Description
Encrypted-boot setups can receive an early warning if bootloader code appears modified. Administrators use this hook to reduce the chance of entering a root-device passphrase after suspected boot tampering.
It is a boot integrity warning hook, not complete secure boot. False positives or missed changes are possible, so pair it with a broader trusted-boot strategy.