Secure Boot - Confirm Enabled or Disabled in Windows 8

How to Check if Secure Boot is Enabled or Disabled in Windows 8 and 8.1

information   Information
This tutorial will show you how to confirm if Secure Boot is enabled or disabled in your UEFI settings from inside Windows 8 and 8.1.

You must be signed in as an administrator to be able to do the steps in this tutorial.

Note   Note
UEFI (replaces BIOS) has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system. Secure boot prevents “unauthorized” operating systems and software from loading during the startup process.

Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

For more information about secure boot, see:



EXAMPLE: Secure Boot in your UEFI firmware settings at boot
UEFI.jpg






OPTION ONE

To Check if Secure Boot is Enabled or Disabled in System Information


1. Press the :winkey: + R keys to open the Run dialog, type msinfo32, and press Enter.​
2. In the right pane of System Summary in System Information, see what the Secure Boot State value is. (see screenshot below)​
[TABLE=class:-grid,-width:-550][TR][TD]
Value
[/TD]
[TD]
Description
[/TD][/TR]
[TR][TD]
On
[/TD]
[TD]
PC supports Secure Boot and Secure Boot is enabled
[/TD][/TR]
[TR][TD]
Off
[/TD]
[TD]
PC supports Secure Boot and Secure Boot is disabled
[/TD][/TR]
[TR][TD]
Unsupported
[/TD]
[TD]
PC does not support Secure Boot or is a Legacy (BIOS) installed Windows
[/TD][/TR][/TABLE]
minfo32_Secure_Boot.jpg






OPTION TWO

To Check if Secure Boot is Enabled or Disabled in PowerShell


1. Open an elevated PowerShell window from inside Windows 8 or 8.1.​
2. If prompted by UAC, then click/tap on Yes.​
3. In the elevated PowerShell window, copy and paste the command below, and press Enter.​
Confirm-SecureBootUEFI

4. Based on what the cmdlet returns, this will let you know if Secure Boot is enabled or disabled in your UEFI settings.​
[TABLE=class:-grid,-width:-725][TR][TD]
Cmdlet Return
[/TD]
[TD]
Description
[/TD][/TR]
[TR][TD]
True
[/TD]
[TD]
PC supports Secure Boot and Secure Boot is enabled
[/TD][/TR]
[TR][TD]
False
[/TD]
[TD]
PC supports Secure Boot and Secure Boot is disabled
[/TD][/TR]
[TR][TD]
Cmdlet not supported on this platform
[/TD]
[TD]
PC does not support Secure Boot or is a Legacy (BIOS) installed Windows
[/TD][/TR][/TABLE]
Secure_Boot_PowerShell-True.jpg
Secure_Boot_PowerShell-False.jpg
Secure_Boot_PowerShell_Not_Available.jpg




That's it,
Shawn


 

Attachments

  • Uefi_logo.png
    Uefi_logo.png
    6.4 KB · Views: 363
Last edited by a moderator:
If Secure Boot is on then Windows 8 is confirmed to be UEFI booted, right?

I just updated the BIOS and the startup changed from the usual ASUS logo to the Windows 8 logo, but in msinfo32 the BIOS mode is UEFI and Secure Boot is on.
And to add, my boot SSD is GPT.
 
Hello iron,

That's correct. When it says that "BIOS mode" is UEFI, then your Windows 8 was installed with UEFI. Secure Boot is a feature of UEFI.

Hope this helps. :)
 
So is the $64,000 question.. if W8 has secure boot on, then gets hosed... are all your bootable rescue CDs and USB keys useless? Or is there a basic strategy that still provides rootkit resistance while allowing system rescue?
 
All bootable software using WinRE4 x64 will boot with Secure Boot ENABLED.
 
Last edited:
Hello John,

It depends on if you installed Windows 7 with UEFI or legacy, and if you wanted secure boot enabled or not. :)
 
Ok Shawn now I know the machine has EUFI but I don't know without a quick check - what the seller who installed the 7 on this machine actually set in the BIOS as I am reasonably familiar with the EUFI but this APTIO is not much like the Asus desktop I have with EUFI.

Now I just have to look up what secure boot is all about:)
 
There's some good information about secure boot in the links at the top of the tutorial if you like. :)
 
Back
Top