Secure Boot is a security feature that is built into the firmware of modern computers. It is designed to ensure that the system only runs trusted software by verifying the digital signature of each piece of code that is executed during the boot process. This helps to prevent malicious software, such as rootkits and bootkits, from being loaded and running on the system.
When Secure Boot is enabled, the firmware checks the digital signature of the bootloader before loading it. The bootloader, in turn, checks the digital signature of the operating system before loading it. This process continues until the operating system is fully loaded and running. The digital signatures are stored in a database of trusted digital certificates that is built into the firmware. The firmware only allows code to run if it has a valid digital signature from a trusted source.
Secure Boot is based on the UEFI (Unified Extensible Firmware Interface) firmware standard, which is a replacement for the traditional BIOS firmware. Most computers that are shipped with Windows 8 or later have Secure Boot enabled by default. It’s worth noting that some distributions of Linux have also adopted Secure Boot as a standard, but not all linux distros support it, and even those that do require additional configuration to work with it.
You can check if Secure Boot is enabled on a Windows system by following these steps.
- Press the Windows key + R to open the Run dialog.
- Type msinfo32 and press Enter.
- In the System Information window that appears, look for the “Secure Boot State” field.
- If Secure Boot is enabled, the value of the Secure Boot State field will be On. If it is disabled, the value will be Off.
Another way to check this is via the Command Prompt
- Press the Windows key + X and select Command Prompt (Admin), or Terminal (Admin) if you use Windows Terminal
- Type the following command:
bcdedit /enum {current} - Locate the Hyper-V Generation and look for the SecureBoot value, if it is set to On Secure Boot is enabled, if it is set to Off Secure Boot is disabled