This tutorial will show you how to check if Secure Boot is currently enabled, disabled, or unsupported on your Windows 10 or Windows 11 PC.
Windows 11 minimum system requirements include your system to be UEFI (Unified Extensible Firmware Interface) and Secure Boot capable. While the requirement to upgrade a Windows 10 device to Windows 11 is only that the PC be Secure Boot capable by having UEFI enabled, you may also consider enabling Secure Boot for better security.
Secure Boot is an important security feature designed to prevent malicious software from loading when your PC starts up (boots). When the PC starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots, and the firmware gives control to the operating system.
Most modern PCs are capable of Secure Boot, but in some instances, there may be settings that cause the PC to appear to not be capable of Secure Boot. These settings can be changed in the PC UEFI/BIOS firmware.
References:
Windows 11 and Secure Boot - Microsoft Support
Learn how to change settings to enable Secure Boot if you are not able to upgrade to Windows 11 because your PC is not currently Secure Boot capable.
![support.microsoft.com](https://support.microsoft.com/favicon-32x32.png)
![learn.microsoft.com](https://learn.microsoft.com/en-us/media/open-graph-image.png)
Secure boot
Provides guidance on what an OEM should do to enable Securely booting a device
learn.microsoft.com
![learn.microsoft.com](https://learn.microsoft.com/en-us/media/open-graph-image.png)
Secure the Windows boot process
This article describes how Windows security features help protect your PC from malware, including rootkits and other applications.
learn.microsoft.com
Contents
- Option One: Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows Security
- Option Two: Check if Secure Boot is Enabled, Disabled, or Unsupported in System Information
- Option Three: Check if Secure Boot is Enabled, Disabled, or Unsupported using PowerShell Command
1 Open Windows Security.
2 Click/tap on Device security in Windows Security. (see screenshot below)
3 Under Secure boot, look to see if secure boot is on (enabled) or off (disabled). (see screenshot below)
If you do not have a Secure boot section, then it is currently not supported by your PC, or Windows is installed with legacy BIOS (CSM) instead of UEFI.
1 Open System Information (msinfo32.exe).
2 In the right pane of System Summary in System Information, see if the Secure Boot State item has a value of On, Off, or Unsupported. (see screenshot below)
Value | Description |
---|---|
On | PC supports Secure Boot and Secure Boot is currently enabled |
Off | PC supports Secure Boot and Secure Boot is currently disabled |
Unsupported | PC does not support Secure Boot or Windows is installed with legacy BIOS (CSM) instead of UEFI. |
You must be signed in as an administrator to use this option.
![learn.microsoft.com](https://learn.microsoft.com/en-us/media/open-graph-image.png)
Confirm-SecureBootUEFI (SecureBoot)
Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
learn.microsoft.com
1 Open Windows Terminal (Admin), and select Windows PowerShell.
2 Copy and paste the command below into Windows Terminal (Admin), and press Enter. (see screenshot below)
Confirm-SecureBootUEFI
3 You will now know if Secure Boot is currently enabled, disabled, or unsupported based on what this cmdlet returns:
- If the computer supports Secure Boot and Secure Boot is enabled, this cmdlet returns True.
- If the computer supports Secure Boot and Secure Boot is disabled, this cmdlet returns False.
- If the computer does not support Secure Boot or Windows is installed with legacy BIOS (CSM) instead of UEFI, this cmdlet displays the following: Cmdlet not supported on this platform.
That's it,
Shawn Brink
Last edited: