CRW

Home Wiki

Secure boot

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Stub
This article is a stub. The wiki community is still building it out.
Citations needed
Some claims in this article have not been independently sourced.
Contents6
  1. How it works
  2. Why it is a problem
  3. Market control
  4. Examples
  5. See also
  6. References

Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Issues may include:

  • This article needs to be expanded to provide meaningful information
  • This article requires additional verifiable evidence to demonstrate systemic impact
  • More documentation is needed to establish how this reflects broader consumer protection concerns
  • The connection between individual incidents and company-wide practices needs to be better established
  • The article is simply too short, and lacks sufficient content

How you can help:

  • Add documented examples with verifiable sources
  • Provide evidence of similar incidents affecting other consumers
  • Include relevant company policies or communications that demonstrate systemic practices
  • Link to credible reporting that covers these issues
  • Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

Secure boot, also known as verified boot, is any technology that prevents the execution of non-trusted programs during the startup sequence of a computer system, such as a desktop PC or a smartphone. Its original purpose is to protect users against rootkits.

How it works

This class of technology typically works by only allowing cryptographically signed programs to be executed by the hardware-level bootloader. The signing is done with private keys owned by the device manufacturer (typical case for Android devices) or operating-system (OS) vendor (such as Microsoft and Apple).

Many hardware-based bootloaders don't support or allow changing the set of allowed signatures, which suggests they were made to control users rather than "protect" them.[citation needed - speculation]

Why it is a problem

Market control

This tech can be used to restrict the software that users can install and use. Even when it's optional, it's typically enabled by default, adding undue friction that deters users from installing alternative OSes.

Examples

See also

References

  1. https://source.android.com/docs/security/features/verifiedboot/
Filed under