Enable Secure Boot to protect systems from UEFI rootkit ‘CosmicStrand’

Security Vulnerabilities: UEFI firmware

Aug 26, 2022

GIGABYTE acknowledges security vulnerabilities affecting modern consumer and enterprise products that use UEFI, which has Secure Boot feature that traditional BIOS lacks. Enabling Secure Boot will ensure system integrity for GIGABYTE products that have Secure Boot disabled by default.

Steps to enable Secure Boot:

  1. Boot into the BIOS
    Security -> Secure Boot
  2. Check system mode
    1. System Mode select User/Deployed and set “Secure Boot” to enabled
    2. Setup or audit mode:
      1. Run “Restore Factory Keys”, switch to “User Mode”
      2. Set “Secure Boot” to enabled
      3. Save and exit setup

How to check Secure Boot is enabled:

  1. Not able to boot to EFI Shell
  2. Under Windows
    1. Press: Win + R
    2. Key in “msinfo32” to open System Information
    3. Confirm “Secure Boot” is enabled