Most MSI motherboards will allow any code to run in a bizarrely insecure Secure Boot mode

News
By published

But the feature still works if you set the BIOS correctly.

MSI PRO Z790-A WIFI
(Image credit: MSI)

The Secure Boot feature on as many as 300 MSI motherboards reportedly doesn't work as you might expect—or as the feature is intended. Specifically, the motherboards will allow unvalidated firmware and operating systems to load when Secure Boot is enabled.

Open source security researcher Dawid Potocki (via El Reg) first discovered the problem when attempting to set up Secure Boot on an MSI PRO Z790-A WIFI. "Unfortunately I found my firmware was accepting every OS image I gave it, no matter if it was trusted or not," says Potocki.

That prompted him into checking other MSI motherboards and he found nearly 300 models had the same issue, including every AMD B650 and X670 and all Z790 and B760 Intel models. Yikes.

Secure Boot is technology designed to ensure that PCs only load software at boot that is trusted by the original manufacturer. More to the point, requiring Secure Boot to be enabled is increasingly a thing for PC games. FIFA 23 and Valorant are among titles that already require Secure Boot to be enabled.

MSI has responded to Potocki's findings with a full explanation of the current configuration on MSI boards, plus some changes planned for a future BIOS update:

"MSI implemented the Secure Boot mechanism in our motherboard products by following the design guidance defined by Microsoft and AMI before the launch of Windows 11. We pre-emptively set Secure Boot as Enabled and "Always Execute" as the default setting to offer a user-friendly environment that allows multiple end-users flexibility to build their PC systems with thousands (or more) of components that included their built-in option ROM, including OS images, resulting in higher compatibility configurations. For users who are highly concerned about security, they can still set "Image Execution Policy" as "Deny Execute" or other options manually to meet their security needs.

"In response to the report of security concerns with the preset bios settings, MSI will be rolling out new BIOS files for our motherboards with "Deny Execute" as the default setting for higher security levels. MSI will also keep a fully functional Secure Boot mechanism in the BIOS for end-users so that they can modify it according to their needs."

All of which means that Secure Boot does work correctly on MSI boards, but MSI has set it to allow all code to execute by default, even when Secure Boot is enabled. Only if you specifically tell the BIOS to deny execution will Secure Boot do the job for which it is intended. Having Secure Boot reporting as 'enabled' but not actually doing its job seems to be an odd way of going about things, that's for sure.

But at least you have the option of ensuring full security should you wish. And it does not appear that the problem will prevent any games from running.

Best CPU for gamingBest gaming motherboardBest graphics cardBest SSD for gaming


Best CPU for gaming: Top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits Best SSD for gaming: Get into the game first

Jeremy Laird
Jeremy Laird
Hardware writer

Jeremy has been writing about technology and PCs since the 90nm Netburst era (Google it!) and enjoys nothing more than a serious dissertation on the finer points of monitor input lag and overshoot followed by a forensic examination of advanced lithography. Or maybe he just likes machines that go “ping!” He also has a thing for tennis and cars.

