How to Check if Secure Boot is Enabled or Disabled in Windows 10
Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. Support for Secure Boot was introduced in Windows 8, and also supported by Windows 10.
When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs), EFI applications, and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system.
Secure Boot prevents a sophisticated and dangerous type of malware—called a rootkit—from loading when you start your device. Rootkits use the same privileges as the operating system and start before it, which means they can completely hide themselves. Rootkits are often part of an entire suite of malware that can bypass local logins, record passwords and keystrokes, transfer private files, and capture cryptographic data.
For more information about Secure Boot, see:
- Secure Boot
- Secure the Windows 10 boot process | Microsoft Docs
- Disabling Secure Boot
- Device protection in Windows Defender Security Center - Hardware security capability | Windows Security Support
This tutorial will show you how to check if Secure Boot is currently enabled, disabled, or unsupported in Windows 10.
Contents
- Option One: To Check if Secure Boot is Enabled or Disabled in Windows Security
- Option Two: To Check if Secure Boot is Enabled or Disabled in System Information
- Option Three: To Check if Secure Boot is Enabled or Disabled in PowerShell
1. Open Windows Security, and click/tap on the Device security icon. (see screenshot below)
2. Under Secure boot (if supported), look to see if it Secure boot is on or Secure boot is off. (see screenshot below)
3. When finished, you can close Windows Security if you like.
1. Press the Win+R keys to open Run, type msinfo32 into Run, and click/tap on OK to open System Information.
2. In the right pane of System Summary in System Information, see if the Secure Boot State item has a value of On, Off, or Unsupported. (see screenshots below)
Value Description On PC supports Secure Boot and Secure Boot is currently enabled Off PC supports Secure Boot and Secure Boot is currently disabled Unsupported PC does not support Secure Boot or Windows is installed with legacy BIOS.
1. Open an elevated PowerShell.
2. Enter the command below into the elevated PowerShell, and press Enter.
3. You will now know if Secure Boot is currently enabled, disabled, or unsupported based on what this cmdlet returns. (see screenshots below)
Cmdlet Return Description True PC supports Secure Boot and Secure Boot is currently enabled False PC supports Secure Boot and Secure Boot is currently disabled "Cmdlet not supported on this platform" error PC does not support Secure Boot or Windows is installed with legacy BIOS.
That's it,
Shawn