Get-SecureBootUEFI

Gets the UEFI variable values related to Secure Boot.

Syntax

Get-SecureBootUEFI
   [-Name] <String>
   [-OutputFilePath <String>]
   [<CommonParameters>]

Description

The Get-SecureBootUEFI cmdlet gets the UEFI variable values related to Secure Boot which are: SetupMode, SecureBoot, KEK, PK, SignatureDatabase (DB), and forbidden SignatureDatabase (DBX).

If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, this cmdlet displays the following:

Cmdlet not supported on this platform.

If the variable does not exist, this cmdlet displays the following:

Variable is currently undefined.

If Windows PowerShell® is not run in administrator mode, this cmdlet displays the following:

Unable to set proper privileges. Access was denied.

Examples

Example 1: Get information about PK

PS C:\>Get-SecureBootUefi -Name PK | Format-List
Name       : PK
Bytes      : {161, 89, 192, 165...}
Attributes : NON VOLATILE
             BOOTSERVICE ACCESS
             RUNTIME ACCESS
             TIME BASED AUTHENTICATED WRITE ACCESS

This command gets information about PK from the UEFI variable.

Parameters

-Name

Specifies the name of the UEFI environment variable.

Type:String
Aliases:n
Accepted values:PK, KEK, db, dbx, SetupMode, SecureBoot, PKDefault, KEKDefault, dbDefault, dbxDefault, dbt, dbtDefault
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-OutputFilePath

Specifies the output file path of the UEFI environment variable.

Type:String
Aliases:f
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

You can pipe a string that represents the UEFI variable name to this cmdlet.

Outputs

Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable

This cmdlet returns a UEFIEnvironmentVariable object that contains the following properties:

  • Name
  • Bytes
  • Attributes