The browser version you are using is not recommended for this site.
Please consider upgrading to the latest version of your browser by clicking one of the following links.

Support

Secure Boot FAQ


Last Reviewed: 05-Feb-2016
Article ID: 000006942

What is secure boot?
Secure boot is one feature of the latest unified extensible firmware interface (UEFI) 2.3.1 specification (Errata C). The feature defines an entirely new interface between operating system and firmware/BIOS.

When enabled and fully configured, secure boot helps a computer resist attacks and infection from malware. Secure boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system.

How does secure boot work?
Secure boot works like a security gate. Code with valid credentials gets through the gate and executes, but code that has bad credentials, or no credentials, is blocked at the gate and rejected.

Intel® Desktop Boards embed the default secure boot keys for Windows 8*. These boards, and required BIOS versions, have been tested and passed the Windows Hardware Certification Kit (WHCK) for Windows 8. The WHCK reports for Intel Desktop Boards are available at Microsoft Windows Hardware Quality Labs (WHQL/WHCK) information.

For information on creating secure boot keys, refer to Deploying Secure Boot: Key Creation and Management.

Related topics
UEFI Specification 2.3.1, Errata C
Delivering a secure and fast boot experience with UEFI
Microsoft Developer Network (MSDN)—search on keywords "secure boot"
UEFI Learning Center

This article applies to: