Oops: Secure Boot Disabled on 290 MSI Motherboards (updated)

Published by

teaser

MSI accidentally disabled Secure Boot on hundreds of its motherboards. Secure Boot is a security feature that helps protect against malicious software by ensuring that only software with a valid signature can run on a computer. 



The accident happened when MSI released a firmware update that made it possible for a computer to boot an operating system that has been tampered with. This puts over 290 motherboards at risk of running insecure operating systems. A security researcher discovered the issue and contacted MSI, but did not receive a response. This suggests that the company has not yet fixed the problem. The issue affects many Intel and AMD motherboards.

Dawid Potocki, a Polish security researcher, made the discovery recently. The researcher stated that he contacted MSI but received no response, implying that the motherboard manufacturer has not yet fixed its Secure Boot.

At a high level, many Intel and AMD motherboards are affected. Potocki has compiled a comprehensive list in a GitHub issue.

  • AMD:
    • Every X670(E) motherboard
    • Every B650(E) motherboard
    • X570:
      • MEG X570S ACE MAX
      • MEG X570S UNIFY-X MAX
      • MPG X570S CARBON MAX WIFI / MPG X570S CARBON EK X
    • B550:
      • B550 GAMING GEN3
      • MAG B550 TOMAHAWK MAX WIFI
      • PRO B550M-P GEN3
      • PRO B550-P GEN3
      • PRO B550-VC
  • Intel:
    • Every Z790 motherboard
    • Every B760 motherboard
    • Z590:
      • MEG Z590 UNIFY-X
    • B660:
      • MAG B660M MORTAR MAX WIFI DDR4
      • PRO B660M-A CEC WIFI DDR4 V2
    • H610:
      • PRO H610M 12VO
      • PRO H610M VDHP DDR4
      • PRO H610M-E DDR4
    • H410:
      • PRO H410M-B
The "Image Execution Policy" in the BIOS should be checked right now to make sure the system is secure. We anticipate that an update fixing this problem will be made available soon.

UpdateMSI has recently mentioned on Reddit that they have implemented Secure Boot in accordance with Microsoft and AMI guidelines ahead of the launch of Windows 11. To minimize potential compatibility issues, the company has chosen to set the options as "Always Execute" by default.

However, for those who prioritize the security of their system, there is the option to choose "Deny Execute" in the relevant settings. Additionally, MSI will be releasing BIOS updates that will have "Deny Execute" as the default setting while still allowing users to manually adjust it.

Oops: Secure Boot Disabled on 290 MSI Motherboards (updated)


Share this content
Twitter Facebook Reddit WhatsApp Email Print