A UEFI firmware feature that ensures the VM boots only with authentic, signed software. It verifies the digital signature of boot components such as firmware drivers, the OS bootloader, and the kernel, and halts the boot process if any component lacks a trusted signature.

See the Secure Boot documentation.