mounting souch an hpapartition without using dd - maybe kernelsupport for the BEER? - since im nither a C nor a kernelhacker im unable to continue, but there must be some kind of support cause this multimediasystem knows howto handle it.

If you need some more information you could send me an email to christoph_at_christophmueller.org

[[User:Christophmueller.org|Christoph MÃ¼ller]]
----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

In 2.6.11, I was able to re-enable HPA by commenting out the section in drivers/ide/ide-disk.c under the comment "Some maxtor support LBA48 but not accept LBA48 set max...". I suppose that wouldn't be a good idea with a Maxtor drive but it worked fine for my R50.

--[[User:Rkilian|Robert Kilian]] 21:13, 22 March 2006 (CET)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Alpha quality at best. Mail me if you'd like to test it, hack on it. Now about 1100 LOC. The binary is a mere 33 KB (this is with debugging symbols). Rather i386 centric.

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

{{cmdresult|$ sudo hpafs /dev/hda /mnt/hpa -o allow_other<br/>
$ ll /mnt/hpa/<br/>
total 0<br/>
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes<br/>
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot<br/>
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data<br/>
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics<br/>
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT}}

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

{{cmdresult|$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp<br/>
$ ll /mnt/tmp/<br/>
total 1454<br/>
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin<br/>
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 country<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork<br/>
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery<br/>}}

To be continued ...

[[User:Pebolle|Paul Bolle]] 00:56, 2 March 2006 (CET)

Talk:How to get special keys to work

2006-04-05T20:46:45Z

Pebolle: DIY Firefox 1.5 xpi

__TOC__

The xmodmap step doesn't seem to work when using the "kdb" driver of xorg. Here are the changes I needed to make to my setup to get the "back" and "forward" keys to work (in diff -u format);

--- xkb/symbols/inet.oud 2004-12-01 08:36:04.000000000 +0100
+++ xkb/symbols/inet 2005-03-08 19:59:32.587636120 +0100
@@ -1875,6 +1875,16 @@
key <I76> { [ XF86AudioLowerVolume ] };
};

+// IBM ThinkPad 41 Internet Keys
+
+partial alphanumeric_keys
+xkb_symbols "tp41" {
+ name[Group1]= "IBM ThinkPad 41 Internet Keys";
+
+ key <I69> { [ F22 ] };
+ key <I6A> { [ F21 ] };
+};
+
// Trust

partial alphanumeric_keys<br>

--- xkb/rules/xorg.lst.oud 2004-12-01 08:36:05.000000000 +0100
+++ xkb/rules/xorg.lst 2005-03-07 20:55:21.000000000 +0100
@@ -97,6 +97,7 @@
sven SVEN Ergonomic 2500
symplon Symplon PaceBook (tablet PC)
toshiba_s3000 Toshiba Satellite S3000
+ tp41 IBM ThinkPad 41 Internet Keys
trust Trust Wireless Keyboard Classic
trustda Trust Direct Access Keyboard
yahoo Yahoo! Internet Keyboard

--- xkb/rules/xorg.oud 2004-12-01 08:36:05.000000000 +0100
+++ xkb/rules/xorg 2005-03-07 20:45:59.000000000 +0100
@@ -120,7 +120,7 @@
qtronix \
samsung4500 samsung4510 \
sk1300 sk2500 sk6200 sk7100 \
- sven symplon toshiba_s3000 trust trustda yahoo
+ sven symplon toshiba_s3000 tp41 trust trustda yahoo

! model = symbols
$inetkbds = +inet(%m)

--- xkb/rules/xorg.xml.oud 2004-12-01 08:36:05.000000000 +0100
+++ xkb/rules/xorg.xml 2005-03-07 20:52:35.000000000 +0100
@@ -975,6 +975,13 @@
</model>
<model>
<configItem>
+ <name>tp41</name>
+ <description>IBM Thinkpad 41 Internet Keys</description>
+ <description xml:lang="nl">IBM ThinkPad 41 internet toetsen</description>
+ </configItem>
+ </model>
+ <model>
+ <configItem>
<name>trust</name>
<description>Trust Wireless Keyboard Classic</description>
<description xml:lang="fr">clavier classique Trust Wireless</description>

Do not forget to add something like "+inet(tp41)" to /etc/X11/xorg.conf:
(...)
Option "XkbLayout" "us_intl+inet(tp41)"
(...)

== Not T41 specific ==

These keys are hardly T41 specific, they can also be found on the T30, T40, T42 and I'm sure several other ThinkPads in the X, R and G lineup.

Actually, the above patches could be completed with the information of the other special keys found on some Thinkpads (which is listed in [[How_to_get_special_keys_to_work#xmodmap_configuration]]) and submitted as a request for enhancement with [http://bugs.freedesktop.org xorg's bugzilla]. However, firefox doesn't yet recognize keysyms like XF86Back, XF86Forward, so then firefox still needs to be patched manually (unless an enhancement is requested for firefox too).

== Fake ACPI events? ==

Not all keys generate ACPI events. Maybe it is feasible to have the ibm-acpi module check the CMOS (instead of having tpb checking /dev/nvram) and generate fake ACPI events for those keys. Even if it is feasible, that is probably way to hacky for a kernel module ... Still, it would be nice to only have to use scripts triggered by ACPI events and not both scripts for ACPI events and scripts for tpb.

----
I think something like this is possible with ibm-acpi 0.10 already. It provides a proc file from which you can derive a table of CMOS states. You'd only have to figure the who is who of CMOS bits and write a daemon (or daemon like shell script) checking them regularly. This should be about what you suggest since tpb does the same thing with the bios ram. Of course generating ACPI events can not be done like that (or can it?), but you could trigger the ACPI action scripts directly then.

[[User:Wyrfel|Wyrfel]] 01:02, 14 Mar 2005 (CET)
----

It may be possible (I have a 770x, so don't have the special keys) to add the keys as real ACPI events, by altering the DSDT. I've done this to enable ACPI events for Fn-(every labelled F key),Home,End,PgUp,PgDn on mine, and they aren't labelled with anything physically (no thinklight and physical brightness control). The Embedded Controller reports all events, including keys, by calling one of the _Qxx functions (you'll find a whole pile in the sourcecode for the DSDT). If you then insert a fucntion in the same scope as the others like:-
Method (_Q12, 0, NotSerialized) { \_SB.HKEY.MHKQ (0x1003) } //Fn-F3
when executed, ibm-acpi will then report an acpi event numbered 0x0001003. You should find some functions, e.g. _Q1B For Fn-F12 identical to this.

I found some IBM DSDT's had functions that made MKHQ calls for EC functions _Q63, _Q64, _Q4E, _Q4F, but did nothing on mine---maybe these are a good starting point. Add a whole pile, and see if you get lucky! (At your own risk, of course... :/ But it should be pretty safe).

Yes, the above sounds pretty identical to tpb, except with /proc/ibm/ecdump instead of /dev/nvram. The above works very nicely, however there's luck involved in finding the right number, even if it exists!

[[User:lentinj|lentinj]]

----

Fn+F6 does not seem to generate an event on t41p even if the mask is set to 0xffff and experimental=1 is passed to ibm_acpi
[[User:tf|tf]]

----

==Bind Fn to super or hyper ==

Hello

Is it possible to bind Fn via Xmodmap to a key modifier such as hyper or super? Thanks
[[User:Oub|Oub]] 13:14, 6 February 2006 (CET):
----
I doubt it. The event for the {{key|Fn}} key is generated at release (as opposed to holding it where it serves it's usual special function). Hence you can't use it as a modifier. [[User:Wyrfel|Wyrfel]] 22:52, 6 February 2006 (CET)
----
==Bind Fn 12 say to F34 ==
Thanks Wyrfel for your reply, in order to display my question better, I use a new header: can I bind all the Fn Fx to hay F34 and the like?
[[User:Oub|Oub]] 21:33, 10 February 2006 (CET):
----
You can do this with all key '''combinations''' that support xmodmap (see the table). That means you can't do it with {{key|Fn}}}{{key|F12}}, because that combination doesn't generate a key event at all (it only generates an APM/ACPI event. Hence there is nothing vor xmodmap to remap.

But what is your wider focus goal? I'm sure that what you want to do can be realized, anyway: You can write an ACPI script and event file for {{key|Fn}}{{key|F12}} and have the script start some tool that sends a F34 key to the X server. I'm sure this is possible.

[[User:Wyrfel|Wyrfel]] 00:03, 11 February 2006 (CET)
----
==Can't bind Fn 12 ==

Hello

I am using a R51 and I have compiled ibm-acpi monolithic in the kernel (not as module, maybe this is a mistake?). Anyway, I am using
suspend2, which I compiled in the kernel as well. Now I have bound
''to hibernate '' first to Fn 4, with the following script
event=button[ /]sleep
action=/usr/local/sbin/mihibernate

This works fine. Now I want to do the same for Fn12, so following the key table I did:

event=button[/] ibm/hotkey HKEY 00000080 0000100c
action=/usr/local/sbin/mihibernate

But that does not work. What is the problem? I tried even
echo enable,0xffff >/proc/acpi/ibm/hotkey
without success. Can anybody help me?
[[User:Oub|Oub]] 16:27, 4 March 2006 (CET):
----
The proper event line is
event=ibm/hotkey HKEY 00000080 0000100c
.

