The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

What is Secure Boot, Trusted Boot, Measured Boot in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

Security is a major concern for everyone these days. When it comes to operating systems, we know better how quickly they get attacked by viruses and malware: and the the more popular the operating system, the more the people want to attack it.

What is Secure Boot, Trusted Boot, Measured Boot?

Secure Boot, Trusted Boot, Measured Boot

Microsoft has made some bold claims regarding security and data management on Windows, and so I  decided to study them a bit, and I must say that I am impressed. First, let us see what is understood by Secure Boot, Trusted Boot, and Measured Boot in Windows 11/10/8.1/8.

  • Secure Boot: PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system boot loaders.
  • Trusted Boot: Windows OS checks the integrity of every component of the startup process before loading it.
  • Measured Boot: The PC’s firmware logs the boot process, and Windows can send it to a trusted server that can objectively assess the PC’s health.

Using Measured Boot, Windows can further validate the boot process beyond Secure Boot. The start-up processes are now signed, protected, and measured. They are then stored in the TPM chip to prevent rootkit or malware infection. For TPM-based systems, Windows will perform a comprehensive chain of measurements during the boot process, called measured boot, which can be used to validate the boot process to prevent rootkits and other malware.

Windows has taken an innovative approach to address the long-standing issue of insecure boot. Power attackers and virus developers prefer customizing viruses and designing them to attack the PC right at boot time. This is probably because boot time is when security is at its weakest, and antivirus and firewalls do not guard the system.

Let’s take a few minutes and go over some common scenarios we face today:

  • The antivirus starts functioning after the Windows boot is complete.
  • Unsigned applications (chat apps, etc.) appear before you start your work.
  • All the unwanted applications ultimately slow down your PC, thus adding more to the pain.

It is a universal temptation to get things done in seconds. Well, Microsoft has guaranteed it with a fast boot time of around eight seconds and much more security this time.

Fix: Secure Boot State Unsupported error in Windows 11

Let’s check out what Windows does with its Measured Boot:

  • Secure boot stops malware and makes Windows significantly more resistant to attacks. In the worst case, if the virus has already made it into your PC, Windows will block its spread and actions until the operating system is loaded, and antivirus takes guard.
  • If at any moment during boot, Windows finds un-trusted applications trying to load, Windows will block its actions. Read Early-Launch Anti-Malware (ELAM) technology.
  • Windows allows antivirus and firewalls to load up early during boot time to assure protection up-front.
  • Finally, Windows will automatically fix any registry or driver errors it detects.

Thus, Windows 11 has the power and ability to protect your PC from malware and malicious programs right from boot time.

You can read more about this on TechNet.

PS: Check if your PC supports UEFI or BIOS.

Related reads:

Azharuddin@TWC

Azharuddin Khan, being a technology enthusiastic, loves writing blogs and updating them. Currently pursuing his Bachelors in Information Technology, he also loves in extending support via providing hardware solutions.