What security feature ensures a computer is not hijacked by a malicious OS while requiring UEFI?

Secure boot is a security feature that plays a critical role in ensuring that a computer's operating system is authentic and has not been tampered with by malicious software. It operates during the startup process of the computer, specifically when the Unified Extensible Firmware Interface (UEFI) is in control. The primary purpose of secure boot is to verify the digital signatures of the operating system and associated firmware components.

When a device with secure boot enabled is powered on, it checks each module of the boot sequence against a cryptographic signature that has been pre-approved. If the signatures match, the system proceeds to boot the operating system normally. However, if a malicious operating system or an unapproved boot loader attempts to load, the secure boot process will prevent it from executing, thus protecting the system from potential hijacking.

This differs from UEFI itself, which serves as the interface between the operating system and the firmware, providing more functionality and capabilities than the traditional bios but does not, on its own, provide security against untrusted software.

Measured boot is another security feature that logs the measurements of each component during boot, which can be used later for verification of the boot integrity but does not actively prevent untrusted software from loading. The Trusted Platform Module (TPM