Boot chain integrity is the assurance that a system’s firmware and early startup components have not been altered before the operating system loads. The “boot chain” includes BIOS or UEFI firmware, bootloaders, option ROMs, and other code that runs during startup. If any of these layers is tampered with, an attacker can gain control before normal security tools are active.
This matters because pre-OS compromise is hard to detect and can persist through reinstalls, hide malware from the operating system, and undermine logs and trust measurements. Defenders use Secure Boot, measured boot, TPM-backed attestation, signed firmware updates, and hardware root of trust features to verify that each stage matches a trusted state. In attacks, bootkits and firmware implants try to break this chain; in defense, administrators monitor platform attestation and block unsigned or modified startup code.