UEFI Secure Boot

GPTKB entity

Statements (49)
Predicate Object
gptkbp:instanceOf computer security technology
gptkbp:auditedBy security researchers
gptkbp:block unsigned operating systems
gptkbp:canBe gptkb:Microsoft_Windows_certification
corporate security policies
malicious firmware updates
system administrator
gptkbp:canBeBypassedBy exploiting firmware vulnerabilities
gptkbp:canBeDisabled yes
BIOS/UEFI setup utility
gptkbp:canBeManagedBy OEMs
IT departments
gptkbp:canBeResetBy clearing keys in firmware setup
gptkbp:canCauseIssuesWith custom Linux kernels
unsigned drivers
gptkbp:compatibleWith legacy BIOS systems
gptkbp:criticizedFor potential to restrict user freedom
gptkbp:documentedIn gptkb:UEFI_Specification
gptkbp:enables chain of trust at boot
gptkbp:enforcedBy UEFI firmware
digital signature verification
https://www.w3.org/2000/01/rdf-schema#label UEFI Secure Boot
gptkbp:introduced gptkb:UEFI_Forum
gptkbp:notableRelease firmware updates
gptkbp:partOf UEFI specification
gptkbp:prevention bootkits
rootkits
unauthorized OS loaders
gptkbp:purpose prevent unauthorized code execution during boot
gptkbp:relatedTo gptkb:Measured_Boot
Secure Boot keys
Trusted Platform Module
gptkbp:replacedBy legacy BIOS boot security
gptkbp:requires certificate management
UEFI firmware
signed bootloaders
gptkbp:standardizedBy gptkb:UEFI_Specification_2.3.1
gptkbp:supportedBy gptkb:Windows_8
gptkb:macOS
gptkb:Microsoft_Windows
gptkb:Linux_distributions
gptkbp:usedIn modern computers
gptkbp:uses gptkb:Forbidden_Signature_Database_(dbx)
gptkb:Key_Exchange_Key_(KEK)
gptkb:Signature_Database_(db)
Platform Key (PK)
gptkbp:vulnerableTo key compromise
gptkbp:bfsParent gptkb:Windows_8
gptkbp:bfsLayer 5