- Joined
- Oct 12, 2016
- Messages
- 25,359
Recently, there have been several reports where people updated to the latest BIOS for their MSI motherboard and encountered various - but similar - problems.
The most common problems being a blank screen when trying to enter the BIOS, and/or a blank screen until Windows is loaded, or not even getting a picture or a POST at all. When a PC speaker is connected, there may also be three beeps to be heard.
I tried to find the common denominator for the cause of these problems, and two things caught my attention:
- The BIOS changelog for the MSI boards that this happens with (both Intel- and AMD-based) includes the following: "Change the default setting of Secure Boot".
- All the affected users had an older graphics card.
Due to previous troubleshooting of similar issues when using an old graphics card in a modern motherboard, my suspicion immediately fell on that configuration as the trigger for the problems. Some users have in fact already confirmed my suspicion, which is why i'm writing this post, so i can warn more potentially affected users.
Which graphics cards can trigger the problems with the newest "Secure Boot" BIOS version?
Possibly a lot of graphics cards from 2018/2017 or older!
One commonly mentioned card is the RX 580. That model (and models older than that, of course) can definitely have problems in combination with this new BIOS.
The only cards that will almost surely be safe from any potential issues are from 2019 and newer. But for some older cards, there are solutions, i will list them further down.
I will try to explain the technical reasons behind this all to the best of my knowledge:
The newest BIOS has the feature "Secure Boot" enabled by default, which requires pure UEFI mode. A modern BIOS can be in two modes: Legacy/CSM mode (Compatibility Support Module), and the newer, more modern UEFI mode (Unified Extensible Firmware Interface). To be precise, there can also be a hybrid mode of CSM and UEFI where the board chooses the "correct" one, but let's focus on the two pre-set modes.
UEFI mode is preferable nowadays for a modern operating system like Windows 10 or 11, and Windows 11 even requires UEFI mode for the BIOS. But when a modern mainboard's BIOS is in UEFI mode, that can already cause certain problems with older graphics cards.
Why? Many of those older graphics cards don't have a so-called GOP driver in their firmware yet, they will only have a VBIOS. Or sometimes they have an outdated/buggy GOP. GOP means "Graphics Output Protocol" driver, VBIOS means "Video BIOS". VBIOS-only firmware was common until at least 2016 or 2017, and from then on they started adding a GOP driver to the graphics cards' firmwares. The term "GOP driver" can be misleading, it doesn't have anything to do with the graphics driver in Windows, it refers to part of the graphics card's firmware. An old graphics card that only has a VBIOS works well together with an old mainboard BIOS and an old OS such as Windows 7. But now, with the BIOS in UEFI mode and Windows 10 or 11, the missing GOP is causing problems. A buggy GOP implementation can cause the same problems, but that can be updated, more below.
The newer BIOS updates from MSI enable the "Secure Boot" feature by default, so it ups the requirements again, because now it wants the graphics card to have a GOP with a signature for the firmware. This is what is really triggering problems now, because the old cards often won't output a picture at all anymore in this environment. So there's no way of getting into the BIOS and changing settings to make the old card work again.
Why did MSI even change the default setting of Secure Boot from disabled to enabled?
Windows 11 has come along with some surprising new and strict requirements. MSI have reacted in several stages. First they decided to enable the firmware TPM 2.0 in recent BIOS versions (this is called "Windows 11 Supported" in the changelogs mostly found on Intel-based boards), and of course UEFI mode is the default for the BIOS for a while now. And now MSI also chose to enable Secure Boot by default. While UEFI mode is definitely a hard requirement for Windows 11, the enabled Secure Boot should still be somewhat optional for end users. But i guess MSI really want to make sure that the systems are as Windows-11-compatible as possible, with little to no extra work for the end user.
However, now with Secure Boot enabled, the graphics card not only needs to have a GOP in its firmware, the firmware also has to be properly signed to be allowed for Secure Boot, like i mentioned before. So by the motherboard having Secure Boot automatically enabled with the newest BIOS, it tries to enforce Secure Boot with a graphics card that's not properly prepared for it. The possible consequence of that is: No picture or POST anymore. This is not a fault or defect of the motherboard or BIOS! It is the consequence of enabling all the advanced settings and features that Windows 11 likes, and trying to enforce them with older graphics cards that are not fully compatible unless you modify their firmware.
