Check If Secure Boot Is Enabled Or Disabled

3458 View

How To Check If Secure Boot Is Enabled Or Disabled

Check If Secure Boot Is Enabled Or Disabled

Secure Boot is a feature included on UEFI-based computers running Microsoft Windows 8 or Windows Server 2012 and later. It is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

When the Computer starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers, EFI applications, and the operating system. This mean; A series of verification is done before control is handed over to operating system.

If the signatures are valid, the Computer boots but if verification fails at any step, an error screen is popped and system is not allowed to boot. In summary; secure boot provides a secure environment to start Windows and prevent malware from hijacking the system during the boot process.

How do I know if secure boot is enabled

Only Windows 11 , Windows 10  and Windows 8 have Secure Boot certificates, if you needed to install Windows 7  or Linux on a Secure Boot-enabled Computer, you would need to disable Secure Boot.

Typically, you’ll often find Secure Boot in the Boot Options menu or page. Change the setting from “Enabled” to “Disabled“.

How do I know if secure boot is enabled

You can find whether Secure boot is enabled or disabled without entering the BIOS. System information utility can be launched from Run window by executing the command msinfo32.

msinfo32

Secure boot

Check the Secure Boot state. You can also find the secure boot state with a Powershell command. This requires you run PowerShell as Administrator, Run the following cmdlet in the PowerShell window:

Confirm-SecureBootUEFI

You’ll see “True” if Secure Boot is enabled, “False” if Secure Boot is disabled. If your PC’s hardware doesn’t support Secure Boot, you’ll see a “Cmdlet not supported on this platform” error message.

Check the Secure Boot state

You can check the secure boot state in the registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot]
"UEFISecureBootEnabled"=dword:00000001

UEFISecureBootEnabled = 1 – Enabled

UEFISecureBootEnabled = 0 – Disabled

If there is no “UEFISecureBootEnabledREG_DWORD key, it means there is no Secure boot on your system.

Published on: Oct 29, 2021-last edited: 26-01-2024





Leave a Comment