When Secure Boot was enabled, the core components used to boot the machine must have correct cryptographic signatures, and the UEFI firmware would verify this before it would let the machine start. If any files had been tampered with, breaking their signature, the system wouldn’t boot.
Full article