System Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows 11


  • Staff
Secure_Boot_banner.png

This tutorial will show you how to check if Secure Boot is currently enabled, disabled, or unsupported on your Windows 10 or Windows 11 PC.

Windows 11 minimum system requirements include your system to be UEFI (Unified Extensible Firmware Interface) and Secure Boot capable. While the requirement to upgrade a Windows 10 device to Windows 11 is only that the PC be Secure Boot capable by having UEFI enabled, you may also consider enabling Secure Boot for better security.

Secure Boot is an important security feature designed to prevent malicious software from loading when your PC starts up (boots). When the PC starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

Most modern PCs are capable of Secure Boot, but in some instances, there may be settings that cause the PC to appear to not be capable of Secure Boot. These settings can be changed in the PC UEFI/BIOS firmware.

References:


Contents

  • Option One: Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows Security
  • Option Two: Check if Secure Boot is Enabled, Disabled, or Unsupported in System Information
  • Option Three: Check if Secure Boot is Enabled, Disabled, or Unsupported using PowerShell Command




Option One

Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows Security


1 Open Windows Security.

2 Click/tap on Device security in Windows Security. (see screenshot below)

Secure_Boot_Windows_Security-1.png

3 Under Secure boot, look to see if secure boot is on (enabled) or off (disabled). (see screenshot below)

If you do not have a Secure boot section, then it is currently not supported by your PC, or Windows is installed with legacy BIOS (CSM) instead of UEFI.


Secure_Boot_Windows_Security-2.png




Option Two

Check if Secure Boot is Enabled, Disabled, or Unsupported in System Information


1 Open System Information (msinfo32.exe).

2 In the right pane of System Summary in System Information, see if the Secure Boot State item has a value of On, Off, or Unsupported. (see screenshot below)

Value​
Description​
OnPC supports Secure Boot and Secure Boot is currently enabled
OffPC supports Secure Boot and Secure Boot is currently disabled
UnsupportedPC does not support Secure Boot or Windows is installed with legacy BIOS (CSM) instead of UEFI.

Secure_Boot_msinfo32.png





Option Three

Check if Secure Boot is Enabled, Disabled, or Unsupported using PowerShell Command


You must be signed in as an administrator to use this option.



1 Open Windows Terminal (Admin), and select Windows PowerShell.

2 Copy and paste the command below into Windows Terminal (Admin), and press Enter. (see screenshot below)

Confirm-SecureBootUEFI

3 You will now know if Secure Boot is currently enabled, disabled, or unsupported based on what this cmdlet returns:
  • If the computer supports Secure Boot and Secure Boot is enabled, this cmdlet returns True.
  • If the computer supports Secure Boot and Secure Boot is disabled, this cmdlet returns False.
  • If the computer does not support Secure Boot or Windows is installed with legacy BIOS (CSM) instead of UEFI, this cmdlet displays the following: Cmdlet not supported on this platform.
Secure_Boot_PowerShell.png



That's it,
Shawn Brink


 
Last edited:

Latest Support Threads

Back
Top Bottom