Use PowerShell to get Secure Boot UEFI variable values

Here’s another tip from my colleague Ed Wilson (the Microsoft Scripting Guy) about how to use PowerShell to

Question: You want to find UEFI variable values related to secure boot such as the following: SetupMode, SecureBoot, KEK, PK, SignatureDatbase and forbidden SignatureDatabase. How can you do this using Windows PowerShell?

Answer: Open the Windows PowerShell console with administrator access, and use the Get-SecureBootUEFI cmdlet and specify the appropriate variable name. The following illustrates this technique:

Get-SecureBootUEFI -Name setupmode

Mitch Tulloch is a nine-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows administration, deployment and virtualization.  For more information see

Ed Wilson is the bestselling author of eight books about Windows Scripting, including Windows PowerShell 3.0 Step by Step, and Windows PowerShell 3.0 First Steps. He writes a daily blog about Windows PowerShell call Hey, Scripting Guy! that is hosted on the Microsoft TechNet Script Center; for more PowerTips check out the Hey, Scripting Guy! blog.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top