One of the latest MSI UEFI updates accidentally disabled Secure Boot technology on hundreds of its motherboards, reports Bleeping Computer. As a consequence, over 290 motherboards for AMD and Intel processors can run insecure operating systems, which can be harmful.
MSI's firmware update version 7C02v3C released on January 18, 2022, comes with Image Execution Policy set to 'Always Execute' by default, which allows the PC to boot an operating system that lacks proper signature by its developer. This means that a computer can boot an OS that may have been tampered with, which is an insecure policy as the operating system may be infected or have malicious intent.
The discovery was recently made by Polish security researcher named Dawid Potocki. The researcher noted that he contacted MSI, but did not receive any response, which essentially means that so far the motherboard maker has not fixed its Secure Boot.
"If you are curious, yes, I have tried contacting MSI about this issue, but they ignored my emails and other forms of communication I have tried," said Potocki.
At a high level we can see that many Intel and AMD motherboards are affected. Potocki has compiled a complete list in an issue raised on GitHub.
- Every X670(E) motherboard
- Every B650(E) motherboard
- MEG X570S ACE MAX
- MEG X570S UNIFY-X MAX
- MPG X570S CARBON MAX WIFI / MPG X570S CARBON EK X
- B550 GAMING GEN3
- MAG B550 TOMAHAWK MAX WIFI
- PRO B550M-P GEN3
- PRO B550-P GEN3
- PRO B550-VC
- Every Z790 motherboard
- Every B760 motherboard
- MEG Z590 UNIFY-X
- MAG B660M MORTAR MAX WIFI DDR4
- PRO B660M-A CEC WIFI DDR4 V2
- PRO H610M 12VO
- PRO H610M VDHP DDR4
- PRO H610M-E DDR4
- PRO H410M-B
The Secure Boot technology is designed to ensure that only operating systems that are trusted by the PC can boot. When the PC starts up, the Secure Boot firmware checks the signature of each piece of boot software, including UEFI firmware drivers, EFI applications, and the operating system. If the signatures are valid, the PC boots, and the firmware gives control to the operating system. If signatures are not valid, the PC is not going to start. Meanwhile, firmware update version 7C02v3C essentially disables Secure Boot and allows all applications to boot even if they are infected.
The smart thing to do right now would be to check your BIOS settings "Image Execution Policy" to ensure that your system is safe. We are hopeful that an update will soon be released to resolve this issue.