Read more
MSI gaming PC
MSI B850 motherboards: The best choice for work or play
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
A screenshot from a promotional video for ASRock B860 motherboards
AMD and Intel launch mainstream and budget motherboard chipsets at CES but some of the codenames are so similar that I've already mistaken them for each other
ASRock X870 Steel Legend WiFi motherboard
Reddit reports of 9800X3D CPUs dying in ASRock motherboards are racking up fast, but a new BIOS update seemingly only addresses boot problems
Retro 1990s style beige desktop PC computer and monitor screen and keyboard. 3D illustration.
Microsoft nixes details of its Windows 11 TPM 2.0 security bypass though there are still other ways of getting the latest OS on 'unsupported' hardware
MSI MAG Z890 Tomahawk WIFI PZ
MSI intros cheaper 'back connect' Project Zero Intel motherboards for super-clean PC builds you might actually be able to afford
Latest in Motherboards
The PCIe slot on an Asus ROG Strix B850-F Gaming WiFi motherboard, showing the Q-release latch for GPUs.
Rejoice! PCI Express 7.0 hits 'final draft' status enabling bandwidth that you probably won't notice on devices that won't appear for years
A photo of an ASRock Z890 Taichi Lite motherboard
ASRock Z890 Taichi Lite review
A photo of the Asus TUF Gaming B860M-Plus WiFi motherboard
Asus TUF Gaming B860M-Plus WiFi review
A photo of an Asus ROG Strix B850-F Gaming WiFi motherboard
Asus ROG Strix B850-F Gaming WiFi review
Gigabyte X870E Aorus Pro motherboard with the SSD heatsinks detached and on a light desk.
Gigabyte X870E Aorus Pro review
Gigabyte Z890 Aorus Elite WiFi 7 Ice on a light desk with a white background and SSD covers removed.
Gigabyte Z890 Aorus Elite WiFi7 Ice review
Latest in News
helldivers 2
'Never thought I'd go back' Helldivers 2 players steel themselves to return to the site of its most infamous battle, Malevelon Creek
Several adventurers in World of Warcraft Classic's hardcore server crying over the death of a fallen comrade.
Blizzard plans to revive WoW Classic Hardcore characters 'at our sole discretion', after DDOS attack puts major streamer guild OnlyFangs in the ground
Assassin's Creed Shadows change seasons - An upper-body shot of Yasuke looking cheerfully up into the distance.
Assassin's Creed Shadows is a hit and Steam played a 'significant role' in that: 27% of activations were on PC and it's the 2nd-biggest AC launch of all time
Typing on internet search toolbar: What am I doing?
How a Microsoft exec managed to pitch Microsoft Word through the genius tactic of being able to actually use it in a 'type-off' demanded by clients: 'I was the only one who'd actually been a secretary'
The outlast trials setting
'You just have to make them think this world is real, and this world can hurt you': The Outlast Trials devs discuss a changing horror genre and an insatiable need for scares
Half-Life wallpaper - Gordon Freeman
Former Valve exec says the company struggled to sell Half-Life until coming up with the ultimate 'one simple trick' of marketing manoeuvres: slapping a 'Game of the Year' sticker on the box
More about motherboards
The PCIe slot on an Asus ROG Strix B850-F Gaming WiFi motherboard, showing the Q-release latch for GPUs.

Rejoice! PCI Express 7.0 hits 'final draft' status enabling bandwidth that you probably won't notice on devices that won't appear for years
A photo of an ASRock Z890 Taichi Lite motherboard

ASRock Z890 Taichi Lite review
Steel Hunters hands-on

Steel Hunters is like a more tactical Titanfall, but as an extraction shooter it's undermined by boring loot
See more latest
Most Popular
A collage of Radeon RX 9000 series graphics cards, as shown in AMD's promotional video for the launch of RDNA 4 at CES 2025
AMD's CEO claims 9070 XT sales are 10x higher than all previous Radeon generations but that's just for the first week of availability
A computer screen with program code warning of a detected malware script program. 3d illustration
Second Steam listing this year found hiding 'new and clever' malware. This time through a fake demo link on developer's website
Slides showing FSR 4's implementation in Space Marine 2 compared to previous versions
AMD says 'there is a ton of interest' in FSR 4 and that it is 'working very hard to make sure the next blockbusters that come out are enabled with FSR 4 technology'
Samsung 3D monitor
Samsung has a crack at ye olde glasses-free 3D monitor thing but it's new cheaper 49-inch ultrawide OLED is far more interesting
helldivers 2
'Never thought I'd go back' Helldivers 2 players steel themselves to return to the site of its most infamous battle, Malevelon Creek
Mark Zuckerberg announces Facebook renamed to Meta
'It's a bittersweet victory': Meta has been forced to stop ad-tracking one individual in the UK after settling a years-long court case
Assassin's Creed Shadows change seasons - An upper-body shot of Yasuke looking cheerfully up into the distance.
Assassin's Creed Shadows is a hit and Steam played a 'significant role' in that: 27% of activations were on PC and it's the 2nd-biggest AC launch of all time
Several adventurers in World of Warcraft Classic's hardcore server crying over the death of a fallen comrade.
Blizzard plans to revive WoW Classic Hardcore characters 'at our sole discretion', after DDOS attack puts major streamer guild OnlyFangs in the ground
The outlast trials setting
'You just have to make them think this world is real, and this world can hurt you': The Outlast Trials devs discuss a changing horror genre and an insatiable need for scares
Orange Pi 5 Plus single board computer
'Is this a practical way to play your Steam games? Nope, not even a little bit.' But getting Steam running on Armbian and a single board computer really is a thing