Also, make sure that you are not using [thinkpad-acpi]. If <tt>event=button[ /]sleep</tt> works for {{key|Fn}}{{key|F4}}, that indicates that you do. It might block the ibm-acpi driver. Check your kernel config and disable any thinkpad acpi driver except ibm-acpi.

[[User:Wyrfel|Wyrfel]] 21:58, 4 March 2006 (CET)
----

:Hello
:
:It is odd, I am pretty sure, that I do not use [thinkpad-acpi], but [ibm-acpi], although event=button[ /]sleep works for FnF4, in any case I found out that
:
: event=(button/power|ibm/hotkey HKEY 00000080 0000100c)
:
:Works! What do you think of adding a subsection to the [[How to get special keys to work]] page, with some examples, like the following:
:
:from ''/etc/acpi/events/battery'':
event=(button/power|ibm/hotkey HKEY 00000080 0000100c)
action=/usr/local/sbin/hibernate
:from ''/etc/acpi/events/lid''
event=button/lid
action=/usr/local/bin/mysleepram
:from ''/etc/acpi/events/sleepbtn''
event=(button/sleep|ibm/hotkey HKEY 00000080 00001004)
action=/usr/local/bin/mysleepram
:
:(Also ''event=button/sleep '' works for me)
:and then restart acpi:
:
/etc/init.d/acpid restart
:
:[[User:Oub|Oub]] 13:22, 5 March 2006 (CET):
----
What you do with
event=(button/power|ibm/hotkey HKEY 00000080 0000100c)
is to make a logical nonexclusive OR between
event=button/power
and
event=ibm/hotkey HKEY 00000080 0000100c
. If the first works, the whole thing works. So that's pretty logical.

Please, do a {{cmdroot|dmesg <nowiki>|</nowiki> grep thinkpad-acpi}} and do a {{cmdroot|dmesg <nowiki>|</nowiki> ibm-acpi}}. What is the output in either case?

I see no sense in putting examples to the page that only confuse people because they are not correct. ibm-acpi generates the events listed in the table and nothing else. If you get something like <tt>button/sleep</tt> it's not ibm-acpi generating it. You are running Debian, right? Let's hope they didn't patch the driver to generate different events.

Also, you can always do {{cmdroot|tail -f /var/log/acpid}} to have a life view of the generated events.

I am pretty sure that you are using thinkpad-acpi or - if not so - that something else must interfere.

[[User:Wyrfel|Wyrfel]] 04:49, 6 March 2006 (CET)

----

:Hi
:
:Ok I admit everything is very odd. For the start, I seem to use
:ibm-acpi. As I said I am Debian, but I compiled my own kernel :(2.6.10)(but not as a module, maybe this was a bad idee??) and I used :the ibm-acpi driver which comes shipped with that kernel. I did not :download the driver from the official http://ibm-acpi.sourceforge.net/ :site. Here is the output of
:
:dmesg | grep acpi
Kernel command line: ro root=/dev/hda6 acpi_sleep=s3_bios
tbxface-0118 [02] acpi_load_tables : ACPI Tables successfully acquired
evxfevnt-0094 [03] acpi_enable : Transition to ACPI mode successful
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [df6ddaa8]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c1464768]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c1467328]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c146bba8]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c146b628]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c146b3e8]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c146b268]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c146dde8]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c1470d68]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c1470568]
acpi_bus-0081 [06] acpi_bus_get_device : Error getting context for object [c14719a8]
ibm_acpi: IBM ThinkPad ACPI Extras v0.8
ibm_acpi: http://ibm-acpi.sf.net/
acpi_bus-0081 [08] acpi_bus_get_device : Error getting context for object [c1467328]
ibm_acpi: dock device not present

:I don't understand the errors but anyway. Now the odd thing is that indeed the following works
:
event=button[ /]sleep
action=/usr/local/sbin/hibernate
:but
event=button[/]sleep
action=/usr/local/sbin/hibernate

:Does not work. But from what you said, using the ibm_acpi neither of '''these strings ''' should work? So I don't understand what is going on. [[User:Oub|Oub]] 20:28, 6 March 2006 (CET):

==Turn on/off Wifi on Fn5 ==
Hi

I hope this is the last question. I use a crude way to activate and deactivate my wificard: I remove and insert the relevant modules, with 2 simple scripts. Now the question is how can I bind Fn5 so, that it turns on and off the wificard? With my approach I need to fire up two scripts, and that I cannot bind to one button. Thanks
[[User:Oub|Oub]] 17:57, 5 March 2006 (CET):

Try a {{cmdroot|cat /proc/acpi/ibm/bluetooth}}. Maybe it returns the state. If not, the other way would be to check if the USB bluetooth controller device is listed in {{path|/proc/bus/usb}} somewhere. It shouldn't be there if bluetooth is switched off and should be there if it is on.

[[User:Wyrfel|Wyrfel]] 04:49, 6 March 2006 (CET)
----

==Split page?==
This page is getting too long. Maybe we should split it. I'd suggest moving the "Example applications" to a seperate page.

[[User:Pebolle|Paul Bolle]] 22:46, 3 April 2006 (CEST)

==DIY Firefox 1.5 xpi==
Here's how I maneged a Firefox 1.5 compatible plugin (source: google). Note that the wiki eats some of the xml tags (so look at the source too)

$ ls -1R tp41.xpi
tp41.xpi/:
chrome
chrome.manifest
install.rdf

tp41.xpi/chrome:
content

tp41.xpi/chrome/content:
tp41keysOverlay.xul

$ cat tp41.xpi/chrome.manifest
content tp41keys chrome/content/
overlay chrome://browser/content/browser.xul chrome://tp41keys/content/tp41keysOverlay.xul

$ cat tp41.xpi/install.rdf
<?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">

<Description about="urn:mozilla:install-manifest">
<em:id>tp41keys@tp41keys.org</em:id>
<em:version>1.0</em:version>
<em:type>2</em:type>


<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:minVersion>1.0+</em:minVersion>
<em:maxVersion>1.5.0.*</em:maxVersion>
</Description>
</em:targetApplication>


<em:name>IBM ThinkPad 41 Keys</em:name>
<em:description>Two Browser Navigation Keys</em:description>
<em:creator>Paul Bolle</em:creator>
<em:homepageURL>http://www.example.com/tp41keys.xpi</em:homepageURL>
</Description>
</RDF>

$ cat tp41.xpi/chrome/content/tp41keysOverlay.xul
<?xml version='1.0'?>
<!DOCTYPE overlay>

<overlay id='tp41keysOverlay'
xmlns='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul'>

<keyset id='mainKeyset'>
<key id='tp41BackKey' keycode='VK_F21' command='Browser:Back' />
<key id='tp41ForwardKey' keycode='VK_F22' command='Browser:Forward' />
</keyset>

</overlay>

$ cat .mozilla/firefox/*.default/extensions/tp41keys\@tp41keys.org
~/tp41.xpi

Talk:Predesktop Area

2006-04-04T22:40:25Z

Pebolle: grub2

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----
Update: a quick test with the current development version of grub2 (grub-1.93) showed that grub2 can chainload a block outside the partitioned area
"out of the box". That's nice. I still haven't been able to get passed the error messages generated by the boot sectors of the bootable PSAs. My guess is the BIOS provides those boot sectors with some (special) settings that grub doesn't use ...

[[User:Pebolle|Paul Bolle]] 00:40, 5 April 2006 (CEST)

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

In 2.6.11, I was able to re-enable HPA by commenting out the section in drivers/ide/ide-disk.c under the comment "Some maxtor support LBA48 but not accept LBA48 set max...". I suppose that wouldn't be a good idea with a Maxtor drive but it worked fine for my R50.

--[[User:Rkilian|Robert Kilian]] 21:13, 22 March 2006 (CET)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Alpha quality at best. Mail me if you'd like to test it, hack on it. Now about 1100 LOC. The binary is a mere 33 KB (this is with debugging symbols). Rather i386 centric.

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

{{cmdresult|$ sudo hpafs /dev/hda /mnt/hpa -o allow_other<br/>
$ ll /mnt/hpa/<br/>
total 0<br/>
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes<br/>
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot<br/>
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data<br/>
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics<br/>
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT}}

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

{{cmdresult|$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp<br/>
$ ll /mnt/tmp/<br/>
total 1454<br/>
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin<br/>
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 country<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork<br/>
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery<br/>}}

To be continued ...

[[User:Pebolle|Paul Bolle]] 00:56, 2 March 2006 (CET)

Rescue and Recovery

2006-04-03T20:53:20Z

Pebolle: grub4dos entry still unfixed. I'm removing it now.

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB has been installed in it as the following is the case:
*the default MBR seems to ignore the active bit and always boots the first partition instead
*the default MBR contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default MBR changes it's partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Since neither LILO nor GRUB can catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

===GRUB in the MBR===
You can, however, boot the Rescue and Recovery partition from within a GRUB residing in your MBR. However if you leave its partitions type to 0x12 (Compaq disgnostics) this will result in an error message "c000021a, Fatal System Error" if you try to boot it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partitions entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

We also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we wouldn't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

Now you should be able to boot the R&R partition from withing GRUB, residing in your MBR.

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distributions installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this partition as active. Leave the MBR alone.

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088 IBMs page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Talk:How to get special keys to work

2006-04-03T20:46:23Z

Pebolle: Split page?

