On most modern systems, Secure Boot is enabled by default. In fact, Secure Boot is one of the requirements to install Windows 11. However, if you made changes to your UEFI firmware or want to know the status of Secure Boot, you can check if Secure Boot is enabled or disabled using the System Information program and PowerShell. Let’s get started.
What is Secure Boot?
Secure Boot is a security feature of UEFI firmware and it makes sure that your computer boots using only trusted software. It is designed to stop firmware and low-level driver attacks that are hard to detect and remove once the system boots fully.
Every time you start the PC, Secure Boot checks the UEFI firmware signature provided by the OEM, boot drivers, and the operating system itself. If all checks are passed, the firmware gives control to the OS and boots normally. If an anomaly is detected, Secure Boot blocks the boot process and stops the untrusted software from starting.
Before You Begin
You require administrator rights to verify the Secure Boot status on Windows 10 and 11.
Methods to Check If Secure Boot is Enabled or Disable
1. Using Windows System Information Tool
In Windows, you can check various helpful information regarding your computer using the System Information tool (msinfo32). Here’s how to use it check the status of Secure Boot in your PC.
1. First, open the Run dialog by pressing “Windows key + R.”
2. Enter msinfo32 in the Run dialog box and click OK to open the Windows System Information tool.
3. Select System Summary on the sidebar.
4. On the right panel, find the Secure Boot State item. It tells you the current state of Secure Boot.
5. If it says Off, Secure Boot is disabled.
6. If it says On, Secure Boot is enabled.
2. PowerShell command to check Secure Boot status
If you like to use a command line approach, you can check if Secure Boot is enabled or disabled using PowerShell. The best thing is that you can use this command within your scripts and automation.
1. First, press the Start button, search for PowerShell, and click on the Run as Administrator option. This will open the PowerShell console with administrator rights.
2. In the PowerShell window, type Confirm-SecureBootUEFI and press Enter.
3. If the Secure Boot is enabled, the response will be True.
4. If the Secure Boot is disabled, you will see False.
If your PC doesn’t support Secure Boot then the response will be “Cmdlet not supported on this platform” error message.
That’s all. It is that simple to find out if Secure Book is active or not on your computer. Whether you check using the System Information tool or PowerShell command, the result is the same. So, follow the method you are comfortable with and it will be good. Also, if this secure feature is causing problems, you can disable Secure Boot in the UEFI firmware.
Hm, mine is set to Off, or False.
But I am reading this page in Windows 11, build 22000…
Current insider builds allow you to install and run Windows 11 even if your system is incompatible. However, that may not apply to the actual public release.