• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

About 300 MSI Motherboard Models Have a Faulty Secure Boot Implementation with Certain UEFI Firmware Versions

BatRastard

BatRastard

Joined
Oct 8, 2022
Messages
43 (0.05/day)
Location
Michigan
System Specs
System Name Edna
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte Aorus B650E Elite X AX ICE
Cooling Thermalright Peerless Assassin 120 ARGB
Memory 32GB (2x16) Corsair 6000 Mhz DDR5
Video Card(s) Sapphire Pure RX 7900GRE
Storage 500GB WD SN570 SE, 2TB Crucial P3, 3TB Seagate USB + Hub
Display(s) LG Ultragear 32GN600-B
Case NZXT H6 Flow
Audio Device(s) SoundBlaster ZxR
Power Supply Be Quiet Pure Power 12 M 1000 Watt
Mouse Elecom Trackball
Keyboard MageGee MK Star
Software Windows 11 24H2 Beta, OpenSUZE Tumbleweed
Benchmark Scores Cinebench r23 = 18080
I actually discovered MSI's Secure Boot issues in October 2021 when I tried to get enroll Ventoy's MOK Manager to no avail on my B550 A-PRO. The BIOS that shipped with the board was from January and when I updated to AGESA 1.2.0.3c, Secure Boot stopped Ventoy dead. I gave up until I flashed to AGESA 1.2.0.6 and this BIOS triggered a language corruption bug in the BIOS if an ExFat USB was inserted, so I didn't trust testing to see if Ventoy would enroll. Finally, MSI released AGESA 1.2.0.7 in June and later re-released another AGESA 1.2.0.7 in August and this BIOS enrolled Ventoy's MOK Manager right out of the gate. The changelog on these BIOS releases were the same: "Windows 11 Support. Change the default setting for Secure Boot" This is where MSI blanket changed the default policy from "Query User" to "Always Execute" but never said a peep about that in the changelog ...

EDIT: ROFLMAO

https://www.reddit.com/r/MSI_Gaming/comments/10g9v3m
 
Last edited:
  • Like
Reactions: aQi
dawidpotocki

dawidpotocki

New Member
Joined
Jan 20, 2023
Messages
2 (0.00/day)
DrCR said:
If it’s indeed an issue with only beta firmware, then this feels like a tempest in a thimble. Props to the dude for self marketing I guess.
Click to expand...
It's not an issue with beta firmware, it's just where it has been introduced first for a lot of motherboards. A lot of stable firmware released after September 2021 is affected.

Bjørgersson said:
How did he test ~300 motherboards?
Click to expand...
I have mentioned this in my blog post.

MSI's (in)Secure Boot - Dawid Potocki

dawidpotocki.com dawidpotocki.com
TL;DR: Extracting information from firmware files.

Juventas said:
In his original article he has added this:


I see this story is everywhere now. Did none of them read the original article? https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
Click to expand...
Hah, only The Register has read my original article. Their reporter also contacted me via email about the issue and was very responsive. Overall he has done a really good job. They ended up publishing the article later than others, but they noticed my article on 13th, the day I have published it, they just had some other story come up and had to delay it.
Most sites have copied from BleepingComputer which had the same mistakes as some other smaller site which made an article earlier by like 12 hours… weird, isn't it?
 
Last edited:
DrCR

DrCR

Joined
Aug 26, 2019
Messages
571 (0.29/day)
dawidpotocki said:
It's not an issue with beta firmware, it's just where it has been introduced first for a lot of motherboards. A lot of stable firmware released after September 2021 is affected.
Click to expand...
Gotcha, makes some of the statements make a lot more sense.

Welcome to the forum.
 
eidairaman1

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,537 (6.67/day)
Location
Republic of Texas (True Patriot)
System Specs
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Msi, failing since 2010...
 
  • Like
Reactions: aQi
AusWolf

AusWolf

Joined
Jan 14, 2019
Messages
12,553 (5.80/day)
Location
Midlands, UK
System Specs
System Name Nebulon B
Processor AMD Ryzen 7 7800X3D
Motherboard MSi PRO B650M-A WiFi
Cooling be quiet! Dark Rock 4
Memory 2x 24 GB Corsair Vengeance DDR5-4800
Video Card(s) AMD Radeon RX 6750 XT 12 GB
Storage 2 TB Corsair MP600 GS, 2 TB Corsair MP600 R2
Display(s) Dell S3422DWG, 7" Waveshare touchscreen
Case Kolink Citadel Mesh black
Audio Device(s) Logitech Z333 2.1 speakers, AKG Y50 headphones
Power Supply Seasonic Prime GX-750
Mouse Logitech MX Master 2S
Keyboard Logitech G413 SE
Software Bazzite (Fedora Linux) KDE
If secure boot wasn't worthless (on a home PC at least), this flaw would have been discovered a long time ago.
 
You must log in or register to reply here.
Top