How to enable integrated fingerprint reader with BioAPI

2006-04-03T20:37:02Z

Pebolle: The history page can show messages like that (use "Summary

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;white-space:nowrap;" | __TOC__
|style="vertical-align:top" |
This page describes the process of getting the [[Integrated Fingerprint Reader|integrated fingerprint reader]] to work under Linux. It is based on experiences in {{Ubuntu}} on a T43. The same works on {{Fedora}} 4, SuSE 9.3, SuSE 10, and {{Gentoo}}.
|}

==Basic installation==
===Installing the bioapi framework===
====Automated installation script====
The [[Script for enabling the fingerprint reader]] automates the installation of most components (bioapi framework, driver, pam_bioapi, pam setup, device permissions, pamtester and enrolling), for some Linux distributions.

====Binary packages====
=====Debian=====
*If you're using {{Debian}} Sid (the unstable branch) you can try the packages from Michael R. Crusoe's site, either [http://www.qrivy.net/~michael/temp/ version 1.2.3] (recommended) or [http://www.qrivy.net/~michael/debs/unstable/ older versions] which might not work with the steps in this howto.
*This seems to work for {{Ubuntu}} Breezy/Dapper too, so save yourself some trouble and grab it.
=====Gentoo=====
You can either grab the [http://www.qrivy.net/~michael/blua/bioapi/bioapi-1.2.2.ebuild.tar.bz2 ebuild], or use the source-install procedure below.

Also see [http://toe.ch/~tsa/ibm-fingerprint/ http://toe.ch/~tsa/ibm-fingerprint/] for alternative documentation on installing on Gentoo including ebuilds for all the packages used.

====Installing from source====
*Get the bioapi source:
:{{cmduser|wget http://www.qrivy.net/~michael/blua/bioapi/bioapi-latest.tar.bz2}}
*I could not compile bioapi with the graphical Qt tools. To do it manually, do the following:
:{{cmduser|tar xjf bioapi-latest.tar.bz2}}
:{{cmduser|cd bioapi-1.2.2}}
:{{cmduser|1=./configure --with-Qt-dir=no}}
:{{cmduser|make}}
:and then as root
:{{cmdroot|make install}}
:If make install fails, be sure you're root and then:
:{{cmdroot|1=export LD_LIBRARY_PATH=/usr/local/lib}}
:{{cmdroot|make install}}
:and if you want to compile pam_bioapi for auth later
:{{cmdroot|cp include/bioapi_util.h include/installdefs.h imports/cdsa/v2_0/inc/cssmtype.h /usr/include}}
:Be aware that checkinstall will not work!
:(I got through configure with Qt, but got a cryptic build error. It all worked fine with Qt disabled as above)
:buzz: This is due to a wrong qt include path, set it manually in configure and everything should work.
*Bioapi (at least version 1.2.2) doesn't compile with GCC4. You need to patch it:
:{{cmduser|wget http://upir.cz/linux/patches/bioapi-1.2.2-gcc4.patch}}
:{{cmduser|patch -p1 < bioapi-1.2.2-gcc4.patch}}
* By default, bioapi will install numerous files in {{path|/usr/local/<nowiki>{</nowiki>bin,lib,include<nowiki>}</nowiki>}}, including files with "self-explanatory" names such as {{path|/usr/local/bin/Sample}}. To prevent this pollution:
:Create a dedicated directory, for example {{path|/opt/bioapi}} .
:Append <tt>--prefix=/opt/bioapi</tt> to the above <tt>./configure</tt> command.
:Append {{path|/opt/bioapi/bin}} to <tt>$PATH</tt> and {{path|/opt/bioapi/lib}} to <tt>$LD_LIBRARY_PATH</tt>.
:When installing the driver (below), tell it the new install path: {{cmdroot|sh install.sh /opt/bioapi/lib}}

====Adjusting ldconfigs library search path====
At least on {{Fedora}} or {{Aurox}} 11, you may need to add {{path|/usr/local/lib}} to the library path so that the libraries referenced from <tt>pam_bioapi.so</tt> get picked up properly. The usual way to do this is adding it to the ldconfig configuration:
:{{cmdroot|echo '/usr/local/lib' > /etc/ld.so.conf.d/bioapi.conf}}
:{{cmdroot|ldconfig}}
Alternatively you can add it to the LD_LIBRARY variable.

If you see bioapi libs in the output of
:{{cmdroot|ldconfig -p | grep bioapi}}
then it should work.

===Installing and configuring the driver===
====Installing the driver====
*Download {{path|TFMESS_BSP_LIN_1.0.zip}} from the [http://www.upek.com/support/dl_linux_bsp.asp UPEK support site] and unzip it into a seperate folder, as it will not create one.
*Change to that folder and do as root:
:{{cmdroot|sh install.sh}}
:If you're running Gentoo, use
:{{cmdroot|sh install.sh /usr/lib}}
:If that fails, it may be that make install failed up above -- try setting LD_LIBRARY_PATH, do the make install again, and come back here and try this again. You also need {{cmd|mod_install|}} from bioapi in your PATH.
====Configuring permissions for non-root use====
If you want to use PAM-aware applications like xscreensaver that are NOT running with root permissions (as opposed to login, gdm or other authentication mechanisms), you may need to do all or at least some of the things in this section. More details on what is necessary on which distributions would be greately appreciated.
*Create two groups, one for access to BioAPI files and the other for access to the usb files. (This is done for full generality; i.e., you may have other USB devices which you want accessable to other users, without exposing your BioAPI configuration to them). Add your normal user (the one you wish to use PAM-aware applications with) to both of these groups.
On {{Debian}} this is done with
:{{cmdroot|addgroup --system bioapi}}
:{{cmdroot|addgroup --system usbfs}}
:{{cmdroot|adduser yournormaluser bioapi}}
:{{cmdroot|adduser yournormaluser usbfs}}
On {{SUSE}} this is done with
:{{cmdroot|groupadd --system bioapi}}
:{{cmdroot|groupadd --system usbfs}}
:{{cmdroot|groupmod -A yournormaluser bioapi}}
:{{cmdroot|groupmod -A yournormaluser usbfs}}
On {{Mandriva}} this is done with
:{{cmdroot|groupadd -r bioapi}}
:{{cmdroot|groupadd -r usbfs}}
:{{cmdroot|usermod -G bioapi,usbfs yournormaluser}}

:(where {{cmd|yournormaluser|}} is your normal user name). You will need to log out and log back in for this to take effect.
*Set permissions on the BioAPI config/registry directory:
:{{cmdroot|chown -R root:bioapi /usr/local/var/bioapi/}}
:{{cmdroot|chmod -R 770 /usr/local/var/bioapi/}}
:(change this path if you used an alternate BioAPI install directory above)
*Set permissions on the files in {{path|/proc/bus/usb}}:
:{{cmdroot|chown -R root:usbfs /proc/bus/usb}}
:{{cmdroot|chmod -R g+X /proc/bus/usb}}
:{{cmdroot|chown root:usbfs /proc/bus/usb/`lsusb <nowiki>|</nowiki> sed -ne "/0483:2016/s/Bus\ $.*$\ Device\ $.*$:\ .*/\1\/\2/p"`}}
:{{cmdroot|chmod 660 /proc/bus/usb/`lsusb <nowiki>|</nowiki> sed -ne "/0483:2016/s/Bus\ $.*$\ Device\ $.*$:\ .*/\1\/\2/p"`}}
:You may need to replace {{cmd|lsusb|}} with its full path, which is something like {{cmd|/sbin/lsusb|}} or {{cmd|/usr/bin/lsusb|}} depending on your distro. It might be necessary to put these lines into a script which is run at startup and resume from suspend/hibernate.
*As an alternative to the {{cmd|chown|}}/{{cmd|chmod|}} commands above, you can set mount options for usbfs with a line in {{path|/etc/fstab|}}; an example would be
none /proc/bus/usb usbfs defaults,devgid=108,devmode=0660,busgid=108,busmode=0770,listgid=108,listmode=0660 0 0
:where 108 is replaced with the numerical group ID of the usbfs group (you can determine this with something like {{cmd|cat /etc/group <nowiki>|</nowiki> grep usbfs <nowiki>|</nowiki> cut -d':' -f 3|}}). Make sure you only have one {{path|/proc/bus/usb}} entry in {{path|/etc/fstab}}. See the {{cmd|mount(8)|}} manpage for more information on these options. This is "cleaner" but seems to have a few weird issues -- see the talk page for details.
*You may also have files in {{path|/dev/bus/usb}}, which the driver will try before {{path|/proc/bus/usb}}. If this is another usbfs mount point ({{cmd|mount|}} shows a line containing {{cmdresult|/dev/bus/usb type usbfs}}), then simply follow the above instructions with {{path|/dev/bus/usb}} rather than {{path|/proc/bus/usb}}. Otherwise, you may be running a new kernel (i.e. 2.6.15) that makes usbfs-like files available through {{path|/dev/bus/usb}}. On systems running udev these files are dynamically created; you can configure their permissions by editing a udev config file. On Debian this is done by changing the <tt>usb_device</tt> line of {{path|/etc/udev/permissions.rules}} to read
SUBSYSTEM=="usb_device", MODE="0660", GROUP="usbfs"
*For the beta versions only, there is a logfile, which needs to exist with the proper permissions:
:{{cmdroot|touch /var/log/BSP.log && chown root:bioapi /var/log/BSP.log && chmod 660 /var/log/BSP.log}}

====Miscellaneous configuration====
* To increase the security level (minimize false accept rate), set this in {{path|/etc/tfmessbsp.cfg}}:
security-level="5"

===Testing the driver and enrolling a fingerprint===
To test the driver and generate the file containing your fingerprint information, you need a sample program included with the driver. The compilation steps below were discovered by trial and error; if they don't work for you, try the binary {{cmd|Sample|}} utility that came with the beta versions of the driver (i.e., {{path|TFMESS_BSP_LIN_1.0beta2.zip}} as mentioned above).
Go to the folder where you extracted {{path|TFMESS_BSP_LIN_1.0.zip}} and do:
:{{cmdroot|cd NonGUI_Sample}}
:Edit {{path|main.c|}} and remove (or comment out) the line
#include "port/bioapi_port.h"
:{{cmdroot|gcc -o Sample main.c -L/usr/local/lib -lbioapi100 -DUNIX -DLITTLE_ENDIAN}}
:{{cmdroot|./Sample}}
:Note that Sample may only run as root, unless you've already configured the usbfs file permissions.
:You can try to "e"nroll (to record a fingerprint for an account) and then "v"erify (to test a fingerprint against the one it expects for an account).
:You'll save a step later if you use your own login username as the username to enroll here.

