Secure boot: Difference between revisions

Revision as of 00:10, 21 April 2026

⚠️ Article status notice: This Article's Relevance Is Under Review

This article has been flagged for questionable relevance. Its connection to the systemic consumer protection issues outlined in the Mission statement and Moderator Guidelines isn't clear.

Learn more ▼

If you believe this notice has been placed in error, or once you have made the required improvements, please visit the Moderators' noticeboard or the #appeals channel on our Discord server: Join Here.

Notice: This Article's Relevance Is Under Review

To justify the relevance of this article:

Provide evidence demonstrating how the issue reflects broader consumer exploitation (e.g., systemic patterns, recurring incidents, or related company policies).
Link the problem to modern forms of consumer protection concerns, such as privacy violations, barriers to repair, or ownership rights.

If you believe this notice has been placed in error, or once you have made the required improvements, please visit either the Moderator's noticeboard, or the #appeals channel on our Discord server: Join Here. There may be a discussion about this article on its talk page.

Secure boot, also known as verified boot, is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against rootkits.

How it works

This class of technology typically works by only allowing cryptographically signed programs to be executed by the hardware-level bootloader. The signing is done with private keys owned by the device manufacturer (typical case for Android devices) or operating-system (OS) vendor (such as Microsoft and Apple).

Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.^{[citation needed - speculation]}

Why it is a problem

Market control

This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes.

Examples

UEFI
Android^[1]

References

↑ https://source.android.com/docs/security/features/verifiedboot/

[1] ttps://source.android.com/docs/security/features/verifiedboot/

[1]

@@ Line 1: / Line 1: @@
-{{Irrelevant}}{{ProductCargo
+{{Irrelevant}}'''Secure boot''', also known as '''verified boot''', is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against [[wikipedia:Rootkit|rootkits]].
-|Company=Microsoft
-|ReleaseYear=2011
-|InProduction=Yes
-|ArticleType=Service
-|Category=Security, Software, Operating System, Firmware
-|Website=https://learn.microsoft.com/en-gb/windows-hardware/design/device-experiences/oem-secure-boot}}
-{{Ph-C-Int}}
-==Consumer-impact summary==
+==How it works==
-{{Ph-C-CIS}}
+This class of technology typically works by only allowing [[wikipedia:Digital_signature|cryptographically signed]] programs to be executed by the hardware-level [[wikipedia:Bootloader|bootloader]]. The signing is done with private keys owned by the device manufacturer (typical case for [[Android]] devices) or operating-system (OS) vendor (such as [[Microsoft]] and [[Apple]]).
-==Incidents==
+Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.{{Citation needed|reason=speculation}}
-{{Ph-C-Inc}}
-This is a list of all consumer-protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
-===Example incident one (''date'')===
+==Why it is a problem==
-{{Main|link to the main CR Wiki article}}
-Short summary of the incident (could be the same as the summary preceding the article).
-===Example incident two (''date'')===
-...
+=== Market control ===
+This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes.
+==Examples==
+* [[wikipedia:Uefi#Secure_Boot|UEFI]]
+* [[wikipedia:Booting_process_of_Android_devices|Android]]<ref>https://source.android.com/docs/security/features/verifiedboot/</ref>
 ==See also==
-* [[Jailbreak]]
+*[[Jailbreak]]
-* [[Microsoft Windows 11]]
+*[[Microsoft Windows 11]]
-* [[Bootloader unlocking]]
+*[[Bootloader unlocking]]
-* [[Trusted computing]]
+*[[Trusted computing]]
 ==References==
 {{reflist}}
 [[Category:{{PAGENAME}}]]
+[[Category:Common terms]]