What is secure boot?
Secure boot is one feature of the latest unified extensible firmware interface (UEFI) 2.3.1 specification (Errata C). The feature defines an entirely new interface between operating system and firmware/BIOS.
When enabled and fully configured, secure boot helps a computer resist attacks and infection from malware. Secure boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system.
How does secure boot work?
Secure boot works like a security gate. Code with valid credentials gets through the gate and executes, but code that has bad credentials, or no credentials, is blocked at the gate and rejected.
Intel® Desktop Boards embed the default secure boot keys for Windows 8*. These boards, and required BIOS versions, have been tested and passed the Windows Hardware Certification Kit (WHCK) for Windows 8. The WHCK reports for Intel Desktop Boards are available at Microsoft Windows Hardware Quality Labs (WHQL/WHCK) information.
For information on creating secure boot keys, refer to Deploying Secure Boot: Key Creation and Management.
|UEFI Specification 2.3.1, Errata C|
|Delivering a secure and fast boot experience with UEFI|
|Microsoft Developer Network (MSDN)—search on keywords "secure boot"|
|UEFI Learning Center|