Secure boot
⚠️This article's relevance is under review. It does not appear to be in-scope for the wiki.
#appeals channel in either Zulip or Discord to request removal. Discussions of this article's relevancy should take place on its talk page.You can help establish relevance by showing how the issue represents either large-scale consumer exploitation (systemic practices, recurring incidents, etc.) or a case of 'modern' consumer rights issues such as privacy violations, barriers to repair, or ownership rights, in line with the Mission statement and Moderator Guidelines.
Secure boot, also known as verified boot, is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against rootkits.
How it works
This class of technology typically works by only allowing cryptographically signed programs to be executed by the hardware-level bootloader. The signing is done with private keys owned by the device manufacturer (typical case for Android devices) or operating-system (OS) vendor (such as Microsoft and Apple).
Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.[citation needed - speculation]
Why it is a problem
Market control
This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes.