Secure boot has been a standard feature since at least Windows 8. As the name implies, the feature protects the boot process. The integrity of the boot process is ensured by digitally signing any software (“firmware”) used during the boot process. As with any digital signature, this process requires the use of certificates to verify the validity of the signatures.
This article has been indexed from SANS Internet Storm Center, InfoCON: green