How to Check if Secure Boot is Enabled or Disabled in Windows 8 and 8.1
Information
This tutorial will show you how to confirm if Secure Boot is enabled or disabled in your UEFI settings from insideWindows 8 and 8.1.You must be signed in as an administrator to be able to do the steps in this tutorial.
Note
UEFI (replaces BIOS) has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.Quick summary
- UEFI allows firmware to implement a security policy
- Secure boot is a UEFI protocol not a Windows 8 feature
- UEFI secure boot is part of Windows 8 secured boot architecture
- Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
- Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
- OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
- Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows
For more information about secure boot, see:
- Secure Boot Overview
- "Secure Boot isn't configured correctly": troubleshooting
- Protecting the pre-OS environment with UEFI - Building Windows 8 - Site Home - MSDN Blogs
- Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware
EXAMPLE: Secure Boot in your UEFI firmware settings at boot
OPTION ONE
To Check if Secure Boot is Enabled or Disabled in System Information
1. Press the + R keys to open the Run dialog, type msinfo32, and press Enter.2. In the right pane of System Summary in System Information, see what the Secure Boot State value is. (see screenshot below)
Value | Description |
On | PC supports Secure Boot and Secure Boot is enabled |
Off | PC supports Secure Boot and Secure Boot is disabled |
Unsupported | PC does not support Secure Boot or is a Legacy (BIOS) installed Windows |
OPTION TWO
To Check if Secure Boot is Enabled or Disabled in PowerShell
1. Open an elevated PowerShell window from inside Windows 8 or 8.1.2. If prompted by UAC, then click/tap on Yes.3. In the elevated PowerShell window, copy and paste the command below, and press Enter.
Confirm-SecureBootUEFI
4. Based on what the cmdlet returns, this will let you know if Secure Boot is enabled or disabled in your UEFI settings.
Cmdlet Return | Description |
True | PC supports Secure Boot and Secure Boot is enabled |
False | PC supports Secure Boot and Secure Boot is disabled |
Cmdlet not supported on this platform | PC does not support Secure Boot or is a Legacy (BIOS) installed Windows |
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecureBoot\State]
"UEFISecureBootEnabled"=dword:00000001
"PolicyPublisher"="{77fa9abd-0359-4d32-bd60-28f4e78f784b}"
"PolicyVersion"=dword:00000001