- Joined
- Oct 9, 2007
- Messages
- 47,291 (7.53/day)
- Location
- Hyderabad, India
System Name | RBMK-1000 |
---|---|
Processor | AMD Ryzen 7 5700G |
Motherboard | ASUS ROG Strix B450-E Gaming |
Cooling | DeepCool Gammax L240 V2 |
Memory | 2x 8GB G.Skill Sniper X |
Video Card(s) | Palit GeForce RTX 2080 SUPER GameRock |
Storage | Western Digital Black NVMe 512GB |
Display(s) | BenQ 1440p 60 Hz 27-inch |
Case | Corsair Carbide 100R |
Audio Device(s) | ASUS SupremeFX S1220A |
Power Supply | Cooler Master MWE Gold 650W |
Mouse | ASUS ROG Strix Impact |
Keyboard | Gamdias Hermes E2 |
Software | Windows 11 Pro |
The UEFI Secure Boot feature is designed to prevent malicious code from executing during the system boot process, and has been a cybersecurity staple since the late-2000s, when software support was introduced with Windows 8. Dawid Potocki, a New Zealand-based IT student and cybersecurity researcher, discovered that as many as 300 motherboard models by MSI have a faulty Secure Boot implementation with certain versions of their UEFI firmware, which allows just about any boot image to load. This is, however, localized to only certain UEFI firmware versions, that are released as beta versions.
Potocki stumbled upon this when he found that his PRO Z790-A WiFi motherboard failed to verify the cryptographic signature boot-time binaries at the time of system boot. "I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not." He then began examining other motherboard models, and discovered close to 300 MSI motherboard models with a broken Secure Boot implementation. He clarified that MSI laptops aren't affected, and only their desktop motherboards are. Potocki says that affected MSI motherboards have an "always execute" policy set for Secure Boot, which makes the mechanism worthless, and theorized a possible reason. "I suspect this is because they probably knew that Microsoft wouldn't approve of it and/or that they get less tickets about Secure Boot causing issues for their users."
View at TechPowerUp Main Site | Source
Potocki stumbled upon this when he found that his PRO Z790-A WiFi motherboard failed to verify the cryptographic signature boot-time binaries at the time of system boot. "I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not." He then began examining other motherboard models, and discovered close to 300 MSI motherboard models with a broken Secure Boot implementation. He clarified that MSI laptops aren't affected, and only their desktop motherboards are. Potocki says that affected MSI motherboards have an "always execute" policy set for Secure Boot, which makes the mechanism worthless, and theorized a possible reason. "I suspect this is because they probably knew that Microsoft wouldn't approve of it and/or that they get less tickets about Secure Boot causing issues for their users."
View at TechPowerUp Main Site | Source