What UEFI feature prevents a system from booting with untrusted drivers or operating systems?

Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI) designed to enhance system security by ensuring that only trusted software is loaded during the boot process. When Secure Boot is enabled, the firmware checks the digital signatures of all boot drivers and operating systems before allowing them to execute. This means that if the software is not signed with a trusted certificate, or if the signatures do not match expected values, the system will prevent the boot process from continuing. This mechanism helps to protect against rootkits and bootkits that can compromise a system at the most fundamental level.

This security feature is vital in maintaining the integrity of the system, especially in environments sensitive to malware or unauthorized software. Therefore, enabling Secure Boot is an effective way to safeguard a computer from running malicious code during startup, ensuring only verified and trusted components are loaded.

The other options pertain to different aspects of system and hardware security. A Hardware Security Module (HSM) focuses on safeguarding cryptographic keys, while flashing refers to updating firmware or software components. The Pre-Operating System Environment relates to tools used before an OS loads, but does not specifically provide the secure loading of drivers or operating systems like Secure Boot does.