Null Square

🛡️ Boot integrity, anchored in silicon.

What it is: Secure Boot checks each step of startup. A TPM chip holds keys and records what loaded.
Why it matters: It blocks stealthy bootkits and proves your machine started clean.

How it works / Defend:
- Firmware verifies signed boot code before it runs
- Each stage measures the next; TPM stores those measurements for attestation
- Disk encryption keys can be sealed to the TPM, unlocking only on a clean boot
- Enable Secure Boot and TPM 2.0, update UEFI, set a firmware password, and back up recovery keys

✅ Takeaway: hardware-backed trust makes persistent malware far harder.