IBM gave me Thinkpad 560X notebook, about year ago (thanx, it is nice beast). I discovered few misfeatures, and few bugs, some of them are related to security. Here it goes: (I got a letter from one person at IBM, explaining things.)

Ok, above are things that I know. But there are things I do not know (do not even ask me, I don't know; but if you find out some answer, let me know!): I did not even open my thinkpad... yet ;-).

FAQ (added 2001/08/23)

*Common mistake #1: if BIOS can change/read password,
	I can do it, too.

Not true: think trapdoor. Register "TRAP" is set to zero during reset.
Once "TRAP" is set, it can not be reset using software and password data
are not accessible. BIOS sets the "TRAP" bit during bootup.

I am not sure thinkpad uses a "TRAP" register, but it very well might for its
supervisor password.

* How do I reset supervisor password?

OTOH, password is probably stored in a serial EEPROM. You can try to wire the data pin to the ground, and try booting. This involves opening your computer, and if some esstial info
is also stored in that PROM, or if the passwords are stored encrypted in the PROM, it will not work. Oh, you might also kill your machine. I don't know if it will work for thinkpads, I never tried it. Ask shaddack.

It is told that, IBM does really replace mainboards in order to get rid of password...
[Soldering on mainboard may cause hidden damage and IBM apparently
does  not want to risk that.]

Oops, it might be even more tricky than that. It seems that thinkpad stores password for its hdd, somewhere:

(from Paul Mullen:)
On the Thinkpad's I have seen setting the Supervisor password also sets the hard drive
password. The computer appears to work normally. But if you remove the hard drive
and place it in another computer it won't work - it simply appears as a controller failure
(unless you run IBM Drive Fitness Test or place it in a computer like Thinkpad which
understands hard disk passwords). I have come accross this several times recently
when a notebook computer failed and the owner asked me to backup data from the hard
drive. The most recent case was actually someone who worked for IBM here! The only
way I had to get to the data was to get the Thinkpad working again! Once working
there was no password prompt (unless I set a user password) but the hard disk worked.
In any other computer, including other Thinkpad's, the drive was password locked.  So
obviously the Thinkpad bios had stored the hard disk password somewhere and was
passing it to the hard drive on startup.

(from Vojta:)
It should be possible to clear 560X by shorting two test pads on the mainboard during boot. Untested.

Someone who says they can remove TP passwords. I hope they do not dissappear, again. Detailed instructions how to get rid of supervisor password How to make magic floppy

This page was created by Pavel Machek.