Skip to Content

Some MSI Motherboards Do Not Have Secure Boot Enabled by Default

Security researcher Dawid Potocki discovered that more than 300 motherboard models from MSI do not implement the Secure Boot feature by default, which means that they will allow any bootloader, signed or unsigned, to run. According to an MSI Reddit post, the company says they “preemptively set Secure Boot as Enabled and ‘Always Execute’ as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems.” MSI reportedly plans to release firmware updates that will change the default setting to “Deny Execute.”

Image Execution Policy in MSI BIOS

Image Execution Policy set to always execute by default in MSI BIOS

Note

  • Classic “usability vs security” issue. Disabling full Secure Boot protection will cause more support queries from users attempting to use a boot loader / operating system not sanctioned by MSI or the OEM.
  • Organizations count on OEMs to ship their products properly configured. The troubling bit is that this configuration change, made by MSI, resulted in secure boot being irrelevant and users of the product were unaware. Lately, CISA has been talking about shifting the security burden (secure, transparent, and sustainable) from the end user to the vendor. Here’s an example where configuration control processes need to be reinforced and tested prior to shipping, else the security shift can become a potential supply chain attack.

Read more in

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.