> For the complete documentation index, see [llms.txt](https://docs.enclaive.cloud/nitride/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods/raw-attestation-with-secure-boot.md).

# Raw Attestation with Secure Boot

### Secure Boot: Extending the Chain of Trust

**Secure Boot** is a standard feature of the UEFI firmware interface designed to secure the pre-boot process. It works by maintaining a database of approved cryptographic signatures for bootloaders and operating system kernels. Before executing any pre-boot binary, the UEFI firmware verifies its signature against this database. If the signature is not recognized or has been tampered with, the boot process is halted.

**Role in Remote Attestation**

While Raw Attestation verifies the integrity of the firmware and initial platform configuration, it does not cover the operating system's bootloader or kernel. Secure Boot bridges this gap, extending the chain of trust from the hardware into the OS layer.

The attestation process integrates Secure Boot as follows:

1. **Firmware Verification**: The process begins with Raw Attestation. The platform's security processor measures the UEFI firmware. Since the Secure Boot component and its configuration are part of this firmware, their integrity is verified at this stage.
2. **Boot Chain Verification**: Once the firmware is trusted, it begins the boot process. The Secure Boot mechanism then takes over, verifying the signature of each subsequent component—such as the OS bootloader and the kernel—before it is loaded.

**Outcome**

By combining these two methods, a relying party can achieve a more comprehensive security guarantee. If the measurements from Raw Attestation confirm that a genuine, untampered firmware with Secure Boot was loaded, the relying party can be confident that the entire boot chain, up to and including the operating system kernel, has also been verified. This makes it possible to detect any malicious modification to the boot process.

<img src="/files/ElN04WWsZes7C4zJYQHT" alt="" class="gitbook-drawing">


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods/raw-attestation-with-secure-boot.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.