What is Secure Boot?

Windows 10, and Older Hardware Support

Steve Smith talks about how Windows 10, for many users will include the possibility to run this latest operating system on non-UEFI mainboards at the cost of Secure Boot functionality.

Episode #5-46 released on August 3, 2015

Watch on Youtube

Secure Boot, a featured introduced with the mainboard BIOS standard named UEFI 2.2, allows for a very special set of circumstances to no longer exist in computers that has plagued users for years. It is when I heard that the new Windows 10 operating system would be able to function in a non-UEFI environment that I determined that some of you may want to know what you are missing out on, and what the feature, Secure Boot, is really about.

Whether you like it or not, viruses and malware are a thing. Antivirus solutions can really only protect you from weaker viruses, and warn you that more dangerous viruses have invaded your computer. This is usually caused by unpatched systems, and users will little regard for where they go online, however, even with the best practices, even the most careful users, periodically get infected. Some viruses can infect the bootloader of your computer, making it impossible to cleanly and securely boot into Windows, and other operating systems, or is it really all that impossible?

This is where Secure Boot comes into play. Because Viruses have infected the bootloaders of Windows and other operating systems for an extremely long time, Microsoft, as well as, other vendors, have determined a need for a way to detect and prevent the booting of compromised, or unsigned operating systems and related drivers. The Secure Boot functionality detects whether the operating system is signed, or genuine, and it only allows it to boot if it passes. Signed and genuine operating systems that support UEFI 2.2, come with a platform key, which allows users to enter a user mode where only drivers and loaders signed with the platform key can be loaded by the firmware. It is possible to add additional key exchange keys in a database by moving the UEFI Secure Boot information for additional keys in a custom mode, for keys that do not match the private keys already submitted. Once this is done, viruses that infect the bootloader cannot be loaded at the startup of the computer, because they are not signed by the private keys in question.

Now, this feature is required in Windows 8.1, and despite many complaining about the User Interface, the operating system itself is more secure than previous versions, for the most part. Now, the latest operating system, Windows 10, seeks to allow all users with or without UEFI mainboards, provided the vendor creates a driver for it, to be able to upgrade their operating system, at the cost of a feature designed to protect the operating system itself.

I wonder what will happen. What do you think will happen?

Please note: that only a limited amount of users may be affected by this, because all newer devices coming out with Windows 10 will have to be UEFI 2.2 and Secure Boot Compliant, only older support mainboards with valid drivers will be able to run Windows 10.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources