Secure boot: Difference between revisions
Created page with "{{ProductCargo |Company=Microsoft |ReleaseYear=2011 |InProduction=Yes |ArticleType=Service |Category=Security, Software, Operating System }} {{Ph-C-Int}} ==Consumer-impact summary== {{Ph-C-CIS}} ==Incidents== {{Ph-C-Inc}} This is a list of all consumer-protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]]. ===Example incident one (''date'')=== {{Main|link to the mai..." |
No edit summary |
||
| (7 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
{{ | {{Stub}} | ||
'''Secure boot''', also known as '''verified boot''', is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against [[wikipedia:Rootkit|rootkits]]. | |||
== | ==How it works== | ||
This class of technology typically works by only allowing [[wikipedia:Digital_signature|cryptographically signed]] programs to be executed by the hardware-level [[wikipedia:Bootloader|bootloader]]. The signing is done with private keys owned by the device manufacturer (typical case for [[Android]] devices) or operating-system (OS) vendor (such as [[Microsoft]] and [[Apple]]). | |||
Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.{{Citation needed|reason=speculation}} | |||
=== | ==Why it is a problem== | ||
===Market control=== | |||
This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes. | |||
==Examples== | |||
*[[wikipedia:Uefi#Secure_Boot|UEFI]] | |||
*[[wikipedia:Booting_process_of_Android_devices|Android]]<ref>https://source.android.com/docs/security/features/verifiedboot/</ref> | |||
==See also== | ==See also== | ||
*[[Jailbreak]] | |||
*[[Microsoft Windows 11]] | |||
*[[Bootloader unlocking]] | |||
*[[Trusted computing]] | |||
==References== | ==References== | ||
{{reflist}} | {{reflist}} | ||
[[Category:{{PAGENAME}}]] | [[Category:{{PAGENAME}}]] | ||
[[Category:Common terms]] | |||
[[Category:Theme]] | |||
Latest revision as of 20:53, 21 April 2026
❗This article is a stub. You can help by expanding it.
#appeals channel in either Zulip or Discord to request removal.An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.
Secure boot, also known as verified boot, is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against rootkits.
How it works
[edit | edit source]This class of technology typically works by only allowing cryptographically signed programs to be executed by the hardware-level bootloader. The signing is done with private keys owned by the device manufacturer (typical case for Android devices) or operating-system (OS) vendor (such as Microsoft and Apple).
Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.[citation needed - speculation]
Why it is a problem
[edit | edit source]Market control
[edit | edit source]This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes.