I just got in.
You enable the security chip through the bios. It may already be enabled, though the bios also will give you the option to clear it which won't harm anything seeing as you are not using it currently.
You will also need to head on over to IBM.com and download the CLient Security SOftware(CSS) and some other pieces of software to make this thing work right.
So Download the following:
1. Atmel Driver
2. SMBus Driver
3. CSS(Client security software) -latest version.
4 Password Manager - found further down the page.
5. File and folder protection... Download.. but don't install this one.. .We'll talk more later....
You essentially install in that same order. A reboot after #1 and #2 is recommended.
The Chip and CSS can do many wonderful things... but the software/interface is a bit clunky.
The basic function it provides is extra layers of authentication to the local machine.
It can encrypt local data either by manual interaction with that data or you can automate that by folder. I don't recommend this - Unless you fully understand some of the risks you take with encryption, and understand the methods to safeguard your keys, then I would stay clear of this.
It can provide password management in the form of single log on for all your web sites and applications that require a user id and or password. -function of password manager and highly recommended.
It can support specific smart cards, biometric readers, RF badges, RSA Token replacement, Tivoli Access Manager, and more. IBM will be installing a silicon based built in reader on the new refreshed T series in October. The ESS with the IBM CSS helps make these single solutions even more secure and can tie their different functionalities together.
It's a Enterprise class solution that really isn't ideally used in a consumer space.
I've been running this software since it was in beta, and every version since then. I can't stress enough that this solution is a RTFM -read the f'in manual experience. If you screw up with the ESS/CSS combo - it's very much like screwing up with Microsoft's EFS as noted at the top of the OS catagory here at AT.
I would be more than happy to walk you through it in more detail including some phone coaching. It is neat... it works. The ESS will not prevent your laptop from being stolen though.... It will prevent unauthorized access to you system and data. - after-all 70% of all data theft and tampering happens locally at the machine.
I use it with a Targus PCMCIA finger print scanner and never wanna think about using a laptop without it again.
While you can use biometrics without the embedded chip, it's not as secure. Your fingerprint, digital certificates, wireless certificates, and encryption keys get stored on the chip itself, so no one can rever them from the hard drive as they are not there. * You are allowed to create a key archive for all anrolled users and the admin - burn to disk or store on a secure network resource--->you'll thank me later.
I'll check back with you later. Ask any questions you might have.