Secure boot is a sub-specification in the bios settings. It has the following functions:
1. Provide basic settings and control for the computer. The BIOS setup program is stored in the BIOS chip and can only be set when the computer is turned on.
2. Prevent malware from intruding. Its existence can prevent the system from being attacked by external viruses, because malware cannot be recognized by it and there is no way to infect the computer.
3. Certify other procedures. When the motherboard leaves the factory, it has built-in reliable public keys, and other operating systems or hardware drivers that want to be loaded on this motherboard must pass the authentication of these public keys.
4. Selective support system. Now all computers in the system are required to use the uefi interface. This interface will replace the traditional bios. As for the standard interface of uefi, it only supports a relatively small number of operating systems.
5. Support computer security startup mechanism. All software/firmware involved in the startup process must be digitally signed by the CA. Therefore, if you want to install a Linux system on a motherboard with secure boot enabled, the system must be authenticated by the public key built into secure boot.
6. Protect market monopoly. The original intention of secure boot may have been to ensure system security, but now with the development of technology, it has also become a means for PC manufacturers to protect market monopoly and hinder competition.