One of the most important security features that Microsoft mandated as a system requirement for Windows 11 was Secure Boot. The idea behind Secure Boot is to prevent malware from installing when a system boots. This is done only by verifying trusted (signed) drivers and Windows boot files. But the Secure Boot settings on MSI’s motherboards seem to have been set incorrectly for over a year.
Secure Boot issue on MSI motherboards
Polish security researcher Dawid Potocki discovered the problem on an MSI Pro Z790-A WiFi. Potocki found that MSI changed the Secure Boot default settings as part of the January 18, 2022 firmware update (version 7C02v3C), with all options under “Display Execution Policy” in the Secure Boot settings set to “Always Execute”. This means that the motherboard will accept and boot any OS image, reliable or not.
More than 290 MSI motherboard models have problems
According to the information Potocki has revealed, the number of MSI motherboard models with insecure settings is more than 290. To see the full list, you can visit here.
If you are using an MSI motherboard in this list, go to BIOS settings and check if “Display Execution Policy” is set to a safe option. If the ‘Always Execute’ option is enabled, we recommend that you manually change it and keep your motherboard’s BIOS version up to date.