System Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows 11


Secure_Boot_banner.png

This tutorial will show you how to check if Secure Boot is currently enabled, disabled, or unsupported on your Windows 10 or Windows 11 PC.

Windows 11 minimum system requirements include your system to be UEFI (Unified Extensible Firmware Interface) and Secure Boot capable. While the requirement to upgrade a Windows 10 device to Windows 11 is only that the PC be Secure Boot capable by having UEFI enabled, you may also consider enabling Secure Boot for better security.

Secure Boot is an important security feature designed to prevent malicious software from loading when your PC starts up (boots). When the PC starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots, and the firmware gives control to the operating system.

Most modern PCs are capable of Secure Boot, but in some instances, there may be settings that cause the PC to appear to not be capable of Secure Boot. These settings can be changed in the PC UEFI/BIOS firmware.

References:


Contents

  • Option One: Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows Security
  • Option Two: Check if Secure Boot is Enabled, Disabled, or Unsupported in System Information
  • Option Three: Check if Secure Boot is Enabled, Disabled, or Unsupported using PowerShell Command




Option One

Check if Secure Boot is Enabled, Disabled, or Unsupported in Windows Security


1 Open Windows Security.

2 Click/tap on Device security in Windows Security. (see screenshot below)

Secure_Boot_Windows_Security-1.png

3 Under Secure boot, look to see if secure boot is on (enabled) or off (disabled). (see screenshot below)

If you do not have a Secure boot section, then it is currently not supported by your PC, or Windows is installed with legacy BIOS (CSM) instead of UEFI.


Secure_Boot_Windows_Security-2.png




Option Two

Check if Secure Boot is Enabled, Disabled, or Unsupported in System Information


1 Open System Information (msinfo32.exe).

2 In the right pane of System Summary in System Information, see if the Secure Boot State item has a value of On, Off, or Unsupported. (see screenshot below)

Value​
Description​
OnPC supports Secure Boot and Secure Boot is currently enabled
OffPC supports Secure Boot and Secure Boot is currently disabled
UnsupportedPC does not support Secure Boot or Windows is installed with legacy BIOS (CSM) instead of UEFI.

Secure_Boot_msinfo32.png





Option Three

Check if Secure Boot is Enabled, Disabled, or Unsupported using PowerShell Command


You must be signed in as an administrator to use this option.



1 Open Windows Terminal (Admin), and select Windows PowerShell.

2 Copy and paste the command below into Windows Terminal (Admin), and press Enter. (see screenshot below)

Confirm-SecureBootUEFI

3 You will now know if Secure Boot is currently enabled, disabled, or unsupported based on what this cmdlet returns:
  • If the computer supports Secure Boot and Secure Boot is enabled, this cmdlet returns True.
  • If the computer supports Secure Boot and Secure Boot is disabled, this cmdlet returns False.
  • If the computer does not support Secure Boot or Windows is installed with legacy BIOS (CSM) instead of UEFI, this cmdlet displays the following: Cmdlet not supported on this platform.
Secure_Boot_PowerShell.png



That's it,
Shawn Brink


 
Last edited:
This is completely out of date! The current build doesn’t look anything like this.
 

My Computer

System One

  • OS
    Win 11 Pro 64 version 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    Ryzen 5 7600
    Motherboard
    Aorus ProX X670e
    Memory
    32 gig GSkill F5-6000
    Graphics Card(s)
    Power Color RX6650XT
    Sound Card
    RealTek
    Monitor(s) Displays
    Asus VX248
    Screen Resolution
    1080x1280
    Hard Drives
    Crucial M2 1T
    PSU
    Corsair RM750x
    Case
    Corsair RAID
    Cooling
    Corsair AIO 240
    Keyboard
    NPET
    Mouse
    Logitech wired
    Internet Speed
    Fiber
    Browser
    Edge
    Antivirus
    MS
This is completely out of date! The current build doesn’t look anything like this.
Hello, :alien:

Please provide a screenshot showing what is different for you. It still looks the same on my systems.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
When running this command on Windows 11, it says:

Confirm-SecureBootUEFI : The term 'Confirm-SecureBootUEFI' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Double check to make sure there wasn't any spaces in the command or at the front or end of the command when ran in an elevated Windows PowerShell.

What about the other options?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink is right re no spaces. It does work.

secure boot powershell.png
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.3025
    Computer type
    PC/Desktop
    Manufacturer/Model
    Homebuilt
    CPU
    Intel Core i9 13900K
    Motherboard
    Asus ProArt Z790 Creator WiFi - Bios 2703
    Memory
    Corsair Dominator Platinum 64gb 5600MT/s DDR5 Dual Channel
    Graphics Card(s)
    Sapphire NITRO+ AMD Radeon RX 7900 XTX Vapor-X 24GB
    Sound Card
    External DAC - Headphone Amplifier: Cambridge Audio DACMagic200M
    Monitor(s) Displays
    Panasonic MX950 Mini LED 55" TV 120hz
    Screen Resolution
    3840 x 2160 120hz
    Hard Drives
    Samsung 980 Pro 2TB (OS)
    Samsung 980 Pro 1TB (Files)
    Lexar NZ790 4TB
    LaCie d2 Professional 6TB external - USB 3.1
    Seagate One Touch 18TB external HD - USB 3.0
    PSU
    Corsair RM1200x Shift
    Case
    Corsair RGB Smart Case 5000x (white)
    Cooling
    Corsair iCue H150i Elite Capellix XT
    Keyboard
    Logitech K860
    Mouse
    Logitech MX Ergo Trackball
    Internet Speed
    Fibre 900/500 Mbps
    Browser
    Microsoft Edge Chromium
    Antivirus
    Bitdefender Total Security
    Other Info
    AMD Radeon Software & Drivers 24.12.1
    AOMEI Backupper Pro
    Dashlane password manager
    Logitech Brio 4K Webcam
    Orico 10-port powered USB 3.0 hub
  • Operating System
    Windows 11 Pro 24H2 26100.2894
    Computer type
    Laptop
    Manufacturer/Model
    Asus Vivobook X1605VA
    CPU
    Intel® Core™ i9-13900H
    Motherboard
    Asus X1605VA bios 309
    Memory
    32GB DDR4-3200 Dual channel
    Graphics card(s)
    *Intel Iris Xᵉ Graphics G7 (96EU) 32.0.101.6078
    Sound Card
    Realtek | Intel SST Bluetooth & USB
    Monitor(s) Displays
    16.0-inch, WUXGA 16:10 aspect ratio, IPS-level Panel
    Screen Resolution
    1920 x 1200 60hz
    Hard Drives
    512GB M.2 NVMe™ PCIe® 3.0 SSD
    Other Info
    720p Webcam
Back
Top Bottom