Lenovo ThinkPad Secure Boot Vulnerability

A vulnerability in the BIOS of certain Lenovo ThinkPad models could lead to Secure Boot being disabled, even when it is set to 'On' in the BIOS menu. This issue affects the L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads, but only when Secure Boot is configured in User Mode. The problem arises from a discrepancy between the Secure Boot status in the BIOS and what is reported by the operating system.

Impact

Disabling Secure Boot can create security risks, as it may allow unauthorized software or firmware to be loaded during the boot process, potentially leading to malware infections or other security breaches.

Remediation

Users can update their BIOS to the latest version available on the Lenovo support site. For those with an affected device, Secure Boot can be re-enabled by changing the Secure Boot mode to Deployed mode through the BIOS setup menu. Instructions for checking Secure Boot's status in both the BIOS and Windows OS are available on the Lenovo support site.