Get-SecureBootUEFI

Gets the UEFI variable values related to Secure Boot such as the SetupMode, SecureBoot, KEK, PK, SignatureDatabase, and forbidden SignatureDatabase.

Syntax

Get-SecureBootUEFI
   [-Name] <String>
   [-OutputFilePath <String>]
   [<CommonParameters>]

Description

The Get-SecureBootUEFI cmdlet gets the UEFI variable values related to Secure Boot which are: SetupMode, SecureBoot, KEK, PK, SignatureDatabase (DB), and forbidden SignatureDatabase (DBX).

If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, then this cmdlet will return an error displaying the following: Cmdlet not supported on this platform.

If the variable does not exist, then this cmdlet will return an error displaying the following: Variable is currently undefined.

If Windows PowerShell® is not run in administrator mode, then this cmdlet will return an error displaying the following: Unable to set proper privileges. Access was denied.

Examples

EXAMPLE 1

PS C:\>Get-SecureBootUefi -Name PK | Format-List
Name       : PK 
Bytes      : {161, 89, 192, 165...} 
Attributes : NON VOLATILE 
             BOOTSERVICE ACCESS 
             RUNTIME ACCESS 
             TIME BASED AUTHENTICATED WRITE ACCESS

Grabs information about the PK from the UEFI variable.

Required Parameters

-Name

Specifies the name of the UEFI environment variable.

Type:String
Aliases:n
Accepted values:PK, KEK, db, dbx, SetupMode, SecureBoot
Position:1
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False

Optional Parameters

-OutputFilePath

Specifies the output file path of the UEFI environment variable.

Type:String
Aliases:f
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.String

The String object represents the UEFI variable name.

Outputs

Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable

The UEFIEnvironmentVariable object contains the following properties:

-- Name

-- Bytes

-- Attributes