3.7.3. Flashing EC (SMSC MEC, 2019-*)
On the latest generations of ThinkPads, the security issue that allowed to inject the DXE driver and bypass the password does not exist anymore. The password is still stored inside the EC, in a write-only region.
However, it appears that dumping the EC with a dedicated programmer, erasing it and flashing back can actually clear the password. See: https://www.badcaps.net/forum/showth...t=95736&page=5 https://www.badcaps.net/forum/showthread.php?t=111439
Comment