I recently wrote a review of a just-being-released addition to the ThinkPad line, the 14” T490s. My writeup was based on the one system I had in front of me and, as always with pre-released systems, documentation was sparse at best. The computer had very early drivers and system software but was remarkably stable and reliable. New system software started to appear, and I noticed a new BIOS image, that was described as the initial release, but was substantially newer than what was on my computer. I always try to apply updates as early as possible on any machines I review, hoping to identify any unexpected issues before the general market. During the BIOS update, a message I had never seen flashed by. As a result of nothing more than blind luck, my camera happened to be within reach and the battery was charged. I apologize for the quality of the photo, but there was no time for staging.
Based on what I can ascertain, the process is intended to be completely invisible to the user, other than the message I noticed. After a BIOS update, the BIOS restarts and, after initialization, the image is backed up before booting into Windows or another operating system. On subsequent startups, if there is a problem starting, the backed-up BIOS image is restored automatically. In some ways, this is similar to the way Microsoft handles drivers in Windows.
As I would expect, Phoenix Technology, who makes the BIOS for ThinkPads, and Lenovo have not published any technical descriptions on how the technology works. Any time any new technology comes out, hackers immediately start trying to figure out how to exploit some vulnerability, and there is no reason to provide any clues.
Last year, I had read that self-healing BIOS images were coming soon. When I reviewed the T490s, I did open the machine for photos and did a quick examination. One thing I noticed was the presence of two SPI chips (serial flash) on the visible side of the motherboard. I would expect to see one chip used for the BIOS but seeing two made me wonder if one was being used for a backup, but nothing in my testing suggested anything related to self-healing. Actually, I have no knowledge as to whether either chip I could see is used for the BIOS or any other purpose I can imagine. I would hope that the self-healing process will dramatically reduce the chances that users will “brick” their systems, as a result of reasons like “the power went out”, “the cat walked across the keyboard” or “I just turned it off”.