If you try to brute force it, the system imposes exponentially increasing lockout timers. If you try to use a logic analyzer to sniff the SPI bus, you realize the data is encrypted with a key unique to the motherboard.

Lenovo’s region is separate from the BIOS. If the previous owner enrolled the laptop in a corporate Computrace (Absolute Software) subscription, clearing the BIOS password won't kill the LoJack. Once the laptop touches the internet, it phones home to a geolocation server.

For the hobbyist, the T470 is a challenge. It sits in a sweet spot where the hardware is cheap enough to risk bricking, but the architecture is modern enough to teach you about SPI flashing, differential Manchester encoding, and the quiet war between owners and manufacturers over who really controls the hardware.

You find a pristine T470 on eBay for half its market value. The listing reads: “Powers on, no hard drive, slight wear on trackpad.” It arrives, you install an SSD, and hit F1 to enter the BIOS. A grey, unyielding padlock icon stares back. You are not the administrator. The laptop is a paperweight.

Furthermore, on T470s with vPro (the i5-7300U or i7-7600U models), the AMT password is stored in the Management Engine's non-volatile memory. Clearing the BIOS does not clear AMT. You need a separate, nearly impossible to obtain, Intel engineering tool to reset that. The Lenovo T470 BIOS password is a fascinating piece of engineering. It is not "unbreakable," but it requires either a time machine (to use the old backdoor), a steady hand with a soldering iron, or a $50 donation to a Ukrainian firmware hacker on a Telegram channel.

In the world of IT asset disposition and second-hand laptop deals, the Lenovo ThinkPad T470 occupies a golden mean. It’s modern enough to run Windows 11, yet old enough to be a bargain. But there is a ghost that haunts the used ThinkPad market: The Supervisor Password.