Secure Boot

Sec+ Glossary 📖 • Secure Development ⚙️ • Security Operations 🛡️ • Difficulty: free

What is Secure Boot?

Secure Boot is a security feature that helps ensure a device starts using only trusted, digitally signed boot software. It prevents unauthorized or tampered bootloaders, firmware components, and operating system loaders from running during startup, reducing the risk of bootkits and other low-level malware.

Examples

A company enables Secure Boot so only approved, signed operating system boot components can load on employee laptops.
A compromised device fails to boot after a tampered bootloader is detected because it is not signed by a trusted key.

Discover 🔎

Some of the most damaging malware tries to load before the operating system, because that gives it deep control and makes it harder to detect. Secure Boot exists to protect that early startup phase. It helps a device verify that the software being loaded at boot time is authentic and has not been modified.

Remember: Secure Boot is about trust during startup. It helps stop tampered boot components from running before the operating system defenses are active.

Summary 📝

Secure Boot is a startup security feature that uses digital signatures to ensure only trusted boot components run during system startup. It helps prevent tampered bootloaders and certain forms of low-level malware from gaining control before the operating system loads. Secure Boot is most effective when combined with strong key management, full disk encryption, and operational monitoring.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.