I am a bit of security expert myself!
pulls out screwdriver
In the past they had jumpers for the same purpose.
IBM ThinkPads could be reset if you beamed a certain radio frequency directly at the BIOS chip. It was documented in the user guide as a feature if you were ever locked out, or the system was no longer booting. It’s been 20 years but I doubt that feature ever went away.
BIOS passwords have only ever been to deter unsophisticated attacks. Though this is more unsophisticated than the rest.
like just removing the battery to reset the CMOS
That hasn’t worked in a while, has it?
It’s a little difficult to reset the password if it’s lost otherwise.
on DIY motherboards it still works like this
Most motherboards store the password in SRAM along with all of the other BIOS settings. Removing or shorting the backup battery will clear everything.
Some motherboards store the password in non volatile memory. That’s usually done in computers intended for business use. If you forget the password, you have to get a reset code from the manufacturer after proving that you are the owner of it.
It’s even more trivial to remove the hard drive and read/write it directly, possibly even booting it on a separate system directly or in a virtual machine. BIOS passwords (on all x86 systems, not just Lenovo) provide very limited security benefits, but they can be sufficient for some basic security requirements.
