Secure boot: Difference between revisions

Latest revision as of 20:53, 21 April 2026

❗Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Secure boot, also known as verified boot, is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against rootkits.

How it works

This class of technology typically works by only allowing cryptographically signed programs to be executed by the hardware-level bootloader. The signing is done with private keys owned by the device manufacturer (typical case for Android devices) or operating-system (OS) vendor (such as Microsoft and Apple).

Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.^{[citation needed - speculation]}

Why it is a problem

Market control

This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes.

Examples

UEFI
Android^[1]

References

↑ https://source.android.com/docs/security/features/verifiedboot/

[1] ttps://source.android.com/docs/security/features/verifiedboot/

[1]

@@ Line 1: / Line 1: @@
-{{ProductCargo
+{{Stub}}
-|Company=Microsoft
+'''Secure boot''', also known as '''verified boot''', is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against [[wikipedia:Rootkit|rootkits]].
-|ReleaseYear=2011
-|InProduction=Yes
-|ArticleType=Service
-|Category=Security, Software, Operating System, Firmware
-|Website=https://learn.microsoft.com/en-gb/windows-hardware/design/device-experiences/oem-secure-boot}}
-{{Ph-C-Int}}
-==Consumer-impact summary==
+==How it works==
-{{Ph-C-CIS}}
+This class of technology typically works by only allowing [[wikipedia:Digital_signature|cryptographically signed]] programs to be executed by the hardware-level [[wikipedia:Bootloader|bootloader]]. The signing is done with private keys owned by the device manufacturer (typical case for [[Android]] devices) or operating-system (OS) vendor (such as [[Microsoft]] and [[Apple]]).
-==Incidents==
+Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.{{Citation needed|reason=speculation}}
-{{Ph-C-Inc}}
-This is a list of all consumer-protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
-===Example incident one (''date'')===
+==Why it is a problem==
-{{Main|link to the main CR Wiki article}}
-Short summary of the incident (could be the same as the summary preceding the article).
-===Example incident two (''date'')===
-...
+===Market control===
+This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes.
+==Examples==
+*[[wikipedia:Uefi#Secure_Boot|UEFI]]
+*[[wikipedia:Booting_process_of_Android_devices|Android]]<ref>https://source.android.com/docs/security/features/verifiedboot/</ref>
 ==See also==
-{{Ph-C-SA}}
+*[[Jailbreak]]
+*[[Microsoft Windows 11]]
+*[[Bootloader unlocking]]
+*[[Trusted computing]]
 ==References==
 {{reflist}}
 [[Category:{{PAGENAME}}]]
+[[Category:Common terms]]
+[[Category:Theme]]