Ensures nothing else but trusted firmware/software signed with a digital signature can execute during boot. Created to prevent Rootkits and Viruses
Signed Software
A software is trustworthy if they have a digital signature.
bootmgr.efi has a signature like this:
These signatures can be manually approved