cancel
Showing results for 
Search instead for 
Did you mean: 
The Venerable ThinkPad W540 – A Journey in Multiple Parts: Part 2
Guru

DSC00701c.JPG

 

Missed Part 1?  Catch it here

 

Part 2: System / BIOS setup.

 

For the average consumer machine, users can get the most out of it without ever having to contemplate these advanced setup procedures. A ThinkPad, however, requires the user to take a peek at them at least, because the default settings certainly do not fit all usage scenarios. From hardware settings, performance and power setup, to security, OS installation and enterprise deployment, almost everything is configurable. Having your ThinkPad wrongly configured in BIOS can slow down OS booting, disabled features you need are not showing up in OS and enabled features you don‘t need will produce unwanted activity / battery drainage etc.

 

For every ThinkPad I‘ve ever bought, sold or maintained through the years, the BIOS setup is the first thing I ever perform. This is particularly vital today, even before loading up any OS on it, because of the default legacy pre-installed Windows 7 or UEFI BIOS pre-installed Windows 8/8,1 OS, which like in the case of the former, upgrading your Windows 7 pre-installation to Windows 8 instead of clean installing will give you a legacy installed Windows 8 and thus fail to take advantage of some of the UEFI features that are built into the OS. I‘ll get into some of the differences between Legacy/UEFI installations in Part 3 as well as the main only and secondary hard drive dual booting.

 

NB. Although this setup is for the W540/T540p, most of the options are identical to other ThinkPad models and serve the same function, but being a fully loaded W540, it has several options that other models don‘t have, and thus a perfect machine demonstrate this on.

 

To enter the ThinkPad UEFI BIOS there are several methods you can use.

  1. Press F1 on the Lenovo screen to bring up the BIOS setup instantly. (Only possible during restart or when started up again from a full shutdown, which you can have your machine enter if you hold down Shift while clicking Shutdown in Windows 8/8.1).
  2. Press Enter on the Lenovo screen, again, only possible using the same restart methods as above, to bring up the Startup Interrupt Menu, and then select F1 for the BIOS setup.
  3. From within Windows 8/8.1:
  • Open the Charm Bar by pressing Win+C key combination.
  • Click on Settings
  • Click on Change PC Settings
  • Click on General (Win 8) Update and Recovery (Win 8.1)
  • Scroll to the bottom and click on Advanced Startup -> Restart Now (Win 8) Select Recovery -> Advanced Startup -> Restart Now (Win 8.1)
  • Click on Troubleshoot
  • Click on Advanced Options
  • Click on UEFI Firmware Settings
  • Click on Restart

NB. By default, a Windows 8/8.1 shutdown is not a real shutdown. Instead, it is hybrid shutdown where contents of memory are saved to disk. This allows for a faster startup. However, turning on the PC after a hybrid shutdown does not allow for pressing F1 or F12 during startup. To disable this behaviour and for further information on booting Windows 8/8.1 pre-installed machines head over to this page: Windows 8/8.1 boot instructions - Lenovo.

 

If you have a ThinkPad with a Legacy BIOS, just press F1 on the ThinkPad screen.

 

1.jpg

 

On the main screen you can see various important information about your ThinkPad such as the serial and MTM numbers, information on your installed CPU and RAM, OS Licence and Secure Boot status. On the image above, I‘ve annotated where you can find the various categories of settings for your machine.

 

My W540 is setup as non-enterprise, standalone workstation, so the first things I do is turn off AMT (Intel Active Management Technology) and all Wake/Boot from LAN settings, as my machine won‘t be either booted up from LAN nor managed remotely.

 

WP_20150407_17_01_34_Pro.jpgWP_20150407_17_03_50_Pro.jpg

 

To turn these settings off, open up your Config screen and select Network and toggle your preferred settings between Enabled / Disabled. I disable all options. The Intel AMT settings are also found on the Config screen, which I set to disabled. NB, do not select Permanently Disabled if you plan on reselling your machine later on, as permanently disabled means just that.

 

There are a couple of other features that I disable in the Config section, which is the Intel Smart Connect Technology, which powers on your machine on regular intervals to check for mail and social media updates and the Power – Intel Rapid Start Technology, which I don‘t need on my W-series machines, but I do keep it enabled on my ThinkPad travelmates, such as the T440s.

