Secure Boot, Trusted Boot, Measured Boot
Microsoft has made some bold claims regarding security and data management on Windows, and so I decided to study them a bit, and I must say that I am impressed. First, let us see what is understood by Secure Boot, Trusted Boot, and Measured Boot in Windows 11/10/8.1/8.
Secure Boot: PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system boot loaders.Trusted Boot: Windows OS checks the integrity of every component of the startup process before loading it.Measured Boot: The PC’s firmware logs the boot process, and Windows can send it to a trusted server that can objectively assess the PC’s health.
Using the Measured Boot, Windows can further validate the boot process beyond Secure Boot. The start-up processes are now signed, protected, and measured. They are then stored in the TPM chip to prevent rootkit or malware infection. For TPM-based systems, Windows will perform a comprehensive chain of measurements during the boot process, called measured boot, which can be used to validate the boot process to prevent rootkits and other malware. Windows has taken an innovative approach to address the issue of the insecure boot, which prevailed for a long time. Power attackers and virus developers prefer customizing viruses and designing them to attack the PC right at the time of boot. It is probably because boot time is when security is at its weakest, and antivirus and firewall do not guard the system.
Let’s take a few minutes and go over some common scenarios we face today:
Antivirus starts functioning way after boot completes.Unsigned applications (chat apps, etc.) begin to appear before you start your work.All the unwanted application ultimately slows down your PC, thus adding more to the pain.
It is a universal temptation to get things done in a matter of seconds. Well, Microsoft has guaranteed it with a fast boot time of around eight seconds and with much more security as well, this time. Fix: Secure Boot State Unsupported error in Windows 11
Let’s check out what Windows does with its Measured Boot:
Secure boot stops malware in its tracks and makes Windows significantly more resistant to attacks. In the worst case, if the virus has already made it into your PC, Windows will block its spread and actions until the operating system is loaded, and antivirus takes guard.If at any moment during boot, Windows finds un-trusted applications trying to load, Windows will block its actions. Read Early-Launch Anti-Malware (ELAM) technology.Windows allows antivirus and firewalls to load up early during boot time to assure protection up-front.And finally, Windows, if it detects any registry errors or driver errors, it will fix it automatically.
Windows 10 thus has the power and ability to protect your PC from malware and malicious programs right from the boot-time. You can read more about this on TechNet. Check if your PC supports UEFI or BIOS. Related reads: