UEFI Secure Boot

UEFI Secure Boot builds on the long-standing secure boot process of Amazon EC2, and provides additional defense-in-depth that helps customers secure software from threats that persist across reboots. It ensures that the instance only boots software that is signed with cryptographic keys. The keys are stored in the key database of the UEFI non-volatile variable store. UEFI Secure Boot prevents unauthorized modification of the instance boot flow.

Topics

How UEFI Secure Boot works
Launch an instance with UEFI Secure Boot support
Verify whether an instance is enabled for UEFI Secure Boot
Create a Linux AMI to support UEFI Secure Boot
How the Amazon binary blob is created

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

UEFI variables

How UEFI Secure Boot works