Frequently Asked Questions about Secure Boot

Documentation

Product Information & Documentation

000006942

10-Apr-2018

What is Secure Boot?

Secure Boot is one feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 specification (Errata C). The feature defines an entirely new interface between operating system and firmware/BIOS.

When enabled and fully configured, Secure Boot helps a computer resist attacks and infection from malware. Secure Boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system.

How does Secure Boot work?

Secure Boot works like a security gate. Code with valid credentials gets through the gate and executes. However, Secure Boot blocks at the gate and rejects a code that has bad credentials, or no credential.

Intel® Desktop Boards embed the default Secure Boot keys for Windows 8*. These boards, and required BIOS versions, have been tested and passed the Windows Hardware Certification Kit (WHCK) for Windows 8. The WHCK reports for Intel Desktop Boards are available at Microsoft Windows Hardware Quality Labs (WHQL/WHCK) information.

For information on creating Secure Boot keys, refer to Deploying Secure Boot: Key Creation and Management.

Related topics
UEFI Specification 2.3.1, Errata C
Delivering a secure and fast boot experience with UEFI
Microsoft Developer Network (MSDN)—search for keyword Secure Boot
UEFI Learning Center