Secure Boot is required to run Windows 11. Here is how to check Secure Boot status. i.e., enabled or disabled in Windows.
Windows 11 has many new improvements over Windows 10, especially its looks, usability, performance, and security. With all the upgrades and new things added to Windows 11, the system requirements changed significantly. A couple of special requirements to install Windows 11 are the mandatory Secure Boot and Trusted Platform Module (TPM) features. The good thing is, most modern systems, especially from OEMs, already have these features. For example, if you bought a pre-built desktop or a laptop in the past few years, your computer will have Secure Boot and TPM features. The main reason for this is Microsoft requiring OEMs to support these features ever since launching Windows 10.
Even if your laptop or desktop computer supports Secure Boot, there is a high chance of it being disabled. OEMs generally disable Secure Boot for compatibility reasons. For example, when Secure Boot is enabled, you cannot install alternate operating systems.
If you don’t know whether Secure Boot is enabled, disable, or unsupported on your computer, you can use built-in tools to know the Secure Boot status.
This brief and straightforward article will show two methods to check Secure Boot status in Windows. Both ways achieve the same result. So, follow the one you like.
What is Secure Boot?
As the name implies, Secure Boot is a security feature built-in to your PC’s firmware (UEFI). It makes sure that the system only boots with trusted software. Secure Boot is made to stop firmware and low-level driver attacks. If you don’t know, firmware attacks are almost impossible to detect once you are in the operating system because they load even before Windows itself and takes control of the system. The rise in firmware attacks these past few years makes Secure Boot an essential feature to have.
Every time you start the PC, Secure Boot checks the signature of the UEFI firmware, boot drivers, and the operating system itself. The manufacturer or OEM provides these signatures (keys). If all checks are passed, the firmware gives control to the OS and boots normally. Otherwise, it will stop the boot process and takes you to the Windows recovery environment to fix the system.
Check if Secure Boot is enabled from msinfo32
The msinfo32, also known as the System Information tool, is very helpful to know if the Secure Boot is enabled, disabled, or unsupported. Here is how to use it.
- Press “Start key + R.”
- Type “msinfo32” in the Run window.
- Now, check the “Secure Boot State” field.
- If Secure Boot is enabled, you will see “On.”
- If Secure Boot is disabled, you will see “Off.”
- When not supported, you will see “Not supported.”
- With that, you know the current status of Secure Boot.
Detailed steps:
First, we need to open the System Information tool. To do that, press the “Start key + R” to open the Run dialog box. In the blank field, type “msinfo32” and click the open button. You can also search for “System Information” or “msinfo32” in the Start menu too.
In the System Information window, select “System Summary” on the sidebar. On the main page, find the “Secure Boot State” field. If the field says “On,” “Off,” or “Not supported,” then the Secure Boot feature is enabled, disabled, or not supported, respectively.
For example, my laptop supports Secure Boot. So, the “Secure Boot Status” field says “On.”
PowerShell command to check Secure Boot status
You can get the Secure Boot Status using a single PowerShell command. Here is the PowerShell command you should use to know if Secure Boot is enabled or disabled.
First, search for “PowerShell” in the Start menu and select the “Run as administrator” option on the sidebar. You can also select the same option by right-clicking on the result.
In the PowerShell window, paste the “Confirm-SecureBootUEFI” command and press Enter.
If the Secure Boot is enabled, the response will be “True.” If the Secure Boot is disabled, you will see “False.” You will see the “Cmdlet not supported on this platform” error message; then, your computer doesn’t support Secure Boot.
Once you know the status, you can safely close the PowerShell window.
That is it. It is that simple to know the Secure Boot status in Windows.
I hope that helps.
If there is anything you need, comment below, and I will try to help.
Hm, mine is set to Off, or False.
But I am reading this page in Windows 11, build 22000…
Current insider builds allow you to install and run Windows 11 even if your system is incompatible. However, that may not apply to the actual public release.