MSI has assured users on Reddit that the company will soon deploy a fix for a Secure Boot bug affecting a plethora of AMD and Intel motherboards. The new firmware will rectify the error and enforce tighter security settings.
A recent discovery showed that MSI accidentally nuked Secure Boot's functionality due to a small blunder in the firmware. The manufacturer configured the "Image Execution Policy" setting to "Always Execute," rendering Secure Boot useless under the current default settings. As a solution to the slip-up, MSI will roll out a new firmware that utilizes "Deny Execute" as the default setting.
MSI posted the following statement on the MSI Gaming subreddit (opens in new tab):
"MSI implemented the Secure Boot mechanism in our motherboard products by following the design guidance defined by Microsoft and AMI before the launch of Windows 11. We preemptively set Secure Boot as Enabled and "Always Execute" as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems with thousands (or more) of components that included their built-in option ROM, including OS images, resulting in higher compatibility configurations. For users who are highly concerned about security, they can still set "Image Execution Policy" as "Deny Execute" or other options manually to meet their security needs."
"In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with 'Deny Execute' as the default setting for higher security levels. MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs."
Although MSI's new firmware will fully restore Secure Boot's function, users can still go into the BIOS and fiddle with the individual settings themselves. Unfortunately, the motherboard vendor didn't specify an exact date on when the new firmware will be available to users. However, given the severity of the issue, it shouldn't be long before the rollout commences.