==Login via pam_bioapi==

The following explains how to add fingerprint authentiation to programs that use the PAM (Pluggable Authentication Modules) framework, such as Gnome's GDM and KDE's KDM and screensaver.

===Getting required libs & tools===
====Installing pam_bioapi====
*Prerequisites
:On SuSE 10, I needed to install the pam-devel RPM
:In general, you will need pam itself (standard for most distros) as well as the pam development files (probably an optional package for your distro).
*Get and compile the pam_bioapi module.
:{{cmduser|wget http://www.qrivy.net/~michael/blua/pam_bioapi/pam_bioapi-latest.tar.bz2}}
:{{cmduser|tar xjf pam_bioapi-latest.tar.bz2}}
:{{cmduser|cd pam_bioapi-0.2.1}}
:{{cmduser|wget http://badcode.de/downloads/fingerprint.patch}}
:{{cmduser|patch -p0 < fingerprint.patch}}
:If you want to, review the patch. In general you should review all code you download and compile, if possible. The patch comes from [http://linuxbiometrics.com/modules/newbb/viewtopic.php?viewmode=flat&topic_id=80&forum=1 this thread].
:{{cmduser|./configure && make}}
:and as root
:{{cmdroot| make install}}
:{{cmdroot| cp /usr/local/lib/security/* /lib/security/}}
{{NOTE|If you get a 'rpl_malloc' error in /var/log/auth.log when trying to use the fingerprint reader, redo these steps and remove the related term from Makefile after running ./configure. (FC3, Debian etch)}}
*If you get 'PAM [dlerror: /lib/security/pam_bioapi.so: undefined symbol: BioAPIMemoryFuncs]' error in your syslog, replace 'LIBS = ' line in {{path|libpam_bioapi/makefile}} with the following (of course, replace {{path|/opt/bioapi/}} with the path where you installed bioapi):
LIBS = -L/opt/bioapi/lib -lbioapi100 -lbioapi_mds300 -lmds_util
*Use the sample tool from the fingerprint reader to create {{path|<username>.bir}} (<tt><username></tt> '''must''' be the username you want to login with. gdm will probably break for any login name that has no .bir file).
*As root do:
:{{cmdroot|SERIAL<nowiki>=`BioAPITest | sed -ne "/Fingerprint/{n;n;s/^.*: $.\{9\}$$.\{4\}$$.\{4\}$$.\{4\}$$.*$/\1-\2-\3-\4-\5/gp}"` </nowiki>}}
:{{cmdroot|echo $SERIAL}} should print something like {{cmdresult|<nowiki>{5550454b-2054-464d-2f45-535320425350}</nowiki>}} now.
:If it does, do:
:{{cmdroot|mkdir -p /etc/bioapi/pam/$SERIAL}}
:{{cmdroot|cp <username>.bir /etc/bioapi/pam/$SERIAL}}
:If not, you might just try
:{{cmdroot|SERIAL<nowiki>={5550454b-2054-464d-2f45-535320425350}</nowiki>}}
:as this value is hardcoded into the UPEK docs.

===Configuring pam===
The following part is distribution specific. On {{Ubuntu}} or {{SUSE}} you can modify {{path|/etc/pam.d/common-auth}} (on {{Gentoo}} and {{Fedora}} it is {{path|/etc/pam.d/system-auth}}) to look like this:

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
password sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
auth required pam_unix.so nullok_secure

----
For '''Gentoo'''-Users - this allows you to attempt a password first. If you simply press enter, it then prompts for a fingerprints. Create a file named {{path|/etc/pam.d/bioapi}}. This also means that remote services, such as SSH keep working:

auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
auth required pam_deny.so

account required pam_unix.so

session required pam_limits.so
session required pam_unix.so

----

Now, simply replace "auth include system-auth" in all services that you wish to use fingerprint for with "auth include bioapi". For example, {{path|/etc/pam.d/kde}} by default contains

auth include system-auth
auth required pam_nologin.so

account include system-auth

password include system-auth

session include system-auth

Simply replace the first "system-auth" with bioapi and you can also get rid of KDE desktop lock with a fingerprint. If you do not wish to allow for "password fallback" then remove

auth sufficient pam_unix.so likeauth nullok

from {{path|/etc/pam.d/bioapi}}.

{{WARN|If su/sudo expects to receive the root password (SuSE 10), you need to have fingerprint settings for root (that is, copy in a root.bir as well as a your-username.bir). Otherwise, they get a segmentation fault. Which is a little unfortunate, given that you need to su or sudo to change your settings...}}

Note that sshd may pick up the fingerprint settings from {{path|/etc/pam.d/common-auth}}. I didn't want that, so I removed the "auth include common-auth" line from {{path|/etc/pam.d/sshd}} and replaced it with the lines that were originally in my {{path|/etc/pam.d/common-auth}}. That way most local services use the fingerprint reader, but sshd does not.

Another way to do this is to create a file ({{path|/etc/pam.d/bioapi|}} for example) which contains the {{cmd|pam_bioapi.so|}} lines, and explicitly {{cmd|@include|}} this '''before''' {{path|/etc/pam.d/common-auth|}} in the files for services which should use the fingerprint reader. In this case you should leave {{path|/etc/pam.d/common-auth|}} alone.

{{NOTE|This was discovered through trial and success, if it is plain wrong, wikorrect it, please.}}

In {{Fedora}} the original 'session' terms in {{path|/etc/pam.d/system-auth}} need to be kept.

{{HINT|The setup described above will/could affect remote ssh logins to also use biometric logins, which is a bit silly (who wants to remote ssh to the laptop, and then have to walk over to it and swipe your finger)<br />To avoid that you can copy the default <tt>/etc/pam.d/system-auth</tt> to <tt>/etc/pam.d/sshd</tt> which will allow the sshd service to use the standard authentication procedure.}}

You can do some useful testing with [http://pamtester.sourceforge.net/ {{cmd|pamtester|}}], which calls the pam modules as if it were a program of your choice. Examples:
:{{cmdroot|pamtester xdm yourusername authenticate}}
:{{cmduser|pamtester xscreensaver yourusername authenticate}}
where {{cmd|yourusername|}} is your username. Note that {{cmd|pamtester|}} should run as root if and only if the program in question does.

===Application support===
The implementation of fingerprint scanning support in the relevant applications varies.

Here is the behaviour of the most common ones:
* gdm should pop up an (ugly) image to swipe your finger and... magic - you can login without a password.
* kdm doesn't give any visual indication, other than that the cursor stops blinking. Just swipe your finger and hope it lets you log in.
* In xdm, enter your username and a blank password, then swipe (there is no popup as well).
* The KDE screen saver in SUSE 10 requires you to enter an empty password (or select the correct user and then enter an empty password) in order to get the fingerprint prompt.
* For Fedora users, the redhat-config tools will crash if no root.bir presents. Also, there won't be any visual idication unless X server is properly configured for root to access. Just swipe your finger when the HDD stopped blinking or issue the following command in advance:
:{{cmduser|xhost +local:}}

===kdm support===
To add graphical popup to kdm, you need following:
* Patch for pam_bioapi. This patch adds third parameter to {{path|pam_bioapi.so}} module, which is a name of file with additional environment variables that will be supplied to the UPEK driver.
:{{cmdroot|wget http://upir.cz/linux/patches/pam_bioapi-0.2.1-alter-environ.patch}}
:{{cmdroot|patch -p1 < pam_bioapi-0.2.1-alter-environ.patch}}
* Edit your {{path|Xsetup}} file (on SUSE 10 it's {{path|/etc/X11/xdm/Xsetup}}) and add these lines:
echo "XAUTHORITY=$XAUTHORITY" > /var/lib/xdm/kdm_env
echo "DISPLAY=$DISPLAY" >> /var/lib/xdm/kdm_env
* In {{path|/etc/pam.d/xdm}} file, add {{path|/var/lib/xdm/kdm_env}} as a third parameter for {{path|pam_bioapi.so}} module:
auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/ /var/lib/xdm/kdm_env

Please note, that this won't work if you have more than one Xserver.

