A simple guide to know and verify secure boot is enabled in Windows 10 or Windows 11. The Secure Boot protects the boot process against security attacks from malicious code like malware and ransomware. Secure Boot is firmware-dependent and requires that the computer BIOS is set to UEFI mode. The Secure Boot is an important security feature designed to prevent malicious software from loading when your PC starts up (boots). Most modern PCs are capable of Secure Boot, but in some instances, there may be settings that cause the PC to appear to not be capable of Secure Boot. These settings can be changed in the PC firmware. Firmware, often called BIOS (Basic Input/Output System), is the software that starts up before Windows when you first turn on your PC.
How to Verify Secure Boot is Enabled in Windows 10/11
- Click the Windows Button to the bottom left of the screen or press the Windows Key.
- In the Search Bar, type: System Information
- Press Enter.
- System Information will open, and System Summary should be selected by default.
- On the right side of this screen, look for BIOS Mode and Secure Boot State.
- If Secure Boot is enabled, the BIOS Mode will show “UEFI,”.
Try to check out on the System Information page to find the BIOS Mode. If the BIOS Mode shows “Legacy” in the Boot setting in the computer BIOS, it must be switched from Legacy to UEFI mode. Read this article about switch Legacy BIOS to UEFI mode.
Check Secure Boot Status using Powershell
To confirms that Secure Boot is enabled by checking the Secure Boot status on the local computer using Powershell comamnd. This command checks whether Secure Boot is enabled on the computer.
- Press Windows key type Powershell.
- Right click the PowerShell and run the Powershell as administrator, or (Press Ctrl+Shfit then press enter to run powershell as Administrator).
- Type the following command and check the result.
PS C:\> Confirm-SecureBootUEFI True
The Confirm-SecureBootUEFI cmdlet confirms that Secure Boot is enabled by checking the Secure Boot status on a UEFI computer.
- If the computer supports Secure Boot and Secure Boot is enabled, this cmdlet returns $True.
- If the computer supports Secure Boot and Secure Boot is disabled, this cmdlet returns $False.
If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, this cmdlet displays the following:
Cmdlet not supported on this platform.
If Windows PowerShell® is not run in administrator mode, this cmdlet displays the following:
Unable to set proper privileges. Access was denied.
This cmdlet requires that Windows PowerShell be run in administrator mode. So make sure you run the Powershell as administrator.