What is Secure Boot?
D3 ยท Architecture ยท CompTIA Security+ SY0-701Secure Boot is a UEFI (Unified Extensible Firmware Interface) security standard that ensures only cryptographically signed, trusted bootloaders and OS kernels can run during system startup.
How it works: UEFI firmware contains a database of trusted certificates. During boot, each component's signature is verified before execution. Unsigned or improperly signed software is blocked.
Protects against: bootkits, rootkits that load before the OS, evil maid attacks.
How it works: UEFI firmware contains a database of trusted certificates. During boot, each component's signature is verified before execution. Unsigned or improperly signed software is blocked.
Protects against: bootkits, rootkits that load before the OS, evil maid attacks.
Secure Boot + TPM (measured boot) = full chain of trust from firmware to OS. Secure Boot prevents unauthorized boot code; measured boot detects if something changed. Together they provide pre-OS security. Required for Windows 11.