Direct-network installation, What is a hidden protected area – Lenovo ThinkPad SL300 User Manual

Direct-network installation

The following illustration shows a direct-network installation, which uses a network-staging folder as a
staging area.

Select

base map

and driver map

Make menu

selections to

define the

image to be

installed

Staging area

(Network-staging

folder)

Setup

Repository

(Optional)

Smart Image

or copy of

installed image

Final image
on C partition

4

3

1

2

Copy (optional)

Unpack

Unpack

Unpack
required
modules

1. The person controlling the direct-network installation starts the process by booting the target computer

with ImageUltra Builder Distribution Media, and then selects the required maps from the repository.

2. A network-staging folder is created specifically for the target computer. The selected maps and a

limited number of modules (only those required to control the installation process) are copied to the
network-staging folder, which acts as a staging area for the installation process.

3. The person controlling the direct-network installation makes selections from the installation menus to

define the image to be installed.

4. The modules required for the defined image are obtained directly from the repository and copied over

the network to target computer C partition. Then, the setup process begins.

Note: Optionally, if a developer of the image specified that a service partition is to be created for
client-side recovery purposes, the maps and modules also are copied to a service partition.

When setup is complete, the C partition contains the new image.

ImageUltra Builder relationships with the Hidden Protected Area (HPA)

This section provides information about the purpose of the Hidden Protected Area (HPA) and the relationships
that exist between the HPA and the ImageUltra Builder program. Additional information about the HPA is
available from the Lenovo Web site at:
http://www-307.ibm.com/pc/support/site.wss/MIGR-46023.html

What is a Hidden Protected Area?

Implemented in 2003 on selected models of ThinkPad and ThinkCentre computers, the Hidden Protected
Area (HPA) is a variant in the Lenovo disk-to-disk recovery scheme. Like the service partition, the HPA
provides its own operating environment and contains operating-system modules, application modules,
device-driver modules, and a set of recovery tools. But, the similarities stop there. The architecture of
the HPA provides a secure environment. Protection settings (security levels) and access to the HPA are
controlled by the computer basic input/output system (BIOS). The HPA does not rely on a boot manager, and
is therefore immune from boot-sector viruses, which could cripple other disk-to-disk recovery methods.

Each application within the HPA is contained on its own protected service area (PSA). There are two types of
PSAs: Boot PSAs and Data PSAs. Boot PSAs contain all of the files necessary for starting the application
from the associated Data PSA and for displaying an icon in a secure launching area called the Predesktop
Area. Each Boot PSA is digitally signed to deter tampering and to deter viruses. Each time a Boot PSA is
used, the signature is checked. Only those PSAs with valid signatures are permitted to boot. Data PSAs
contain all of the files associated with the application itself.

Chapter 3

.

Staging-area behavior and logic

33