Secure Boot is an industry standard for ensuring that Windows devices don’t load malicious firmware or software during the startup process. If you have it turned on—as you should in most cases, and it’s the default setting mandated by Microsoft—good for you. If you’re using one of more than 300 motherboard models made by manufacturer MSI in the past 18 months, however, you may not be protected.
Introduced in 2011, Secure Boot establishes a chain of trust between the hardware and software or firmware that boots up a device. Prior to Secure Boot, devices used software known as the BIOS, which was installed on a small chip, to instruct them how to boot up and recognize and start hard drives, CPUs, memory, and other hardware. Once finished, this mechanism loaded the bootloader, which activates tasks and processes for loading Windows.
The problem was: The BIOS would load any bootloader that was located in the proper directory. That permissiveness allowed hackers who had brief access to a device to install rogue bootloaders that, in turn, would run malicious firmware or Windows images.