About 300 MSI Motherboard Models Have a Faulty Secure Boot Implementation with Certain UEFI Firmware Versions

BatRastard · Jan 19, 2023

I actually discovered MSI's Secure Boot issues in October 2021 when I tried to get enroll Ventoy's MOK Manager to no avail on my B550 A-PRO. The BIOS that shipped with the board was from January and when I updated to AGESA 1.2.0.3c, Secure Boot stopped Ventoy dead. I gave up until I flashed to AGESA 1.2.0.6 and this BIOS triggered a language corruption bug in the BIOS if an ExFat USB was inserted, so I didn't trust testing to see if Ventoy would enroll. Finally, MSI released AGESA 1.2.0.7 in June and later re-released another AGESA 1.2.0.7 in August and this BIOS enrolled Ventoy's MOK Manager right out of the gate. The changelog on these BIOS releases were the same: "Windows 11 Support. Change the default setting for Secure Boot" This is where MSI blanket changed the default policy from "Query User" to "Always Execute" but never said a peep about that in the changelog ...

EDIT: ROFLMAO

MSI Statement on Secure Boot
by u/MSI_TechK in MSI_Gaming

dawidpotocki · Jan 20, 2023

DrCR said:
If it’s indeed an issue with only beta firmware, then this feels like a tempest in a thimble. Props to the dude for self marketing I guess.

It's not an issue with beta firmware, it's just where it has been introduced first for a lot of motherboards. A lot of stable firmware released after September 2021 is affected.

Bjørgersson said:
How did he test ~300 motherboards?

I have mentioned this in my blog post.

MSI's (in)Secure Boot - Dawid Potocki

dawidpotocki.com

TL;DR: Extracting information from firmware files.

Juventas said:
In his original article he has added this:

I see this story is everywhere now. Did none of them read the original article? https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/

Hah, only The Register has read my original article. Their reporter also contacted me via email about the issue and was very responsive. Overall he has done a really good job. They ended up publishing the article later than others, but they noticed my article on 13th, the day I have published it, they just had some other story come up and had to delay it.
Most sites have copied from BleepingComputer which had the same mistakes as some other smaller site which made an article earlier by like 12 hours… weird, isn't it?

DrCR · Jan 20, 2023

dawidpotocki said:
It's not an issue with beta firmware, it's just where it has been introduced first for a lot of motherboards. A lot of stable firmware released after September 2021 is affected.

Gotcha, makes some of the statements make a lot more sense.

Welcome to the forum.

eidairaman1 · Jan 20, 2023

Msi, failing since 2010...

AusWolf · Jan 21, 2023

If secure boot wasn't worthless (on a home PC at least), this flaw would have been discovered a long time ago.

System Name	Edna
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte Aorus B650E Elite X AX ICE
Cooling	Thermalright Peerless Assassin 120 ARGB
Memory	32GB (2x16) Corsair 6000 Mhz DDR5
Video Card(s)	Sapphire Pure RX 7900GRE
Storage	500GB WD SN570 SE, 2TB Crucial P3, 3TB Seagate USB + Hub
Display(s)	LG Ultragear 32GN600-B
Case	NZXT H6 Flow
Audio Device(s)	SoundBlaster ZxR
Power Supply	Be Quiet Pure Power 12 M 1000 Watt
Mouse	Elecom Trackball
Keyboard	MageGee MK Star
Software	Windows 11 24H2 Beta, OpenSUZE Tumbleweed
Benchmark Scores	Cinebench r23 = 18080

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64

System Name	My second and third PCs are Intel + Nvidia
Processor	AMD Ryzen 7 7800X3D @ 45 W TDP Eco Mode
Motherboard	MSi Pro B650M-A Wifi
Cooling	Noctua NH-D9L chromax.black
Memory	2x 24 GB Corsair Vengeance DDR5-6000 CL36
Video Card(s)	PowerColor Reaper Radeon RX 9070 XT
Storage	2 TB Corsair MP600 GS, 4 TB Seagate Barracuda
Display(s)	Dell S3422DWG 34" 1440 UW 144 Hz
Case	Corsair Crystal 280X
Audio Device(s)	Logitech Z333 2.1 speakers, AKG Y50 headphones
Power Supply	750 W Seasonic Prime GX
Mouse	Logitech MX Master 2S
Keyboard	Logitech G413 SE
Software	Bazzite (Fedora Linux) KDE Plasma

About 300 MSI Motherboard Models Have a Faulty Secure Boot Implementation with Certain UEFI Firmware Versions

BatRastard

dawidpotocki

New Member

MSI's (in)Secure Boot - Dawid Potocki

DrCR

eidairaman1

The Exiled Airman

AusWolf