TL;DR: Recovering data from a password-protected SATA hard disk that was locked by a Thinkpad
I wish this post would be as generally valid as the title suggests; at this hour I’m just unspeakably glad to have unlocked a hard disk I didn’t even know I had locked and can finally go to bed.
I enabled password protection in the Thinkpad BIOS, believing that it’s “just” a UI thing. If the laptop ever would break down, I’d be able to salvage the disk, install it in a new computer, worst case re-enter the password and all would be good. Until said Thinkpad broke down.
I removed the hard disk from the dead Thinkpad and connected it via USB to a different computer which couldn’t read it. Weirdly enough, none of the recovery tools I tried would even find a trace of data on the disk, not even a partition table. At that point it dawned on me that BIOS password must have had activated the SATA protection feature of the disk.
Trying out stuff
These two  posts  helped unlock the hard disk after a few tries. I don’t think any of this will work over USB because of the low-level SATA interactions. I installed the hard disk (/dev/sdb) in a Linux NAS where I had root access.
First let’s see if the drive is indeed locked:
hdparm -I /dev/sdb ... supported enabled not locked not frozen not expired: security count
hdparm --security-disable mypassword /dev/sdb
of course didn’t work. The reason is that Thinkpads transform the password so it’s not stored in clear text. Jethro Beekman wrote a Ruby programme  which encodes the password.
I cloned his repository:
git clone https://github.com/jethrogb/lenovo-password.git cd lenovo-password
(alternatively download the ZIP, extract)
Next installed ruby
sudo apt install ruby
Then followed the instructions, not knowing much what I was doing:
sudo hdparm --Istdout /dev/sda > sda.ata_identify P="$(ruby pw.rb sda.ata_identify)" sudo hdparm --security-unlock "$P" /dev/sdb sudo hdparm --security-disable "$P" /dev/sdb sudo partprobe /dev/sdb
After that, the hard disk was visible again and could be mounted over a USB cable.
Thanks go to users MegaBrutal and jethrogb.
 Disable HDD password when master password is unknown
 Lenovo ThinkPad HDD Password
2 thoughts on “Unlocking a password-protected hard disk”
Thanks the post I managed to unlock my drive from my dead lenovo thinkpad because of it.
In my case I issued a master password via hdparm. After reboot Thinkpad wanted the password (fine). But as you write, ThinkPad adds “salt”. Altough I typed the corrent password, access was denied.
So the solution for me (worked via USB!) was
hdparm –security-unlock MYPASS /dev/sdb
hdparm –security-disable MYPASS /dev/sdb
Fun Fact: Windows managed to see the disk. They know the master passwords from manufacturers? I wanted the data, so I didn’t formatted. Something to test in future.