Secure Boot
Secure Boot is a process to ensure that your PC boots using only software that is trusted by the PC manufacturer. Secure Boot is not exclusive to Microsoft and is defined in UEFI specification documents, though Microsoft does have specific requirements defined in the links included below.
When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs) and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system.
Secure Boot is required for Windows operating systems; Windows 8, 8.1, and 10, and is also part of UEFI Specification docs. See section 27.1 Secure Boot in the UEFI specification document for additional information.
For more information regarding Windows requirements for Secure boot, see System.Fundamentals.Firmware.UEFISecureBoot in the WHCP-Systems-Specification-1607 link below.
Related resources
Hardware Security Testability Specification
Windows Hardware Compatibility Program Specifications and Policies
WHCP-Systems-Specification-1607 (ZIP download)
Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware
Windows 8.1 Secure Boot Key Creation and Management Guidance
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for