MSI Clarifies Its Position on Secure Boot Implementation On Nearly 300 Motherboards, Others Including ASUS Might Be Affected Too
The Secure Boot functionality on the latest motherboards makes sure that only software/code that is trusted by the hardware vendor is booted by the device. Firmware embedded in the hardware is meant to run through cryptographic signature which includes UEFI drivers, EFI applications, and the OS. According to The Register, Potocki posted an extensive blog post where he detailed his findings on the 300 or so motherboards he tested. His findings showed that around 300 MSI motherboards running some specific firmware versions will allow booting binaries on policy violations by default, thereby not providing any additional security compared to having Secure Boot disabled. The full list of motherboards that feature this implementation can be seen here. Now MSI has an official statement on the matter posted over at MSI’s Gaming subreddit that can be read below: We have information available which shows that a similar implementation might also affect boards from other manufacturers such as ASUS and Gigabyte running on specific Firmware versions. Note that just like in MSI’s case, this firmware is tagged as BETA and not an official release. In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with ”Deny Execute” as the default setting for higher security levels. MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs. via MSI Gaming Reddit ASUS Secure Boot Violation: Gigabyte Secure Boot Violation: he following testing methodology was used for the ASUS and Gigabyte tests: MSI has also mentioned that users can still set the necessary option manually through their BIOS but they will also be rolling out new BIOS that enables the ‘Deny Execute’ parameter to be set by default. The new BIOS will also retain the fully functional Secure Boot mechanism within the BIOS for users to adjust it manually.