One of the benefits of a UEFI configuration is that it supports signing and verification for UEFI executable files, up to and including the boot manager, which implements the boot menu in Windows 8.
This, combined with further verification checking done by Windows, is what constitutes Secure Boot. This feature helps protect Windows against malware or other tampering.
Figure 1: Secure Boot
The three main actions related to Secure Boot are shown in the diagram above. These are:
In the event that the UEFI firmware that Boot Manager does not match its signing information, it replaces Boot Manager with a backup copy. In the event that this also fails, the UEFI firmware will display some kind of remediation information, giving you a way to return to a trusted state. This remediation experience is implemented by each OEM, so the specifics differ.
Secure Boot enables a related feature: Early-Launch Anti-Malware (ELAM). This provides the ability for an anti-malware driver to register as a trusted Boot Critical Driver. This makes it the first non-Microsoft, non-platform specific code that will run on the computer. The anti-malware driver can then verify other drivers in turn before they are initialized.
Secure Boot helps prevent malware from running before the OS, Early Launch AV helps ensure that trusted anti-malware software is the first third-party component run on each startup.
Figure 2: Secure Boot with ELAM
ELAM adds a fourth step to the Secure Boot process, labeled “4” in the diagram above.
Measured Boot is another boot feature in Windows 8 that is also related to anti-malware software. Measured boot gives the anti-malware software a detailed, reliable log of components that loaded prior to the anti-malware driver during startup. This log can be used by anti-malware software or an administrator in a business environment to validate whether there may be malware on the computer, or evidence of tampering with boot components.
Windows 8 systems ship with a certificate in the UEFI that analyzes the boot loader to ensure it is both the right one and is signed by Microsoft. If you were to encounter a rootkit , the UEFI wouldn't allow it to boot. In other words, UEFI protects the pre-OS environment. Additionally, as the system boots, Windows 8 detects if any of the OS elements have been tampered with and automatically restores the unmodified versions. As you know from that earlier post, Secure Boot is just one of the three pillars of what is called the Trusted Boot process.
There are a lot more specific details here, if anyone wants to go deeper:
Impossible de redémarrer Windows 8 à cause de ce type de procédure ! J'ai lancé Acronis (logiciel de sauvegarde payant) et il le prend pour un Malware ...
C'est une belle escroquerie ! Je suis obligé de tout réinstaller.
A moins d'une autre solution ...