A boot process that only executes firmware and software signed by trusted keys, preventing unauthorized startup code.