==Make xscreensaver use the scanner==
*Get the needed xscreensaver sources:
:{{cmduser|wget http://www.jwz.org/xscreensaver/xscreensaver-4.23.tar.gz}}
:{{cmduser|tar xzf xscreensaver-4.23.tar.gz}}
:{{cmduser|cd xscreensaver-4.23}}
:{{cmduser|wget http://nax.hn.org/pub/bioapi/xscreensaver-4.22_alternativeAuth.diff}}
*After reviewing the patch (it's small and straightforward), do
:{{cmduser|patch -p1 < xscreensaver-4.22_alternativeAuth.diff}}<br />The patch prevents xscreensaver from opening an authentification window and dispatches the authentification request to another program, in our case <tt>pam</tt> and <tt>pam_bioapi</tt>. It should apply with some offset, don't mind that. If it says something about rejected though, then there's a problem.
*Compile with
:{{cmduser|./configure --with-pam && make}}<br />
*If you recieve an error like "undefined reference to `XmuPrintDefaultErrorMessage'" then install the libxmu-dev package and run the previous line again
*and then install as root with
:{{cmduser|su -c make install}} .
*Make sure that the newly compiled xscreensaver is used:
:{{cmduser|which xscreensaver}} should return
:{{cmdresult|/usr/local/bin/xscreensaver}} .
:*In case it doesn't, try
::{{cmduser|1=export PATH=/usr/local/bin:$PATH}}<br />and retry.
*Kill the running instance of xscreensaver:
:{{cmduser|xscreensaver-command -exit}}
*Make sure you have the following line in your {{path|~/.xscreensaver}}:
alternativeAuth: True
*Now edit {{path|/etc/pam.d/xscreensaver}} to include the following line (If you're on {{Ubuntu}} Breezy and you already changed {{path|/etc/pam.d/common-auth}} you should not need to do this.):
auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
*Start the new xscreensaver
:{{cmduser|xscreensaver}}<br />There should be a splash screen with version 4.23.
*Now try:
:{{cmduser|xscreensaver-command -lock}}

If you have questions or problems with this procedure, ask: t43fingerprint (at) badcode.de .

===Package for Debian sid===

If you're running {{Debian}} sid (the unstable branch) you can also try the patched .deb-package (built from current Debian sources fetched with {{cmd|apt-get source|}}) from [http://linux.spiney.org/debian_gnu_linux_on_an_ibm_thinkpad_t43p_fingerprint_reader this page], which also has Debian-specific instructions on how to setup the fingerprint reader. Use it on your own risk.

==Troubleshooting and Hints==
# After installing the driver, don't forget to reboot!
## This might not be necessary. it worked here without having to reboot.
# To see if the fingerprint device is know on the USB bus do:
:{{cmdroot|lsusb}}
:as root and you should see a line like:
:{{cmdresult|Bus 003 Device 004: ID 0483:2016 SGS Thomson Microelectronics}}
:The bus and device number can be different. This should work without the driver installed. If the device does not show up, you have a hardware problem/quirk, Rebooting or removing/inserting USB kernel modules might fix this.
# For some installation, after installing the driver as in section [[#Installing the driver|Installing the driver]] and makingÂ´sure the device is recognized, try to test it by going to {{path|NonGUI_Sample}} directory and run {{cmdroot|./Sample}}, one get segmentation fault. In this case, try getting the Beta1 instead of Beta2 of the driver and installing it
# There was some confusion about the /etc/bioapi1.10/pam{5550454b-2054-464d-2f45-535320425350} path, this has been fixed in the howto, if you have problems, check the section again, the path needs to have the '-' in them
# When something goes wrong look at the tail of {{path|/var/log/auth.log}}. (on {{Fedora}} it is {{path|/var/log/secure}}) Specifically if you see an entry saying something like
pam_bioapi[10480]: Unable to load BioAPI BSP with UUID of {5550454b-2054-464d-2f45-535320425350}, BioAPI error <nowiki>#</nowiki>194d.
Check whether your {{path|/proc/bus/usb}} directory permissions are set up as in the
section [[#Installing the driver|Installing the driver]].
# To get the xscreensaver compiled you might need a bunch of header files (depending on which xscreensaver features you want), in my case I need the following:
#*python-gtk2-dev
#*libgstreamer0.8-dev
#*xlibs-dev
# Sometimes {{path|$HOME/.xscreensaver}} got overwritten, try changing it to read-only.
# If after suspending to RAM and resume, lsusb no longer have "SGS Thomson Microelectronics" entry, try adding a line
/etc/init.d/hotplug restart
to your {{path|/etc/acpi/resume.sh}} file
#If after resume lsusb shows the device but xscreensaver does not ask for fingerprint for login, you might want to check the permission of the usb bus in the appropriate {{path|/proc/bus/usb/}} entry. If necessesary you might need to add a line to {{path|/etc/acpi/resume.sh}} as in section [[#Installing the driver|Installing the driver]] to set the permission right.
-----
If it still doesn't work, ask me for help (and make sure all usefull stuff makes it back into this wiki :)
to get a starting point as to where your problem is please include the output of:

:{{cmduser|lsusb}}

:{{cmdroot|ldconfig -p <nowiki>|</nowiki> grep bioapi}}

:{{cmdroot|updatedb && locate bioapi}}

t43fingerprint (at) badcode.de

User talk:Pebolle

2006-03-03T13:45:05Z

Pebolle: forgot sig

Removing the discussion on the PreDesktop Area Talk page is fine. ;-) I added some of the information from the IBM link discussion into the article, though, since i think it sheds more light into the difference between PSAs and RPs.

[[User:Wyrfel|Wyrfel]] 12:39, 5 Nov 2005 (CET)
----
Nice to hear. Edits are fine with me (until I change my mind and invoke the power to reedit that a Wiki gives its users ...)

[[User:Pebolle|Paul Bolle]] 22:40, 5 Nov 2005 (CET)
----
Hei, just wanted to tell you that i appreciate what you did to the PreDesktop Area pages (reorg). [[User:Wyrfel|Wyrfel]] 03:18, 21 January 2006 (CET)
----
Nice to hear. Thanks.

[[User:Pebolle|Paul Bolle]] 00:35, 24 January 2006 (CET)

----
Just saw your edit in [[Talk:Predesktop Area]]. ;-) If you have such a long result output, just surround it by >pre></pre> tags. Especially on talk pages it doesn't matter that much.

I believe that when ThinkWiki uses MediaWiki 1.6, i can modify the templates to make things (like multiline) more simple.

[[User:Wyrfel|Wyrfel]] 22:30, 24 January 2006 (CET)
----

==HPAFS==
Hei, you might wanna create a separate "hpafs" page for your driver and categorize it as a driver page.

[[User:Wyrfel|Wyrfel]] 01:41, 3 March 2006 (CET)

Well I said "alpha quality" (or something similar). Maybe that's even too optimistic: proof of concept might be better. I know the mantra is "release early, release often" but this might be too early ...

By the way, would hpafs really qualify as a "driver"? I'd say it's more a "tool" or a "utility".

[[User:Pebolle|Paul Bolle]] 14:45, 3 March 2006 (CET)

User talk:Pebolle

2006-03-03T13:44:29Z

Pebolle: HPAFS: some reservations

Talk:Predesktop Area

2006-03-02T00:04:28Z

Pebolle: reformatting: partial succes

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Alpha quality at best. Mail me if you'd like to test it, hack on it. Now about 1100 LOC. The binary is a mere 33 KB (this is with debugging symbols). Rather i386 centric.

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

{{cmdresult|$ sudo hpafs /dev/hda /mnt/hpa -o allow_other<br/>
$ ll /mnt/hpa/<br/>
total 0<br/>
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes<br/>
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot<br/>
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data<br/>
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup<br/>
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics<br/>
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT}}

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

{{cmdresult|$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp<br/>
$ ll /mnt/tmp/<br/>
total 1454<br/>
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin<br/>
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 country<br/>
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork<br/>
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery<br/>}}

To be continued ...

[[User:Pebolle|Paul Bolle]] 00:56, 2 March 2006 (CET)

Talk:Predesktop Area

2006-03-01T23:56:30Z

Pebolle: hpafs

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

== hpafs ==

I've written a (read only) FUSE for the hpa: hpafs. Alpha quality at best. Mail me if you'd like to test it, hack on it. Now about 1100 LOC. The binary is a mere 33 KB (this is with debugging symbols). Rather i386 centric.

hpafs will only work if the Predesktop Area is disabled (but that is more or less obvious). It basically turns each PSA into a file:

$ ll /mnt/hpa/
total 0
-r--r--r-- 1 root root 2097152 Jan 1 1970 BIOSWORKAREA
-r--r--r-- 1 root root 7710720 Jan 1 1970 Create Diagnostic Diskettes
-r--r--r-- 1 root root 104857600 Jan 1 1970 FirstWare Reserved Area
-r--r--r-- 1 root root 7710720 Jan 1 1970 Rec Boot
-r--r--r-- 1 root root 3459252224 Jan 1 1970 Rec Data
-r--r--r-- 1 root root 1476096 Jan 1 1970 Restore from backup
-r--r--r-- 1 root root 7710720 Jan 1 1970 Run Diagnostics
-r--r--r-- 1 root root 1477632 Jan 1 1970 SIGHT

This FUSE file can easily be copied with basic GNU tools (cat, dd, etc). Even more fun is to loop mount such a FUSE file (if the corresponding PSA is a bootable image). Then the PSA is a (read only) part of your mounted filesystems. So now you do not need to use dd on /dev/hda to copy the Predesktop Area: you can just mount it!

