After a while merely working with macOS and Linux, I have recently decided to have an additional Windows box for some Windows-specific tools and development. I could be able to secure a second-hand Lenovo Thinkpad T430s on eBay for around 130 AUD, which is quite a decent price with CPU i5-3320M (2.6GHz), 4GB RAM, 14in 1600x900 LCD and its battery could last about two hours.
I was away when the seller delivered the laptop and thus unable to check anything right after receiving. It turns out the seller (or his seller before that, as he claimed) had lost or could not retrieve the BIOS supervisor password. I only noticed this issue when I tried unsuccessfully to alter the BIOS to UEFI mode in order to install and dual boot Windows and Ubuntu in UEFI. Without the correct supervisor password, I am not allowed to make any meaningful changes in the BIOS.
You got supervisor password locked when you see this after pressing F1 to enter the BIOS at boot time.
You may just Enter with blank and can still get into BIOS but most of the options are grayed out to your dismay.
Searching around on the Internet, most of Lenovo forum experts will tell you that the only way is to get Lenovo replacing the mainboard due to security setting. Some will point to Joe’s KeyMaker kit that costs at least 113 USD (98 plus 15 USD for shipping and handling).
Fortunately, there are some workarounds like this Reddit thread, David Zou’s post, this SuperUser’s thread, or this post, and many YouTube’s video like here or there. After few trials, I could successfully reset the supervisor password in my T430s. Here I will summarize some basic and working steps with some important notes that might save you some money, time, and effort.
The following procedure involves some risky short-circuit of a mainboard’s component. I will bear no responsibility when you damage your own computers using these guidance. Proceed at your own risk.
The main idea is to locate and short-circuit the pins SDA and SCL of the EEPROM during the process of supervisor password checking.
- Disassemble T430s to expose the EEPROM
- Clear supervisor password by short-circuiting the EEPROM’s pins
- Turn on and keep short-circuiting the pins
SCLof the EEPROM when entering the BIOS (pressing F1) and the BIOS is checking the password
- Enter the BIOS, change the supervisor password, and then save the changes (F10)
- Turn on and keep short-circuiting the pins
The EEPROM is on the mainboard under the keyboard. Hence, we must remove the keyboard to expose it. Unless you are too familiar with opening a T430s, you should refer to the Hardware Maintenance Manual (either pdf or online version).
Using the instructions for “Removing and Installing the Keyboard - ThinkPad T430s, T430si”:
- Remove the battery pack
- Remove the memory cover
- Locate and remove the two keyboard screws marked with red color.
Turn to the upper side, slightly press or push the keyboard a little towards the direction of the display to unlatch it.
- You better use a small flat screwdriver to gently push and lift up the keyboard
Pull the keyboard out gently to avoid breaking the thin keyboard cable.
Now we need to locate the EEPROM. As the chip is very small, it will take a little effort. It would be faster with a good loupe or similar. In my T430s, the chip is south of the CPU and hidden under the black sticky isolation tape.
According to the layout diagram shown by David Zou, the pins SCL and SDA are on the lower opposite side of the dot. The EEPROM in my laptop got some sticky from the isolation tape on the surface and therefore difficult to see the dot. In this case, you can use a pointy driver to gently scan all over the chip’s surface like I did.
SCL pins are identified with two blue arrows. Note that the space between them is tiny, so make sure you are using appropriate tool to only short these pins and don’t touch anything else. In my case, I found it very precise and comfortable with a pointy driver from a cheap screwdriver set.
Clear Supervisor Password
After successfully locating the EEPROM and identifying the two pins, as David Zou wrote here, the steps and responses for BIOS and UEFI based computers are slightly different, please refer to his information in your particular case. As my T430s is UEFI based, the process is following.
- Turn on the computer / laptop
- Short-circuit the two pins
SCLand keep them shorted while pressing F1 to enter BIOS setup. I was taken directly to the BIOS without any prompt or asking.
- Stop short-circuiting after successfully entering the BIOS (otherwise, start over from Step 1)
- Navigate to the menu Security > Password > Supervisor Password to change the supervisor password (please read the following note).
An important lesson I learned at this point (in a hard way) is that, you should change the supervisor password to something not blank. After clearing the supervisor password as above, I tested few times and put back every thing just to realize that the old or locked supervisor password kicked back in. That means I got locked out as before and must re-open the keyboard to start over the short-circuit.
The issue was somehow noticed by clocow in this Reddit thread and his suspect is due to the backup battery (the yellow one in the mainboard). He suggested to leave the battery disconnected for 3 hours and retried.
Nonetheless, I have just changed the supervisor password and experienced no kick back or reset so far. My suspect is that the reverting of old/locked supervisor password happens when the supervisor password is blank after the hiccup (i.e. the attempt to clear password via short-circuiting). That’s why I got the aforementioned simple solution.
Eventually, I am truly happy to gain control of my laptop without spending extra money and learn few more thing on the way.
Happy hacking (aka short-circuiting), mates !!!
- For other models, you should research carefully whether the supervisor password can be cleared using this method. In some models, the places to store passwords are totally different and you can risk burning or bricking a working laptop.
- Information about the location of EEPROM and two pins of other Lenovo models can be found here or here.