MSI Preps Motherboard Firmware to Fix Widespread Secure Boot Bug

MEG X670E Ace
MEG X670E Ace (Image credit: MSI)

MSI has assured users on Reddit that the company will soon deploy a fix for a Secure Boot bug affecting a plethora of AMD and Intel motherboards. The new firmware will rectify the error and enforce tighter security settings.

A recent discovery showed that MSI accidentally nuked Secure Boot's functionality due to a small blunder in the firmware. The manufacturer configured the "Image Execution Policy" setting to "Always Execute," rendering Secure Boot useless under the current default settings. As a solution to the slip-up, MSI will roll out a new firmware that utilizes "Deny Execute" as the default setting.

MSI posted the following statement on the MSI Gaming subreddit (opens in new tab):

"MSI implemented the Secure Boot mechanism in our motherboard products by following the design guidance defined by Microsoft and AMI before the launch of Windows 11. We preemptively set Secure Boot as Enabled and "Always Execute" as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems with thousands (or more) of components that included their built-in option ROM, including OS images, resulting in higher compatibility configurations. For users who are highly concerned about security, they can still set "Image Execution Policy" as "Deny Execute" or other options manually to meet their security needs."

"In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with 'Deny Execute' as the default setting for higher security levels. MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs."

Although MSI's new firmware will fully restore Secure Boot's function, users can still go into the BIOS and fiddle with the individual settings themselves. Unfortunately, the motherboard vendor didn't specify an exact date on when the new firmware will be available to users. However, given the severity of the issue, it shouldn't be long before the rollout commences.

Zhiye Liu
RAM Reviewer and News Editor

Zhiye Liu is a Freelance News Writer at Tom’s Hardware US. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

  • digitalgriffin
    Let's put airbags in the car and then disconnect the sensors. Airbags just get in your way. Am I right?
    Reply
  • Predictable
    I fail to see why this is an issue for anyone with common sense.
    Reply