$ sudo mount -o loop,ro,users /mnt/hpa/Rec\ Data /mnt/tmp
Password:
$ ll /mnt/tmp/
total 1454
-rwxr-xr-x 1 root root 64 Sep 27 2002 bootcat.bin
-rwxr-xr-x 1 root root 1474560 Oct 3 2002 bootimg.bin
drwxr-xr-x 2 root root 2048 Mar 13 2004 country
drwxr-xr-x 2 root root 2048 Mar 13 2004 ibmwork
drwxr-xr-x 3 root root 8192 Mar 13 2004 recovery

To be continued ...

[[User:Pebolle|Paul Bolle]] 00:56, 2 March 2006 (CET)

Talk:Predesktop Area

2006-03-01T23:36:22Z

Pebolle: hpafs: works!

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

Talk:Predesktop Area

2006-02-20T22:32:59Z

Pebolle: minor clarifications, typos

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write a HPA or SPA driver. That driver should provide something like "/dev/hpa", "/dev/hpa0", etc or "/dev/spa", "/dev/spa0", whatever. The idea here is that it allows you to simply mount (ro!) the Hidden Protected Area (given the correct BIOS settings). Probably just an addaption of the current drivers for (IDE?) harddisks. (This might mean "/dev/hda" and "/dev/hpa" overlap: dangerous?) That would probably need - way - more coding skills than I have ...
* probably much easier would be to write a FUSE for the HPA: hpafs.
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (volatile?) SET MAX but does not LOCK the HDD. The HDD will accept another SET MAX, a new SET MAX SET PASSWORD, etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlocks or unfreezes the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (The HDD doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this.)

This can lead to some problems if a partition ends within the limits of the HPA (which is then actually (partly) overwritten by that partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

Talk:Predesktop Area

2006-02-20T00:44:15Z

Pebolle: typo, layout

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write a HPA or SPA driver. That driver should provide something like "/dev/hpa", "/dev/hpa0", etc or "/dev/spa", "/dev/spa0", whatever. The idea here is that it allows you to simply mount (ro!) the Hidden Protected Area (given the correct BIOS settings). Probably just an addaption of the current drivers for (IDE?) harddisks. (This might mean "/dev/hda" and "/dev/hpa" overlap: dangerous?) That would probably need - way - more coding skills than I have ...
* probably much easier would be to write a FUSE for the HPA: hpafs.
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:

- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (non-volatile?) SET MAX but does not LOCK the HDD. You can do another SET MAX, a new SET MAX SET PASSWORD, etc. etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlock or unfreeze the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (It doesn't do this in secure mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this/)

This can lead to some problems if a partition ends within the limits of the HPA (which is actually overwritten by a normal partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the (still overwritten) HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

Talk:Predesktop Area

2006-02-20T00:40:41Z

Pebolle: Set Max Security Extensions

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write a HPA or SPA driver. That driver should provide something like "/dev/hpa", "/dev/hpa0", etc or "/dev/spa", "/dev/spa0", whatever. The idea here is that it allows you to simply mount (ro!) the Hidden Protected Area (given the correct BIOS settings). Probably just an addaption of the current drivers for (IDE?) harddisks. (This might mean "/dev/hda" and "/dev/hpa" overlap: dangerous?) That would probably need - way - more coding skills than I have ...
* probably much easier would be to write a FUSE for the HPA: hpafs.
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

== SET MAX Security Extensions ==

I've hacked Andries Brouwer's setmax tool (see: Google) to support the SET MAX security extensions (SET MAX SET PASSWORD, SET MAX LOCK, SET MAX UNLOCK, SET MAX FREEZE). Very rough code once again. Mail me if you're willing to brick your HDD.

A few random observations:
- secure mode: the Phoenix BIOS probably sets a SET MAX password in the HDD, does a non-volatile SET MAX and LOCKs (or FREEZEs) the HDD.

- normal mode: the Phoenix BIOS might set a SET MAX password in the HDD, does a (non-volatile?) SET MAX but does not LOCK the HDD. You can do another SET MAX, a new SET MAX SET PASSWORD, etc. etc.

- normal mode: Linux 2.6.x disables the HPA in normal mode (by doing a volatile SET MAX to maximum native address). After a suspend the HDD reenables the HPA (by returning to the latest non-volatile value of SET MAX). It thus treats the suspend cycle as a power cycle (it also discards a SET MAX password, unlock or unfreeze the HPA etc). I'm not sure whether that is a correct implementation of the ATA spec. (It doesn't do this in sucre mode. I would like to know how the Phoenix BIOS and/or Hitachi HDD people have managed this/)

This can lead to some problems if a partition ends within the limits of the HPA (which is actually overwritten by a normal partition). Maybe the best solution would be to have the kernel do a non-volatile SET MAX to the native maximum address. Then a resume from suspend will in effect not reenable the (still overwritten) HPA.

[[User:Pebolle|Paul Bolle]] 01:40, 20 February 2006 (CET)

Talk:Predesktop Area

2006-02-20T00:21:10Z

Pebolle: Write a FUSE for the HPA

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write a HPA or SPA driver. That driver should provide something like "/dev/hpa", "/dev/hpa0", etc or "/dev/spa", "/dev/spa0", whatever. The idea here is that it allows you to simply mount (ro!) the Hidden Protected Area (given the correct BIOS settings). Probably just an addaption of the current drivers for (IDE?) harddisks. (This might mean "/dev/hda" and "/dev/hpa" overlap: dangerous?) That would probably need - way - more coding skills than I have ...
* probably much easier would be to write a FUSE for the HPA: hpafs.
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

Talk:Predesktop Area

2006-02-20T00:15:04Z

Pebolle: hda=stroke got dropped (IIRC somewhere in the 2.5 development cycle)

==Use the HPA for GNU/Linux?==
More interesting than removing the HPA (which includes a.o. Acces IBM Predesktop Area, some other tools and a backup of the pre-installed OS) would be to use this area for GNU/Linux too. At least, removing the HPA only saves 3,5 GB on my 60 GB hard disk. It would be worth a try to see whether the backup of the pre-installed OS on the largest PSA could be replaced by a backup of your favourite GNU/Linux distribution.

Elaborating on my ideas a few days later, I'd guess the following could be tried:
* see whether GRUB can be made to boot the Access IBM Predekstop Area (I guess by "chainloading" the bootsector of its PSA). Right now GRUB refuses to load sectors outside the partioned area. I've got absolutely no idea if it's possible to write a hack to overcome that restriction. Need to contact the GRUB people about that ...
* write a HPA or SPA driver. That driver should provide something like "/dev/hpa", "/dev/hpa0", etc or "/dev/spa", "/dev/spa0", whatever. The idea here is that it allows you to simply mount (ro!) the Hidden Protected Area (given the correct BIOS settings). Probably just an addaption of the current drivers for (IDE?) harddisks. (This might mean "/dev/hda" and "/dev/hpa" overlap: dangerous?) That would probably need - way - more coding skills than I have ...
* write some userspace tools for the HPA/the SPAs (things like: dumpbeer, printDoS).

It should be clear these are basically random ideas. Still feedback would be appreciated ...
----
Hei,

interesting ideas, but i'd only see a point in it if one could keep Win and Linux rescue stuff in the HPA. That means it would need to be expandable or fit the stuff for both systems.
[[User:Wyrfel|Wyrfel]] 20:03, 15 Mar 2005 (CET)
----
Thanks.

Short answer: that should be possible.

Long answer: I see little in the specs (as I understand them now) to stop one from adding (say) an extra 3 GB GNU/Linux-rescue PSA or something like that. We might try to do that first by changing the BEER and DoS manually. (Not sure whether Phoenix added some proprietary stuff to keep you from booting it. The PSA should always be accesable with the proper BIOS setting.) It might be mandatory to put it on a FAT filesystem. The hard part probably is to have it show up in the Access IBM Predesktop Area. (My guess is you need to regenerate the FirstSight "graphical shell". If that's correct we probably only can use the FirstWare tools "hidden" on their little PSA. That's no fun. Well it might a little fun if we try FreeDOS).

[[User:Pebolle|Paul Bolle (not logged in)]]
----
Update: a trivial patch to grub allows it to also work outside the partioned area:

--- /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c.oud 2004-05-23 18:35:24.000000000 +0200
+++ /var/tmp/rpm/BUILD/grub-0.95/stage2/disk_io.c 2005-03-18 22:38:30.050907408 +0100
@@ -297,8 +297,8 @@
* Check partition boundaries
*/
if (sector < 0
- || ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
- >= part_length))
+ /*|| ((sector + ((byte_offset + byte_len - 1) >> SECTOR_BITS))
+ >= part_length)*/)
{
errnum = ERR_OUTSIDE_PART;
return 0;

I made a grub CD with a grub patched with the above. Now I can "cat" the bootsector of the Predesktop Area from the grub shell (when booting of that grub CD). But I haven't yet managed to boot the Predesktop Area (dangerous stuff!) To be continued ...

[[User:Pebolle|Paul Bolle]] Fri Mar 18 22:42:43 CET 2005

----

I've been playing around with the predesktop area tonight. I was simply trying to just leave the diagnostics stuff and remove the windows part. I wrote some programs to read/write the BEER data and stuff, but I wasn't able to get the system to boot it, it kept erroring "Authentication of System Services failed" (or something along those lines). I will play around with this some more later

[[User:Invisi|Tim Nordell]]
----

A quick look with a hexeditor gave me two instances of "Application authentication has failed!" in the FirstSight application. Does that sound familair?

