MSI Secure Boot goes haywire for a whole host of motherboards
>
The latest firmware update for MSI motherboards broke an important security feature, leaving countless computers at risk for malware (opens in new tab) and other threats, a security expert has claimed.
Researcher Dawid Potocki discovered that the recently released firmware update version 7C02v3C has changed the default Secure Boot setting on MSI motherboards, allowing the boot process to run even software that is not signed or has had its signature changed due to changes.
In other words, software that would otherwise have stopped because it was malicious is now allowed to run.
Change the default settings
“I decided to set up Secure Boot on my new desktop using sbctl. Unfortunately, I found that my firmware accepted any OS image I gave it, whether it was trusted or not,” Potocki wrote. “As I later found out on 12/16/22, it wasn’t just broken firmware; MSI had changed their Secure Boot defaults to allow booting on security violations (!!).”
The firmware setting changed with the latest patch was “Image Execution Policy”, which now defaults to “Always Execute”. According to Potocki, users should set the execution policy to “Deny execution” for “Removable Media” and “Fixed Media”. That way, only signed software can run on startup.
Potocki went on to claim that MSI never documented the change, but found after some detective work that nearly 300 models were affected, including many Intel and AMD-based motherboards. Even some brand new devices are affected, he added.
Secure Boot is MSI’s security system built to prevent UEFI malware, such as bootkits and rootkits. This type of malware is particularly dangerous because even wiping the operating system does not remove it from the device.
MSI is currently silent on the matter, but should the company respond to media inquiries, we will update the article accordingly.
Through: Beeping computer (opens in new tab)