Well, I got my ThinkBook 15 Gen2 ITS laptop back from the Lenovo repair center in Texas yesterday.
Unfortunately, it seems they either wiped the SSD or replaced it. Sometimes they solder everything in and have to replace everything, and the dumb thing about this is that the whole thing happened over a USB port failing.
So I get the thing back and set it up and then realize that the BIOS has been reverted to the 1.05 release that shipped with the ThinkBook 15 Gen2 ITL back in November of last year, so I updated it to the 1.12 BIOS that Lenovo recommends, which includes many bug fixes, not the least of which is to mitigate some RowHammer exploits, which are rather nasty and yet another one of the lulz that malware writers are exploiting now.
With operating systems in general tending to become more secure, they’ll take what they can get, and such attacks are no longer theoretical. People really need to mitigate before the damage happens. Once you’re actively exploited, it’s too late.
Unfortunately, the same BIOS version that updated the older motherboard just fine bricked Windows 10 with an “Inaccessible Boot Drive” Blue Screen of Death. Since the repair center returned it to me without any of my data on it anyway, I booted off a recovery stick and told it to “Reset This PC” from the built-in recovery partition. (Although I could have used the stick too since I always back up system files and make a new stick image whenever there’s a major new Windows update out)
I don’t feel that we should be running into issues like this with supported BIOS updates and the supported OS, but that’s Microsoft and Lenovo for you. Just, thank God nothing important got messed up. If you are going to update the BIOS on these things, do it while you still have a warranty and preferably before you do anything else with the PC, and be prepared to recover the OS.
Other than that several hours of waiting, everything now appears to be running normally.
The good part about this was that Lenovo was super fast about repairing the _hardware_ problems with my laptop and getting it back to me considering the supply chain mess that is still going on in the wake of COVID, and I feel the tech was good at communicating what was happening at each phase. They gave me enough of a heads up that it was coming back that I could log into FedEx and quickly reroute my laptop to a local FedEx office at the Walmart so that nobody would run off with my laptop, and then I wouldn’t have a laptop.
I felt that they could improve somewhat by making sure that when a new main board is required, that it is running the current firmware (BIOS) before it goes out, as this is a dangerous procedure for the customer to get into because Windows (especially with Bitlocker, Secure Boot, TPMs, etc.) is more fragile than ever, and you risk a pissed off customer not understanding why the BIOS update failed. (Though why should it? Lenovo said you should install it on their support website.)
I feel that the stock BIOS version in this laptop was just too buggy to ship and especially since not all of the problems (including panel flickering and keyboard backlight oddities) were things that the OS could just go “Welp! That sucks. Applying workaround!”.
I rate Lenovo Warranty Service 4/5 and I’m taking a star away here because I had to figure out why Windows couldn’t read my boot drive after a BIOS update.
As an aside…. (This has nothing to do with Lenovo.)
To show how devoted to quality Microsoft is, Windows 10 will pull in a “Western Digital SES driver” that includes “prewin8” which I take to mean was built for Windows 7 or something, if you have a Western Digital EasyStore hard drive. This interferes with a Windows security feature called memory integrity (part of Core Isolation), and forces it off, so I not only had to uninstall the “SES” device from Device Manager, but also tell it to uninstall the driver itself from the disk to make sure it didn’t come back. Windows Update now lists it as an “Optional Driver”.
After removing this, I was able to turn on memory isolation and reboot. Interestingly, it appears to be an anti-rootkit feature that runs the Windows kernel in HyperV, using hardware virtualization. From what I’ve been able to gather, this improves security at the cost of getting in the way of some third party virtual machines. 
But since I don’t use those, why not?
I’m not really looking forward to Windows 11. Microsoft has a bad history with promising major improvements and then leaving users with major headaches and an OS that turned out to be massively oversold on the features front. But they also threaten to cut you off at the knees by restricting new features from landing if you stay on Windows 10.
Then again, enough people always hold out, that popular programs like foobar2000 only recently fully moved over to the audio model of Windows 7.
Microsoft claims to have stringent “Windows Hardware Quality Labs” standards for drivers that end up in Windows Update, and to be fair, unless you are having a problem or know what you’re doing, you might be best off leaving it alone, but in reality it gives you the driver that time forgot, sometimes it’s not even important (my backup hard drive works fine without the SES driver), and under no circumstances should old drivers interfere with important security features.
BaronHK's Rants 
Pingback: #Lenovo repair center returned my laptop. BIOS update immediately b… | Dr. Roy Schestowitz (罗伊)
Pingback: Links 15/7/2021: Netflix in Gaming (DRM) | Techrights
Pingback: Switched from Windows 10 to Debian 11 on Lenovo ThinkBook 15 Gen2 ITL. Plus, thoughts on Ubuntu and Fedora. – BaronHK's Rants