I'm not sure if this will work and it's risky as well, but you might want to try it out:
In most BIOS, shorting the address pins (or the equivalent of that act) upon boot will force the machine to boot from the bootblock BIOS. The bootblock routine usually searches for BIOS binary file to flash, because the assumption is the system BIOS a.k.a main BIOS module is corrupt and need replacement. I'm not sure how to provide this "new" BIOS binary file replacement for your case. However, most BIOS requires boot floppy (in recent days FAT16 formatted USB sticks) which contains an autoexec.bat file with the routine to flash the new BIOS binary and the BIOS binary file itself.
On 4/9/10, Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net wrote:
On 08.04.2010 20:45, ron minnich wrote:
I have a lenovo x300 somebody set the password on and ... as you guess, forgot.
BIOS password or boot password?
So, question: anyone have any idea how deep into the machine the password is kept no new machines? Deep in TPM?
in other words, were flashrom to work on this box, can the password be reset?
It depends. I know that you can reset the password with flashrom on HP machines (got a success report about that a few weeks ago). Not sure about Lenovo. You can store a password (or a hash of it) in flash or NVRAM or a small SPI EEPROM or an I2C EEPROM or even the TPM or any combination thereof.
How much time/money are you willing to invest?
- The easiest and probably most expensive way (could be a few hundred
dollars) is to send the laptop with a proof of ownership to Lenovo to have it unlocked.
- A risky and fast (if you can recover from a misflashed ROM) way is to
simply flash a new ROM image which is pretty much guaranteed to have no builtin protection, but it won't help at all if the protection is not dependent on flash contents. Messing with nvramtool might have other effects, but hey, you can try that as well.
- If you have a good logic analyzer, you can watch the traffic to the
TPM, NVRAM, flash, and all other EEPROMs around the time you enter the password.
If you find a good way to get the password removed, there's always the option of selling that knowledge to non-Lenovo repair shops.
Good luck!
Regards, Carl-Daniel
-- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot