What is secure boot?

March 8, 2022


  • Zane Hamilton, Vice President, CIQ

  • Neil Hanlon, Solutions Architecture, CIQ

Note: This transcript was created using speech recognition software. While it has been reviewed by human transcribers, it may contain errors.

Full Webinar Transcript:

Zane Hamilton:

Tell us a little about Secure Boot, but what is it, how is it beneficial, and what to watch out for? 

Neil Hanlon:

Absolutely. Secure Boot's part of UEFI is the next generation of BIOS Boot to the Legacy BIOS Boot. And it developed in response to malware rootkits that we're able to get in, replace that boot loader, that first stage boot loader in your environment. And it's essentially a cryptographic way of ensuring that the operating system you're trying to boot from is not a virus. That's done right now through a central authority through Microsoft, and they have a portal where we upload our certificate and have them cross sign it. It's valid for the certificate loaded into a piece of hardware soldered onto your motherboard if you have a new computer called the TPM or a trusted platform module. That trusted platform module enables secure storage of encrypted secrets like certificates and keys. This allows us to have a secure boot environment where Microsoft has validated that the boot loader Rocky has built is not a virus. It's also built in a secure, trusted environment that we maintain on the Rocky Enterprise Software Foundation.