Most computers purchased within the last few years have the capability to support a feature called Secure Boot. When enabled, Secure Boot will help protect your computer against boot-level malware, rootkits, and unauthorized operating systems. Secure Boot verifies the digital signatures of bootloaders and OS files during startup.
For those interested in the technical details, Secure Boot is part of the UEFI (Unified Extensible Firmware Interface) firmware. This is the modern version of what was previously known as BIOS.
Many newer PCs and Macs will have this feature turned on by default. The procedures you would use to check to make sure it is enabled and if needed activate it, would vary a bit depending on what type of computer you have.
Windows PCs:
Check if it is enabled:
- Windows button + R, type msinfo32 and press enter.
- Look for a line that says Secure Boot State. It will show is enabled, disabled or unsupported.
Enable Secure Boot:
- Restart your PC and enter the UEFI/BIOS settings. (usually by pressing F2, Esc or F10 at boot. Your screen should have a prompt telling you what to press)
- Open the Boot menu, and go to the Secure Boot menu item. Set Secure Boot to Enabled.
- Save and exit.
Macs:
Check if it is enabled:
- To view the Secure Boot settings you need to restart into recovery mode (command + R at startup).
- Navigate to Utilities > Startup Security Utility.
- Check the Secure Boot setting. Full Security is the default and gives you the top level of security. Other options shown are Medium Security and No Security.
Linux: (Supported on Ubuntu and Fedora)
Check if it is enabled:
- From a bash prompt run mokutil –sb-state
- The output should say if Secure Boot is enabled.
Enable Secure Boot:
- Reboot and enter the UEFI/BIOS setup.
- Enable Secure Boot in the firmware settings.
- Save and Exit.
image is creative commons public domain. source: https://picryl.com/media/computer-security-padlock-computer-communication-77e933
targetedtechtalk@protonmail.com
Follow @TargetedTechTlk
