Home > Storage > PowerScale (Isilon) > Product Documentation > Security and Compliance > Dell PowerScale OneFS: Security Considerations > Overview
The Unified Extensible Firmware Interface (UEFI) Forum is an alliance of technology companies to standardize, secure, and modernize the boot process across devices by developing a UEFI specification. A software stack is composed of hardware, firmware, and the operating system. The UEFI specification links the firmware with the operating system, through the EFI system partition.
As part of the UEFI 2.3.1 specification, Secure Boot was introduced to ensure device security in the preboot environment by allowing only authorized EFI binaries to be loaded during the process. In the boot sequence, a device could be susceptible to a malware attack during the firmware startup and the loading of the operating system. UEFI Secure Boot reduces the attack vectors by ensuring that the Operating System boot loaders are signed with a digital signature.
Dell PowerScale Secure Boot takes the UEFI framework a step further, including the OneFS kernel and modules. The UEFI infrastructure is responsible for the EFI signature validation and binary loading within UEFI Secure Boot. Further, FreeBSD’s veriexec function is used to perform signature validation for the boot loader and kernel.
The PowerScale Secure Boot feature is enabled on each node individually and provides a level of defense against potential malware attacks. The PowerScale Secure Boot feature runs during the nodes’ bootup process only, using public-key cryptography to verify the signed code, to ensure that only trusted code is loaded on the node.