[coreboot] password

Darmawan Salihun darmawan.salihun at gmail.com
Fri Apr 9 05:17:35 CEST 2010

I'm not sure if this will work and it's risky as well, but you might
want to try it out:

In most BIOS, shorting the address pins (or the equivalent of that
act) upon boot will force the machine to boot from the bootblock BIOS.
The bootblock routine usually searches for BIOS binary file to flash,
because the assumption is the system BIOS a.k.a main BIOS module is
corrupt and need replacement. I'm not sure how to provide this "new"
BIOS binary file replacement for your case. However, most BIOS
requires boot floppy (in recent days FAT16 formatted USB sticks) which
contains an autoexec.bat file with the routine to flash the new BIOS
binary and the BIOS binary file itself.

On 4/9/10, Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net> wrote:
> On 08.04.2010 20:45, ron minnich wrote:
>> I have a lenovo x300 somebody set the password on and ... as you guess,
>> forgot.
> BIOS password or boot password?
>> So, question: anyone have any idea how deep into the machine the
>> password is kept no new machines? Deep in TPM?
>> in other words, were flashrom to work on this box, can the password be
>> reset?
> It depends. I know that you can reset the password with flashrom on HP
> machines (got a success report about that a few weeks ago).
> Not sure about Lenovo. You can store a password (or a hash of it) in
> flash or NVRAM or a small SPI EEPROM or an I2C EEPROM or even the TPM or
> any combination thereof.
> How much time/money are you willing to invest?
> - The easiest and probably most expensive way (could be a few hundred
> dollars) is to send the laptop with a proof of ownership to Lenovo to
> have it unlocked.
> - A risky and fast (if you can recover from a misflashed ROM) way is to
> simply flash a new ROM image which is pretty much guaranteed to have no
> builtin protection, but it won't help at all if the protection is not
> dependent on flash contents. Messing with nvramtool might have other
> effects, but hey, you can try that as well.
> - If you have a good logic analyzer, you can watch the traffic to the
> TPM, NVRAM, flash, and all other EEPROMs around the time you enter the
> password.
> If you find a good way to get the password removed, there's always the
> option of selling that knowledge to non-Lenovo repair shops.
> Good luck!
> Regards,
> Carl-Daniel
> --
> http://www.hailfinger.org/
> --
> coreboot mailing list: coreboot at coreboot.org
> http://www.coreboot.org/mailman/listinfo/coreboot

-= Human knowledge belongs to the world =-

More information about the coreboot mailing list