So for now, with an old graphics card, one strategy could be to avoid updating to the latest BIOS (the one with "Change the default setting of Secure Boot" in the changelog).
But of course, this will prevent you from benefitting from the other bugfixes and improvements in this new BIOS and the following versions, so it's not ideal.
From MSI's side, the only fix would be to revert back to Secure Boot being disabled again in a newer BIOS, or not to fix it, and just add a warning to the new BIOS downloads on their site.
Another possibility is to prevent/fix it on the user side. To do that, these are the main options:
1) Updating the BIOS to a version that works (either to the version before this problematic one, or to a newer/beta version where they added a workaround for this issue).
On motherboards with the Flash BIOS Button, the BIOS can be updated or downgraded to pretty much any version at any time. So if there are such problems, they can be fixed using the Flash BIOS Button method (which is described in the motherboard manual) to downgrade to the BIOS version before the problematic one.
But: Not all motherboard models have this feature. The cheaper and older the board model, the less likely it is to have it.
If the board doesn't have it, then there's still a possibility to blind-flash the BIOS.
But the cleaner method is usually this:
2) Updating the graphics card's VBIOS/firmware with one that has a GOP, or a newer GOP version where this problem was solved.
For older NVIDIA cards, there's a convenient firmware updater (they mention DisplayPort on there, but it simply modifies the GPU firmware to prevents these kinds of issues). Here's another update for RTX 3060, 3080 Ti, 3090 Ti (if affected), and here's even one for 4080/4090. For NVIDIA GPUs that are too old to be supported by the firmware updater, they can still be manually updated with a GOP with the method from below, or maybe there is a firmware with a (newer) GOP already for download at TechPowerUp.
Updating the graphics card's VBIOS/firmware works as follows:
1) Save your VBIOS/firmware with GPU-Z, in it there's a button to save it to a file (to the right of the "BIOS version" box).
2) Download the latest GOP updater and extract the files.
3) Drag your VBIOS file onto the GOPupd batch file. Check what version your GOP is and what version the program has as the latest, it should be newer.
4) Update the VBIOS and save the updated VBIOS.
5) Flash it onto the card using the latest ATIFlash or NVFlash. With ATIFlash it's pretty easy, with NVFlash you may have to look up a guide, it's not as easy for NVIDIA cards.
It may sound a bit complicated, but this has a very high chance of success, afterwards the problem is usually solved.
Basically everyone i saw trying this method gave positive feedback afterwards.
Or of course:
3) Using a graphics card from 2019 or newer, which pretty much guarantees that it plays nice with the new BIOS. It might also work with the iGPU (integrated graphics).
This can also be done in case the BIOS was already updated and the first two options can't be used. Enter the BIOS with the new graphics card, disable Secure Boot, and try again with the old card. If that doesn't fix it, then using the newer card, downgrade the BIOS to the one before this version via M-Flash in the BIOS if possible, and the old graphics card should work again too.
4) Using an older CPU (yes, CPU) to be able to enter the BIOS and disable Secure Boot, see here.
If M-Flash doesn't allow a BIOS downgrade, then it's also worth trying to set the BIOS to CSM mode. This might also work around a potential secondary problem: If Windows was installed with the BIOS in CSM/Legacy mode before, then the newer BIOS version that enforces UEFI mode can't boot that Windows anymore without some further work. In that case, the EZ Debug LEDs on the board will also show the BOOT LED. This is not critical, it can be solved in a few ways. The more detailed explanation is here.
However, setting the BIOS to CSM mode is not a good idea in the long run, because Windows 11 will require UEFI mode. And with the support for Windows 10 ending in October 2025, there will be a time when we all have to start using Windows 11 (since Windows 10 will become too unsafe to use without updates). So by the end of 2025, there will have to be a permanent fix applied to those older graphics cards, usually in the form of a firmware update for them, otherwise they might cause problems again as the BIOS will have to be in UEFI mode for Windows 11.
