MSI accidentally disabled Secure Boot on hundreds of its motherboards. Secure Boot is a security feature that helps protect against malicious software by ensuring that only software with a valid signature can run on a computer.
The accident happened when MSI released a firmware update that made it possible for a computer to boot an operating system that has been tampered with. This puts over 290 motherboards at risk of running insecure operating systems. A security researcher discovered the issue and contacted MSI, but did not receive a response. This suggests that the company has not yet fixed the problem. The issue affects many Intel and AMD motherboards.
Dawid Potocki, a Polish security researcher, made the discovery recently. The researcher stated that he contacted MSI but received no response, implying that the motherboard manufacturer has not yet fixed its Secure Boot.
At a high level, many Intel and AMD motherboards are affected. Potocki has compiled a comprehensive list in a GitHub issue.
Update: MSI has recently mentioned on Reddit that they have implemented Secure Boot in accordance with Microsoft and AMI guidelines ahead of the launch of Windows 11. To minimize potential compatibility issues, the company has chosen to set the options as "Always Execute" by default.
However, for those who prioritize the security of their system, there is the option to choose "Deny Execute" in the relevant settings. Additionally, MSI will be releasing BIOS updates that will have "Deny Execute" as the default setting while still allowing users to manually adjust it.
Oops: Secure Boot Disabled on 290 MSI Motherboards (updated)