 

WP_20150407_17_01_41_Pro.jpgWP_20150407_17_02_14_Pro.jpg

 

Walking through the other settings I change on the Config screen, on USB I have everything set to Enabled and USB 3.0 set to Auto. I am particularly fond of the USB always on and Charge in battery mode, as my ThinkPads that have large 9 cell batteries have managed to save my phone from running out of power on countless occasions. Finally, I set my display options for standalone operation, but if you have your machine docked and connected to one or more external monitors, you need to set these accordingly.

 

WP_20150407_17_01_15_Pro.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

On to the Security screen, where many mission critical options reside. Many of these options should not be played with, as setting them wrongly can have serious consequences. Particular care should be taken when setting one or more Passwords for access control, as there is no fallback or fix that can reset a forgotten password.

 

WP_20150407_17_05_27_Pro.jpg

 

Leaving the Security settings at their default is fine in most usage scenarios, but some features are disabled by default, like Virtualization, and need to be enabled for them to work. The Security Chip is initially set to Inactive, which means it is visible in your OS, but inactive. I set mine to Active as it is required by the Security Reporting Options, which I do monitor if something comes up as well as enabling the Intel Trusted Execution Technology (TXT) options, which I also have set to Enabled.

 

The UEFI BIOS Update Option is self-explanatory and in addition you can prevent older BIOS flashing by turning the Secure Rollback Prevention to Enabled. Memory Protection and I/O Port Access are all enabled by default and no restrictions or access control to your hardware is set. The Internal Device Access option is for the Bottom Cover Tamper Protection, which works in conjunction with the Supervisor Password, so if no Supervisor Password is set, the Tamper Protection won‘t take effect even if set to Enabled. The Anti-Theft module is active by default, and thus you‘ll get popups in your Windows OS regarding enrollment. If you do not wish to see those or you won‘t be using the feature, just set the AT Module to Disabled. Same as with the Intel AMT Control, the AT Module can be permanently disabled as well.

 

WP_20150407_17_06_34_Pro.jpg

 

Lastly, the Secure Boot option is something that is always enabled by default on all machines that come with a Windows 8/8,1 sticker from manufacturer. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.

 

Quick summary of the Secure Boot feature:

 

  • UEFI allows firmware to implement a security policy.
  • Secure boot is a UEFI protocol not a Windows 8 feature.
  • UEFI secure boot is part of Windows 8 secured boot architecture.
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure.
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components.
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform.
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows.

I will go deeper into the Secure Boot settings and functionality in Part 3, where the OS installation will be the topic, but unless you‘re clean installing a new OS or upgrading from Windows 7 to Windows 8, these settings as well as the OS Optimized Default setting on the Restart screen can be left at their defaults.

 

WP_20150407_17_01_24_Pro.jpgWP_20150407_17_07_08_Pro.jpg

 

The Startup section is one that I always clean up and only leave the boot devices I regularly use active on the Boot Priority Order. Don‘t use it? Lose it. This eliminates your machine having to go through all possible boot options on cold boot / restart but a temporary boot device can always be selected through the F12 Boot Menu if you need to boot your machine from a device you don‘t regularly use.

 

I use my machine as UEFI OS only, as setting it up as dual booted Windows / Linux in UEFI mode has become much simpler, and effective in the last couple of years. However, dual booting a UEFI and a legacy OS, or legacy only is also an option, and will be further discussed in my next instalment.

 

For detailed information on the W540 System Setup, refer to the User Guide available here:

ThinkPad T540p and W540 - User Guide

 

Click here to read Part 1 of AtliJarl's mods to his W540, which is one of the machines we had passed to him for use.

3 Comments

Good write-up ;-)

Punch Card

Did we ever see a part III ? Great write up!

Paper Tape

Have a ThinkPad W540 that needs a bios update because it won't charge my 45N1153 9 cell 57++  battery. Can I update the bios without the battery in the Thinktpad because it is dead? The W540 runs on the charger alone. 

 

Or is there a plug to connect from the charger direct to the battery to charge it?

 

 

Check out current deals!


Shop current deals

About the Author