Nearly 300 MSI motherboards will run any code in Secure Boot, no questions asked - The Register

Trending 1 week ago

The Secure Boot process connected astir 300 antithetic PC motherboard models manufactured by Micro-Star International (MSI) isn't secure, which is peculiarly problematic erstwhile "Secure" is portion of the process description.

Dawid Potocki, an unfastened root information researcher and pupil based successful New Zealand, found past month that immoderate MSI motherboards with definite firmware versions let arbitrary binaries to footwear contempt Secure Boot argumentation violations.

Secure Boot is simply a PC information modular intended to guarantee that devices footwear lone bundle trusted by the shaper of the hardware. The instrumentality firmware is expected to cheque the cryptographic signature of each portion of footwear software, including UEFI firmware drivers, EFI applications, and the operating system.

That's the theory, anyway.

"On 2022-12-11, I decided to acceptable up Secure Boot connected my caller desktop with [the] assistance of sbctl, [the unafraid footwear cardinal manager connected Linux]," Potocki explained successful a blog post past week. "Unfortunately I person recovered that my firmware was… accepting each OS representation I gave it, nary substance if it was trusted oregon not."

After uncovering that the MSI PRO Z790-A WIFI failed to verify binaries, Potocki began looking into different MSI motherboards to spot if they had likewise lax settings. He recovered close to 300.

According to Potocki, MSI by default sets "Always execute" connected argumentation usurpation for everything, making Secure Boot worthless nether default settings. In an email to The Register, Potocki confirmed that the motherboards helium listed successful his GitHub issues station are inactive affected.

"[MSI's] laptops are not affected, lone their desktop motherboards," Potocki wrote. "I fishy this is due to the fact that they astir apt knew that Microsoft wouldn't o.k. of it and/or that they get little tickets astir Secure Boot causing issues for their users."

  • Microsoft's Secure Boot hole sends immoderate PCs into BitLocker Recovery
  • Intel Alder Lake BIOS codification leak whitethorn incorporate captious secrets
  • Microsoft tries again to ignite involvement successful DevOps unreality security
  • ESET uncovers vulnerabilities successful Lenovo laptops

He allows that helium whitethorn person missed immoderate models, but says users of MSI boards should beryllium capable to conjecture based connected different affected motherboards utilizing the aforesaid chipset that were built astir the aforesaid time.

"The database consists mostly of beta firmware versions arsenic they often were the archetypal to present this issue," said Potocki. "I could person missed some, arsenic getting beta firmware required maine to conjecture URLs connected which they reside, arsenic MSI removes links to them aft immoderate clip from their 'Support' page."

He added that he's unaware of immoderate firmware physique earlier September 2021 that would beryllium affected.

Potocki said helium tried to interaction Taiwan-based MSI astir his findings but hasn't heard back. He added that helium has requested a CVE related to the usage of insecure defaults.

"They didn't get successful interaction with maine and I judge that they made this alteration deliberately, which conscionable makes it worse," helium said. "This is due to the fact that I'm not definite however they would bash it by mistake and besides person it walk their testing."

He added that helium tried to usage MSI's web ticketing strategy and email, and adjacent tried to interaction the institution done Twitter. But helium has received nary response.

The Register's effort to interaction MSI has besides not prompted immoderate response. ®

Source Technology Google
Technology Google