Here are the first confirmations that my theories from above are correct:
The most common problems being a blank screen when trying to enter the BIOS, and/or a blank screen until Windows is loaded, or not even getting a picture or a POST at all. When a PC speaker is connected, there may also be three beeps to be heard.
I tried to find the common denominator for the cause of these problems, and two things caught my attention:
- The BIOS changelog for the MSI boards that this happens with (both Intel- and AMD-based) includes the following: "Change the default setting of Secure Boot".
- All the affected users had an older graphics card.
Due to previous troubleshooting of similar issues when using an old graphics card in a modern motherboard, my suspicion immediately fell on that configuration as the trigger for the problems. Some users have in fact already confirmed my suspicion, which is why i'm writing this post, so i can warn more potentially affected users.
Which graphics cards can trigger the problems with the newest "Secure Boot" BIOS version?
Possibly a lot of graphics cards from 2018/2017 or older!
One commonly mentioned card is the RX 580. That model (and models older than that, of course) can definitely have problems in combination with this new BIOS.
The only cards that will almost surely be safe from any potential issues are from 2019 and newer. But for some older cards, there are solutions, i will list them further down.
I will try to explain the technical reasons behind this all to the best of my knowledge:
The newest BIOS has the feature "Secure Boot" enabled by default, which requires pure UEFI mode. A modern BIOS can be in two modes: Legacy/CSM mode (Compatibility Support Module), and the newer, more modern UEFI mode (Unified Extensible Firmware Interface). To be precise, there can also be a hybrid mode of CSM and UEFI where the board chooses the "correct" one, but let's focus on the two pre-set modes.
UEFI mode is preferable nowadays for a modern operating system like Windows 10 or 11, and Windows 11 even requires UEFI mode for the BIOS. But when a modern mainboard's BIOS is in UEFI mode, that can already cause certain problems with older graphics cards.
Why? Many of those older graphics cards don't have a so-called GOP driver in their firmware yet, they will only have a VBIOS. Or sometimes they have an outdated/buggy GOP. GOP means "Graphics Output Protocol" driver, VBIOS means "Video BIOS". VBIOS-only firmware was common until at least 2016 or 2017, and from then on they started adding a GOP driver to the graphics cards' firmwares. The term "GOP driver" can be misleading, it doesn't have anything to do with the graphics driver in Windows, it refers to part of the graphics card's firmware. An old graphics card that only has a VBIOS works well together with an old mainboard BIOS and an old OS such as Windows 7. But now, with the BIOS in UEFI mode and Windows 10 or 11, the missing GOP is causing problems. A buggy GOP implementation can cause the same problems, but that can be updated, more below.
The newer BIOS updates from MSI enable the "Secure Boot" feature by default, so it ups the requirements again, because now it wants the graphics card to have a GOP with a signature for the firmware. This is what is really triggering problems now, because the old cards often won't output a picture at all anymore in this environment. So there's no way of getting into the BIOS and changing settings to make the old card work again.
Why did MSI even change the default setting of Secure Boot from disabled to enabled?
Windows 11 has come along with some surprising new and strict requirements. MSI have reacted in several stages. First they decided to enable the firmware TPM 2.0 in recent BIOS versions (this is called "Windows 11 Supported" in the changelogs mostly found on Intel-based boards), and of course UEFI mode is the default for the BIOS for a while now. And now MSI also chose to enable Secure Boot by default. While UEFI mode is definitely a hard requirement for Windows 11, the enabled Secure Boot should still be somewhat optional for end users. But i guess MSI really want to make sure that the systems are as Windows-11-compatible as possible, with little to no extra work for the end user.
However, now with Secure Boot enabled, the graphics card not only needs to have a GOP in its firmware, the firmware also has to be properly signed to be allowed for Secure Boot, like i mentioned before. So by the motherboard having Secure Boot automatically enabled with the newest BIOS, it tries to enforce Secure Boot with a graphics card that's not properly prepared for it. The possible consequence of that is: No picture or POST anymore. This is not a fault or defect of the motherboard or BIOS! It is the consequence of enabling all the advanced settings and features that Windows 11 likes, and trying to enforce them with older graphics cards that are not fully compatible unless you modify their firmware.