[[User:Pebolle|Paul Bolle]] Fri Apr 1 19:35:30 CEST 2005

----

Actually it wasn't that. I did a search of that too, the message itself was not in the predesktop area at all. What also is interesting is the fw*.exe utilities for manipulating the predesktop area, contains the string "MD5" which makes me wonder if there is an md5 hash of each "predesktop" partition. I know on the IBM whitepaper it states there being a signature so that non-signed applications can not be run. Could a simple "md5" be the signature?

[[User:Invisi|Tim Nordell]] 12:01, 3 Apr 2005 (CEST)

----

*What is it that you were trying to do (what did trigger the error you saw)?

*About ten of the fw*.exe utilities contain the phrase "MD5 Checksums do not match". So they could very well be using MD5 sums for some sort of validation. But they could use the MD5 sums in a lot of ways actually, so I won't yet speculate ...

[[User:Pebolle|Paul Bolle]] Sun Apr 3 15:11:10 CEST 2005

== Predesktop Area ==

I made a program that takes the BEER record at the end, parses it out to a ".cfg" file, lets you modify it, recalibrate the start spots for the records, and write it out to disk again. It doesn't directly access hda, 'cept for reading the original beer record. It makes a script file to go with the files you have, to read in the HPA data, and to write it out again with the new record.

Anyways, I tried simply removing the last record from the BEER, which is the windows recovery partition. It didn't like that.

----

Did you update the two's complement checksum at the end of the BEER?

[[user:Pebolle|Paul Bolle]]

----

Yep, I updated that. If I don't update that, it doesn't even say that failed message. I also made a seperate program to update the checksum so you can also modify the beer record by hand with a hex editor and have valid checksums.

== Linux kernel support ==
{{Todo|research and add to article}}
* Add a section on dmesg and hdparm -I output:
(...)
Commands/features:
Enabled Supported:
(...)
* Host Protected Area feature set
(...)
SET MAX security extension
Address Offset Reserved Area Boot
(...)

* Recent (2.6.10 and up?) kernels disable HPAs automatically (in drivers/ide/ide-disk.c). Dmesg example:

hda: Host Protected Area detected.
current capacity is 110194034 sectors (56419 MB)
native capacity is 117210240 sectors (60011 MB)
hda: Host Protected Area disabled.

This should be (further researched and) added to this section (maybe with some pointers to the unexpected consequences of this new approach ...)

[[User:Pebolle|Paul Bolle]] 22:06, 6 Sep 2005 (CEST)

* SRCMOS24.EXE

In the PSA used by the Predesktop Area I found a "hidden" executable: SRCMOS24.EXE (it is not mentioned in the FAT). This executable can capture and update CMOS data. It might only be used by the FirstSight program to display (part of) the BIOS info. It might be nice to see what it can do and if similar things are possible under GNU/Linux.

[[User:Pebolle|Paul Bolle]] 22:01, 7 Sep 2005 (CEST)

== Newer thinkpads don't use Phoenix Firstware? ==

On my T42 that arrived yesterday, the predesktop area looks a lot like MS Windows. The widget set, the fonts, even the boot sequence looks exactly like Windows 2000. Debian-installer indentified it as "Microsoft Windows NT/2000/XP", while it identified my XP partition as "Microsoft Windows XP Professional"

Has Lenovo/IBM changed their system, or is this Phoenix stuff really just Windows?

-- [[Evan.Heidtmann]]

Evan,

Could it be that you're talking about the preinstalled version of Windows here? As far as I know (using information to be found on the internet, not personal research) the preinstalled OS will reformat its partition from FAT32 to NTFS at first boot. That could explain the difference in the identification by the Debian installer (which I never really used).

Moreover the Predesktop Area is part of the HPA and the HPA is not an partition. It seems unlikely that the Debain installer notices the HPA. As far as I know there are at present no GNU/Linux tools with a (useful) support of HPAs.

[[User:Pebolle|Paul Bolle]] 15:43, 4 Aug 2005 (CEST)

My T42P (model 2373HSG) is using a cut-down version of Windows XP as the pre-desktop area. I'm not sure whether it's a special IBM thing or just a [http://www.microsoft.com/licensing/programs/sa/benefits/winpe.mspx Windows PE] (preinstallation environment) setup. It includes Java and Python, which are used by some of the IBM tools, and the Opera web browser.

It's no longer an HPA but a 487MB hidden FAT32 called IBM_SERVICE located at the end of the disk.

--[[User:Korourke|Korourke]]

== Rescue and Recovery via grub? ==

Did anyone get the Rescue and Recovery partition to boot via grub on recent models? On a T43 with
rootnoverify (hd0,1)
chainloader +1
the Rescue and Recovery partition starts booting nicely and then, a few seconds in the R&R loading sequence, chokes with a
STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000003a (0x00000000 0x00000000).
The system has been shut down.
The problem started right after installing grub into the MBR (I couldn't get the preinstalled MBR to boot grub from an active primary partition). It seems oblivious to the Predesktop BIOS setting.

The same problem has been reported by others with other models (for example [http://forums.fedoraforum.org/archive/index.php/t-19433.html here] for a T42).

[[User:Thinker|Thinker]] 11:35, 30 Sep 2005 (CEST)

Your "Rescue and Recovery partition" seems not to be a HPA (which isn't a partition). Maybe we should open a new page for that system.

[[User:Pebolle|Paul Bolle]] 21:54, 30 Sep 2005 (CEST)

It may very well not be an HPA , but the BIOS stil calls it a "Predesktop Area". Anyway, the partition is actually a VFAT partition (even though it has type 0x12, "Compaq Diagnostics"). It seems to boot into PC-DOS (using {{path|NTDETECT.EXE}} so it looks like Windows startup) and then its {{path|AUTOEXEC.BAT}} runs a fancy GUI.
--[[User:Thinker|Thinker]] 23:31, 30 Sep 2005 (CEST)
----
Right, there has been a lot of confusion about this, we should have a separate page. Introduced an edit link (called Rescue and Recovery) on the [[ThinkPad Technologies]] page for that purpose.

== Suggestions for projects ==

I'd guess it would be rather nice to have GNU/Linux tools (like sfdisk and parted) HPA aware. The most urgent change would be to have those programs at least recognize and respect a HPA (e.g.: do not write in or otherwise use the HPA area; unless the user gives a --force option or something similar).

As for now, I realize I caused this error: ENOPATCH.

[[User:Pebolle|Paul Bolle]] 22:56, 5 Nov 2005 (CET)

== Keeping functionality of the blue AccessIBM button ==

Somebody figured out [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/|how to keep the AccessIBM functionality] when installing Linux, quite easy fix. How come nobody thought about it before? :)
(link got from [[Installing_Ubuntu_5.04_on_a_ThinkPad_T43_%281875%29 here]])

--[[User:Micampe|Micampe]] 17:39, 9 Dec 2005 (CET)

The relevant part of that page:

''Set the IBM Predesktop Area (in the BIOS) to â€œSecureâ€. Boot using the SUSE DVD. Shrink the Windows partition as required. Follow the instructions and go through the regular installation process. Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB (you do prefer GRUB to LILO, donâ€™t you?), make sure you install it into the boot sector of the boot partition. Set this partition as active. Leave the MBR alone.''

That's the first thing I tried on my T43. Didn't work: setting the active partition to /boot had no effect, it was still booting the first (Windows) partition. So I had to install Grub into MBR, thereby killing R&R. Anyway, there's another solution in the article page (didn't try it since I saw it only after purging my R&R partition).

----
--[[User:Thinker|Thinker]] 19:18, 9 Dec 2005 (CET)

== Parsing the HPA information (BEER/DOS) ==

I too have been writing a program to parse the BEER and DOS info. Sample output:
:{{cmdresult| beer.signature: 0xBEEF}}
:{{cmdresult| beer.size: 128}}
:{{cmdresult| beer.flags: 41}}
:{{cmdresult| Read Only:}}
:{{cmdresult| Generated Record:}}
:{{cmdresult| Use Reserved Area Boot Code Address: yes}}
:{{cmdresult| Configuration Time Stamp is valid:}}
:{{cmdresult| Device Supports LBA: yes}}
:{{cmdresult| Directory of Services is Present}}
:{{cmdresult| Formatted Geometry Valid}}
:{{cmdresult| Reported Geometry Valid yes}}
:{{cmdresult| beer.reported_cylinders: 16383}}
:{{cmdresult| beer.reported_heads: 16}}
:{{cmdresult| beer.reported_sectors: 63}}
:{{cmdresult| beer.reported_bytes_sector: 512}}
:{{cmdresult| beer.reported_sectors_device: 117210240}}
:{{cmdresult| beer.formatted_cylinders: 16383}}
:{{cmdresult| beer.formatted_heads: 16}}
:{{cmdresult| beer.formatted_sectors: 63}}
:{{cmdresult| beer.formatted_bytes_sector: 512}}
:{{cmdresult| beer.formatted_sectors_device: 117210240}}
:{{cmdresult| year: 2004}}
:{{cmdresult| day: 313}}
:{{cmdresult| beer.timestamp: 1426063684}}
:{{cmdresult| beer.device_index: 0x80}}
:{{cmdresult| beer.hpa_start: 110194034}}
:{{cmdresult| beer.boot_code_address: 117002545}}
:{{cmdresult| beer.num_entries: 8}}
:{{cmdresult| beer.dir_length: 64}}
:{{cmdresult| beer.revision: 0}}
:{{cmdresult| dev_name: HTS726060M9AT00}}
:{{cmdresult| beer.checksum: -26982}}
:{{cmdresult| dos[0].flags: 3}}
:{{cmdresult| Service area is available as B:}}
:{{cmdresult| Diagnostic Service:}}
:{{cmdresult| Service Area is Read Only:}}
:{{cmdresult| This Boot:}}
:{{cmdresult| Empty Service Area:}}
:{{cmdresult| Hidden Service Area: yes}}
:{{cmdresult| Service Area is bootable as A: yes}}
:{{cmdresult| dos[0].service_area_start: 117005431}}
:{{cmdresult| dos[0].service_area_size: 204800}}
:{{cmdresult| dos[0].load_sectors: 1}}
:{{cmdresult| dos[0].load_address: 0x7:C000}}
:{{cmdresult| dos[0].service_area_id: 0}}
:{{cmdresult| dos[0] id_str: FirstWare Reserved Area}}
:{{cmdresult| dos[0].checksum: -22271}}
:{{cmdresult| [...]}}

Very rough code. Send me an e-mail (at the address found at my user page) if you want a (GPL'd) copy, but only if you're willing to test and improve the code.

