Get-SecureBootUEFI
Gets the UEFI variable values related to Secure Boot.
Syntax
Get-SecureBootUEFI
[-Name] <String>
[-OutputFilePath <String>]
[<CommonParameters>] Description
The Get-SecureBootUEFI cmdlet gets the UEFI variable values related to Secure Boot which are: SetupMode, SecureBoot, KEK, PK, SignatureDatabase (DB), and forbidden SignatureDatabase (DBX).
If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, this cmdlet displays the following:
Cmdlet not supported on this platform.
If the variable does not exist, this cmdlet displays the following:
Variable is currently undefined.
If Windows PowerShell® is not run in administrator mode, this cmdlet displays the following:
Unable to set proper privileges. Access was denied.
Examples
Example 1: Get information about PK
PS C:\>Get-SecureBootUefi -Name PK | Format-List
Name : PK
Bytes : {161, 89, 192, 165...}
Attributes : NON VOLATILE
BOOTSERVICE ACCESS
RUNTIME ACCESS
TIME BASED AUTHENTICATED WRITE ACCESSThis command gets information about PK from the UEFI variable.
Parameters
-Name
Specifies the name of the UEFI environment variable.
| Type: | String |
| Aliases: | n |
| Accepted values: | PK, KEK, db, dbx, SetupMode, SecureBoot, PKDefault, KEKDefault, dbDefault, dbxDefault, dbt, dbtDefault |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-OutputFilePath
Specifies the output file path of the UEFI environment variable.
| Type: | String |
| Aliases: | f |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
You can pipe a string that represents the UEFI variable name to this cmdlet.
Outputs
Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable
This cmdlet returns a UEFIEnvironmentVariable object that contains the following properties:
- Name
- Bytes
- Attributes