标签归档:Secure Boot

Secure Boot - Confirm Enabled or Disabled in Windows 8

How to Check if Secure Boot is Enabled or Disabled in Windows 8 and 8.1

 

information   Information
This tutorial will show you how to confirm if Secure Boot is enabled or disabled in your UEFI settings from insideWindows 8 and 8.1.You must be signed in as an administrator to be able to do the steps in this tutorial.
Note   Note
UEFI (replaces BIOS) has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

For more information about secure boot, see:

  • Secure Boot Overview
  • "Secure Boot isn't configured correctly": troubleshooting
  • Protecting the pre-OS environment with UEFI - Building Windows 8 - Site Home - MSDN Blogs
  • Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware

EXAMPLE: Secure Boot in your UEFI firmware settings at boot

Click image for larger version

 

OPTION ONE

To Check if Secure Boot is Enabled or Disabled in System Information

1. Press the + R keys to open the Run dialog, type msinfo32, and press Enter.2. In the right pane of System Summary in System Information, see what the Secure Boot State value is. (see screenshot below)

Value Description
On PC supports Secure Boot and Secure Boot is enabled
Off PC supports Secure Boot and Secure Boot is disabled
Unsupported PC does not support Secure Boot or is a Legacy (BIOS) installed Windows

Click image for larger version

 

OPTION TWO

To Check if Secure Boot is Enabled or Disabled in PowerShell

1. Open an elevated PowerShell window from inside Windows 8 or 8.1.2. If prompted by UAC, then click/tap on Yes.3. In the elevated PowerShell window, copy and paste the command below, and press Enter.

Confirm-SecureBootUEFI

4. Based on what the cmdlet returns, this will let you know if Secure Boot is enabled or disabled in your UEFI settings.

Cmdlet Return Description
True PC supports Secure Boot and Secure Boot is enabled
False PC supports Secure Boot and Secure Boot is disabled
Cmdlet not supported on this platform PC does not support Secure Boot or is a Legacy (BIOS) installed Windows

Click image for larger version

Click image for larger version

Click image for larger version

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecureBoot\State]
"UEFISecureBootEnabled"=dword:00000001
"PolicyPublisher"="{77fa9abd-0359-4d32-bd60-28f4e78f784b}"
"PolicyVersion"=dword:00000001