[[User:Pebolle|Paul Bolle]] 01:15, 24 January 2006 (CET)

Rescue and Recovery

2006-02-01T23:45:26Z

Pebolle: Proper MBR: slightly reorg'd (does the MBR code really catch the key press?)

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

Apparently, the MBR is not "configured properly" if LILO or GRUB has been installed in it as the following is the case:
*the default MBR seems to ignore the active bit and always boots the first partition instead
*the default MBR contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default MBR changes it's partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Since neither LILO nor GRUB can catch the press of the button (an undocumented mechanism anyway) it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have altered the MBR for their boot procedure.

===GRUB in the MBR===
You can, however, boot the Rescue and Recovery partition from within a GRUB residing in your MBR. However if you leave its partitions type to 0x12 (Compaq disgnostics) this will result in an error message "c000021a, Fatal System Error" if you try to boot it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partitions entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

We also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we wouldn't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

Now you should be able to boot the R&R partition from withing GRUB, residing in your MBR.

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distributions installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this partition as active. Leave the MBR alone.

===grub4dos===
Another way to solve the trouble is using grub4dos, installed on your windows partition.
{{Fixme|This is insufficient information for a solution}}

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088
IBMs page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-02-01T23:15:08Z

Pebolle: This is not a fault of the distro's

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

To translate that, people found that the following is the case:
*the default MBR seems to ignore the active bit and always boots the first partition instead
*the default MBR contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default MBR changes it's partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Apparently, the MBR is not "configured properly" if LILO or GRUB has been installed in it. Since they do not include code for triggering the button press, it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have been installed in the MBR.

===GRUB in the MBR===
You can, however, boot the Rescue and Recovery partition from within a GRUB residing in your MBR. However if you leave its partitions type to 0x12 (Compaq disgnostics) this will result in an error message "c000021a, Fatal System Error" if you try to boot it. To avoid that and to make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partitions entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

We also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we wouldn't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

Now you should be able to boot the R&R partition from withing GRUB, residing in your MBR.

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distributions installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this partition as active. Leave the MBR alone.

===grub4dos===
Another way to solve the trouble is using grub4dos, installed on your windows partition.
{{Fixme|This is insufficient information for a solution}}

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088
IBMs page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-02-01T23:04:00Z

Pebolle: grub4dos needs to be fixed

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

To translate that, people found that the following is the case:
*the default MBR seems to ignore the active bit and always boots the first partition instead
*the default MBR contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default MBR changes it's partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Apparently, the MBR is not "configured properly" if LILO or GRUB has been installed in it. Since they do not include code for triggering the button press, it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have been installed in the MBR.

===GRUB in the MBR===
You can, however, boot the Rescue and Recovery partition from within a GRUB residing in your MBR. It has been reported, that many Linux distributions change the recovery partitions type to 0x12 (Compaq disgnostics), which, if you try booting it, results in an error message "c000021a, Fatal System Error".

To avoid that and make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partitions entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

We also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we wouldn't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

Now you should be able to boot the R&R partition from withing GRUB, residing in your MBR.

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distributions installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this partition as active. Leave the MBR alone.

===grub4dos===
Another way to solve the trouble is using grub4dos, installed on your windows partition.
{{Fixme|This is insufficient information for a solution}}

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088
IBMs page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]

Rescue and Recovery

2006-02-01T22:58:00Z

Pebolle: unneeded remark on using GRUB vs. using LILO

{| width="100%"
|style="vertical-align:top;padding-right:20px;width:10px;" | __NOTOC__
|style="vertical-align:top" |
<div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;">
===Rescue and Recovery===
Rescue and Recovery version 3.0 consists of a bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition. It can be activated by pressing the {{ibmkey|ThinkPad|#494949}}, {{ibmkey|Access IBM|#495988}} or {{ibmkey|ThinkVantage|#495988}} [[ThinkPad Button|Button]] during system boot. It contains a FAT filesystem (labeled "IBM_SERVICE"), and has partition type 0x12 ("Compaq diagnostics" in <tt>fdisk</tt>).

As opposed to a [[Hidden Protected Area|Hidden Protected Area]] Recovery partitions are ordinary partitions, accessible through the partition table. As they are ordinary partitions they are accessible by ordinary partitioning tools. They should be dealt carefully with.
</div>
|}
==Proper MBR==
{{WARN|Tinkering with the default MBR and the Rescue & Recovery partition puts risk to your system. It can result in rendering the system completely unusable and severe data loss. You follow any instructions described here on your own risk.}}

Consideration 6 of the Readme states:
<blockquote>"The Master Boot Record (MBR) must be configured properly for the Rescue and Recovery application to function properly. When possible, the Rescue and Recovery application attempts to ensure the proper configuration of the MBR. This can only occur if the Rescue and Recovery application is installed after other applications that requires the MBR."</blockquote>

To translate that, people found that the following is the case:
*the default MBR seems to ignore the active bit and always boots the first partition instead
*the default MBR contains code to catch a press of the appropriate button during bootup and boot the R&R partition in that case
*before booting the R&R, the default MBR changes it's partition type to 0x0b, otherwise it changes it to 0x12 (to hide it from Windows)
*the R&R software assumes that the first partition contains Windows
*the R&R partition needs to be of type 0x0b (FAT32) for the R&R software to work

Apparently, the MBR is not "configured properly" if LILO or GRUB has been installed in it. Since they do not include code for triggering the button press, it is not possible to invoke Rescue and Recovery by pressing the appropriate button during system boot, once LILO or GRUB have been installed in the MBR.

===GRUB in the MBR===
You can, however, boot the Rescue and Recovery partition from within a GRUB residing in your MBR. It has been reported, that many Linux distributions change the recovery partitions type to 0x12 (Compaq disgnostics), which, if you try booting it, results in an error message "c000021a, Fatal System Error".

To avoid that and make sure the recovery partition always is of the right type, add a line to change the partition type to 0x0b to the recovery partitions entry in your {{path|/boot/grub/menu.lst}}. Assuming your recovery partition is the second partition, it should look like this:
title IBM Rescue and Recovery
root (hd0,1)
'''parttype (hd0,1) 0x0b'''
'''unhide (hd0,1)'''
chainloader +1

We also add an <tt>unhide</tt> line here because we are going to hide the recovery partition on every boot of Windows, so we need to unhide it, when the recovery partition is booted. This is because if we wouldn't hide the partition when booting Windows, it would be visible and accessable there and that's not what we want. So, assuming that Windows is on the first partition, the Windows entry should now look like this:
title Windows
root (hd0,0)
'''hide (hd0,1)'''
chainloader +1

Now you should be able to boot the R&R partition from withing GRUB, residing in your MBR.

===GRUB in a partitions boot sector===
A way to have your Access IBM button still functional on bootup, is to create a separate {{path|/boot}} partition, install GRUB to that partition and make it active.
{{NOTE|If the above finding is true that the MBR ignores the active bit, that partition has to be the first one.}}
*In the BIOS, set the IBM Predesktop Area to 'Secure'.
*Boot your Linux distributions installation CD.
*Follow the instructions and go through the regular installation process.
*Create a primary partition for /boot (the other stuff can go into the extended partitions) and when the time comes to install GRUB, make sure you install it into the boot sector of the boot partition.
*Set this partition as active. Leave the MBR alone.

===grub4dos===
Another way to solve the trouble is using grub4dos, installed on your windows partition.

==External Sources==
* IBM page on [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-4Q2QAK ThinkVantage Rescue and Recovery].
* [ftp://ftp.software.ibm.com/pc/pccbbs/thinkvantage_en/tvtrnr3_1027en.txt Rescue and Recovery Readme]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-46088
IBMs page about accessing the Recovery Partition if Linux has been installed and the F11 button no longer works]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/#comment-165 original GRUB R&R boot success report on SharedWare]
* [http://sharadware.com/2005/07/11/suse-linux-winxp-access-ibm-on-the-thinkpad-t43/ how to keep the AccessIBM functionality]
* [http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54483 IBM Rescue & Recovery repair diskette]

==Models featuring this technology==
* ThinkPad {{T42}}
* ThinkPad {{T43}}, {{T43p}}
* ThinkPad {{R52}}

[[Category:Glossary]]