System security (PCs, mobiles, IoT devices, etc.) depends upon controlling the initial system configuration and boot process to ensure establishment of a secure execution environment. This process is commonly called "secure boot". This talk explains what secure boot is, and why it matters, and describes the basic hardware, software, and cryptographic building blocks you can/should use to implement secure boot. The talk also describes how not to do it, based on several real-world examples of exploitable errors in fielded devices. The talk should be interesting to both white and black hats.