Which security technology ensures that only authorized software loads on a device during boot?

The technology that ensures only authorized software loads on a device during the boot process is secure boot. Secure boot is a security feature implemented in the firmware of a device that checks the digital signatures of the software components that load during the boot sequence. Only software that has been cryptographically signed by the manufacturer or by the device’s owner will be allowed to execute. This helps to prevent unauthorized software, such as rootkits or bootkits, from loading at startup, thereby helping to maintain the integrity of the operating system and ensuring a trusted boot process.

Measured boot and Unified Extensible Firmware Interface (UEFI) are related but serve different purposes. Measured boot is a part of the boot process that involves recording measurements of the software components being loaded, so their integrity can be verified later. UEFI is a modern firmware interface that has capabilities beyond basic BIOS but does not inherently enforce software loading restrictions; rather, it provides an environment in which secure boot can operate. The Trusted Platform Module (TPM) is a hardware-based security component that can work in conjunction with secure boot to store cryptographic keys securely and enhance the overall security posture but does not itself enforce software loading.