Recent versions of the Unified Extensible Firmware Interface (UEFI) specification include support for a new boot mechanism, called Secure Boot. Secure Boot prevents running malware before the operating system (OS) loads by relying on a system of digital signatures embedded in executable images, and blocking execution of unsigned (or incorrectly signed) images. After the OS handoff, OS-based software is used to defend against malware. The Secure Boot mechanism is expected to proliferate in the personal computer sector as operating system vendors add these signatures to their loaders and pre-handoff code, and as hardware vendors add them to their pre-OS device drivers.