So for now, with an old graphics card, one strategy could be to avoid updating to the latest BIOS (the one with "Change the default setting of Secure Boot" in the changelog).
But of course, this will prevent you from benefitting from the other bugfixes and improvements in this new BIOS and the following versions, so it's not ideal.
From MSI's side, the only fix would be to revert back to Secure Boot being disabled again in a newer BIOS, or not to fix it, and just add a warning to the new BIOS downloads on their site.
Another possibility is to prevent/fix it on the user side. To do that, these are the main options:
1) Updating the BIOS to a version that works (either to the version before this problematic one, or to a newer/beta version where they added a workaround for this issue).
On motherboards with the Flash BIOS Button, the BIOS can be updated or downgraded to pretty much any version at any time. So if there are such problems, they can be fixed using the Flash BIOS Button method (which is described in the motherboard manual) to downgrade to the BIOS version before the problematic one.
But: Not all motherboard models have this feature. The cheaper and older the board model, the less likely it is to have it.
If the board doesn't have it, then there's still a possibility to blind-flash the BIOS.
But the cleaner method is usually this:
2) Updating the graphics card's VBIOS/firmware with one that has a GOP, or a newer GOP version where this problem was solved.
For older NVIDIA cards, there's a convenient firmware updater (they mention DisplayPort on there, but it simply modifies the GPU firmware to prevents these kinds of issues). Here's another update for RTX 3060, 3080 Ti, 3090 Ti (if affected), and here's even one for 4080/4090. For NVIDIA GPUs that are too old to be supported by the firmware updater, they can still be manually updated with a GOP with the method from below, or maybe there is a firmware with a (newer) GOP already for download at TechPowerUp.
Updating the graphics card's VBIOS/firmware works as follows:
1) Save your VBIOS/firmware with GPU-Z, in it there's a button to save it to a file (to the right of the "BIOS version" box).
2) Download the latest GOP updater and extract the files.
3) Drag your VBIOS file onto the GOPupd batch file. Check what version your GOP is and what version the program has as the latest, it should be newer.
4) Update the VBIOS and save the updated VBIOS.
5) Flash it onto the card using the latest ATIFlash or NVFlash. With ATIFlash it's pretty easy, with NVFlash you may have to look up a guide, it's not as easy for NVIDIA cards.
It may sound a bit complicated, but this has a very high chance of success, afterwards the problem is usually solved.
Basically everyone i saw trying this method gave positive feedback afterwards.
Or of course:
3) Using a graphics card from 2019 or newer, which pretty much guarantees that it plays nice with the new BIOS. It might also work with the iGPU (integrated graphics).
This can also be done in case the BIOS was already updated and the first two options can't be used. Enter the BIOS with the new graphics card, disable Secure Boot, and try again with the old card. If that doesn't fix it, then using the newer card, downgrade the BIOS to the one before this version via M-Flash in the BIOS if possible, and the old graphics card should work again too.
4) Using an older CPU (yes, CPU) to be able to enter the BIOS and disable Secure Boot, see here.
If M-Flash doesn't allow a BIOS downgrade, then it's also worth trying to set the BIOS to CSM mode. This might also work around a potential secondary problem: If Windows was installed with the BIOS in CSM/Legacy mode before, then the newer BIOS version that enforces UEFI mode can't boot that Windows anymore without some further work. In that case, the EZ Debug LEDs on the board will also show the BOOT LED. This is not critical, it can be solved in a few ways. The more detailed explanation is here.
However, setting the BIOS to CSM mode is not a good idea in the long run, because Windows 11 will require UEFI mode. And with the support for Windows 10 ending in October 2025, there will be a time when we all have to start using Windows 11 (since Windows 10 will become too unsafe to use without updates). So by the end of 2025, there will have to be a permanent fix applied to those older graphics cards, usually in the form of a firmware update for them, otherwise they might cause problems again as the BIOS will have to be in UEFI mode for Windows 11.
Here are the first confirmations that my theories from above are correct:
Last edited:
bu it doesn't mean you cannot change the option manually, it's not a hidden/forced option anyway.