In Secure Boot, the system firmware verifies that the system boot loader is signed with a cryptographic key. The cryptographic key is authorized by a database contained in the UEFI firmware. With signature verification in the next-stage boot loaders, kernel, and user space, you can prevent the execution of unsigned code.