Shulou(Shulou.com)11/24 Report--

CTOnews.com January 22 news, security experts found that some MSI motherboard BIOS / UEFI although provides Secure Boot, but only to meet the requirements of running Win11 system. Even if the user chooses to enable Secure Boot, it is actually disabled, meaning there is a risk of running malware.

The option to turn Secure Boot on / off is provided on the affected MSI motherboard, and the default value for Image Execution Policy is "Always Execute". The problem, however, is that the booted operating system image is not checked after turning on this feature, so unsigned components can be booted.

Security expert Davyd Potok (Dawid Potock) wrote:

The default settings provided by MSI in the BIOS / UEFI menu are disappointing and will not take effect even if enabled. It exists only to meet the requirements of running Win11, and the operating system will not know whether Secure Boot is actually enabled or not, and can skip it after it is detected as "enabled".

CTOnews.com small class:

Secure startup is a security standard developed by members of the computer industry to help ensure that devices are started only with software trusted by the original equipment manufacturer (OEM). When the computer starts, the firmware checks the signature of each startup software fragment, including the UEFI firmware driver (also known as option ROM), the EFI application, and the operating system. If the signature is valid, the computer will boot and the firmware will transfer control to the operating system.

OEM can use instructions provided by the firmware manufacturer to create a secure boot key and store it in the computer firmware. When you add UEFI drivers, you also need to ensure that they are signed and included in the secure startup database.

Update:

After being reminded by netizens, Weixing has responded. In addition, according to Wccftech, some other brands have a similar situation with specific BIOS versions of motherboards.

MSI implements the Secure Boot mechanism in its motherboard products, following the design guidelines defined by Microsoft and AMI before the release of Windows 11.

MSI enables Secure Boot by default and uses "Always Execute" as the default setting option to provide a user-friendly environment that allows multiple end users to flexibly build their PC systems with thousands (or more) components, including their built-in option ROM, including operating system mirroring, for higher compatibility configurations.

For users who are highly concerned about security, they can still manually set 'Image Execution Policy' to' Deny Execute' or other options to meet their security needs.

In response to reports of security issues with preset BIOS settings, MSI will launch a new BIOS file for our motherboard with "Deny Execute" as the default setting for a higher security level.

MSI will also keep a full-featured secure startup mechanism for end users in BIOS so that they can modify it according to their needs.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.