T440s 的 Hardware Password Manager是干嘛的

在BIOS的item Specific Help中说是enables the central management of hardware passwords. Enabled to register your system to the server.
一直不懂这是什么东西，很多资料都说必须打开。
直到今天看了 lenovo support才明白。

简单的说，这玩意儿用于几种管理一个公司所有的thinkpad上的硬盘密码和BIOS设置。
那么通过运行特定软件的服务器，可以把所有电脑的硬盘密码集中管理起来。
BIOS设置那个没细看，因为HPM已经被废弃，反正功能打开关闭对个人意义不大。

原文附后。
In this age of mobile computing, companies are faced with a serious problem of protecting their notebooks (and the data they contain) against the possibility of theft. The PC industry standard is to utilize four hardware passwords to protect the PC. Lenovo has improved this solution with the introduction of the Hardware Password Manager (HPM) which enables a user to centrally manage the four hardware passwords.
Use Hardware Password Manager to protect data on PCs
PCs carry a great deal of confidential information and protecting this information is a top priority for nearly every company. Encryption is the usual solution for this problem and many customers use Self Encrypting Drives (SED) (also called Full Disk Encrypting drives) for this purpose. The drives offer a compelling story for the protection of data on a PC, but they have one very serious drawback, simplified central management of the passwords. Lenovo’s Hardware Password Manager enables centralized management of SED drives from any SED drive manufacturers.

All disk drives, including all SED drives, support use of the standard Hard Drive Password (HDP) and Master Hard Drive Password. SED drives are designed to tie the HDP to the encryption key. That means the drive will not decrypt data unless the HDP is provided. Since Hardware Password Manager can manage the HDP, a company can control access to all the encrypting drives they have by using Hardware Password Manager. An industry first exclusively from Lenovo.

Use Hardware Password Manager to deter internal theft
PCs can be especially attractive as targets of theft, particularly in the corporate environment. If employees are aware that their company’s PCs have the Power On Password (POP) and the HDP set, internal theft is rarely a problem. By setting the POP a password is required to make the PC load an operating system. The HDP is required to make a disk drive spin, and to make and SED drive decrypt data. A thief would need to replace the system board and hard drive before it was usable.

In addition to reducing the threat of theft, hardware passwords can reduce the possibility of insider fraud. These crimes often require access to PCs in different parts of the company, especially in Accounting. If hardware passwords are set on all PCs inside the company, it is more difficult for an employee interested in fraud to commit the crime from any PC other than his own.

Use Hardware Password Manager to centrally control BIOS configurations
BIOS settings make it possible for a company to control how a PC behaves. BIOS settings govern whether peripheral ports function or not, which is extremely important in the defense industry. Security concerns often require that the USB ports on a PC be disabled, and this can be done through configuration of BIOS settings.

Unless the Supervisor Password (SVP) is set on the PC, anyone can enter BIOS configuration on a PC and change settings to suit themselves. The SVP is one of the four hardware passwords on all PCs, and is required to set or change anything in BIOS configuration.

Lenovo provides two tools that have a requirement to configure BIOS settings. Hardware Password Manager makes it possible to set and manage the SVP on corporate owned ThinkPads. If the SVP is set, one must know it in order to change BIOS settings on that PC. Lenovo also offers a standard WMI-based central management tool for controlling BIOS settings. When used together, company IT Administration can centrally control BIOS settings for Centrino 2 (and later) ThinkPads.