A security standard designed to ensure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).
Secure Boot is a feature of modern Unified Extensible Firmware Interface (UEFI) firmware that helps prevent unauthorized or malicious code—such as bootkits or rootkits—from executing during the system startup process. When Secure Boot is enabled, the firmware checks the digital signature of each boot component (bootloader, OS kernel, etc.) against a database of trusted keys. If the signature is valid and matches a trusted entry, the component is allowed to execute; otherwise, the boot process is halted or restricted.
This mechanism helps protect the system from low-level attacks that occur before the operating system’s security features are active. Secure Boot is commonly used in conjunction with other security technologies like Trusted Platform Module (TPM) and full disk encryption.