A T4x ThinkPad with a supervisor password is a ticking time bomb. The password is not needed during boot and is only required to change certain BIOS settings, something which isn’t typically needed. But if CMOS settings are lost, the BIOS setup must be entered and the SVP will be required.
That’s exactly what happened to me. I had an old T42p (2.0 GHz Pentium M) with unknown SVP, happily working. Then somehow the CMOS got scrambled. I have no idea why, because the backup battery still seems fine. At any rate, the SVP was required and I didn’t know it. Bricked.
To recover the password, it can be read from an EEPROM but then has to be decoded. That may or may not work. Or a $100+ USB gadget can be procured—worthless for a single use because a replacement T42p system board would cost less. Or the EEPROM could be desoldered and replaced with a “good” password-less one (which I don’t have). Neither option seemed appealing so the T42p was sitting around gathering dust for a while.
Then a kind reader posted this link. Clearing the password with no special tools and no soldering? What could possibly go wrong…
Obviously a lot of things could go wrong, but not much could make the situation worse. So after removing about 15 screws, popping off the keyboard and the ThinkPad’s top cover, the EEPROM chip was exposed (Atmel AT24RF08C). Because I’m lazy I just used a small flat-bladed screwdriver to short the SCL (clock) and SDA (data) pins (pins 5 and 6).
It took me a while to get it right. Most of the time the ThinkPad just asked for the password anyway or got stuck trying to read the EEPROM. After a while, I finally managed to get into the BIOS setup and after more experimentation, disable the SVP. Needless to say, this is a significant security flaw—IBM/Lenovo claims that the system board has to be replaced if the SVP is forgotten, but they’re wrong.
Unfortunately, in the process of trying to clear the SVP I also managed to corrupt the EEPROM data. On every boot, the ThinkPad reported error “0189: Invalid RFID configuration information area”. The HMM says “The EEPROM checksum is not correct” and suggests replacing the system board (yeah right…).
The error is not fatal, it is only annoying and Esc must be hit on every boot. For some mysterious reason, the T42p also decided to do a thorough memory test on every boot which takes well over a minute with 1GB RAM but can be skipped by pressing Space.
So what could fix the EEPROM? Flashing the BIOS was the first guess but that didn’t do it. The typical Internet advice is “replace the system board”. Nope, not again. After more searching, far better advice turned up: Run the Hardware Maintenance Diskette and fix the checksum!
Sure enough, Hardware Maintenance Diskette did the trick. I used version 1.72 (found in maint172.exe on a PCC BBS mirror). Choosing the “Assign UUID” option informed me that I already had a valid UUID (the BIOS setup agreed with that) and that the checksum was being updated.
Bingo! On next boot, the error was gone. As a bonus, the T42p no longer thinks that the RAM needs a thorough scrubbing every time.
I am almost certain the EEPROM got corrupted when I was shorting the pins while the system was shutting down/rebooting. The ThinkPad firmware apparently likes to write the EEPROM a lot.
At any rate, it’s great to have the T42p back. It has a rather nice 1600×1200 display and Pentium M is a cute little CPU.