Get-Secure
BootUEFI
Syntax
Get-SecureBootUEFI
[-Name] <String>
[-OutputFilePath <String>]
[<CommonParameters>]
Description
The Get-SecureBootUEFI cmdlet gets the UEFI variable values related to Secure Boot which are: SetupMode, SecureBoot, KEK, PK, SignatureDatabase (DB), and forbidden SignatureDatabase (DBX).
If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, this cmdlet displays the following:
Cmdlet not supported on this platform.
If the variable does not exist, this cmdlet displays the following:
Variable is currently undefined.
If Windows PowerShell® is not run in administrator mode, this cmdlet displays the following:
Unable to set proper privileges.
Access was denied.
Examples
Example 1: Get information about PK
PS C:\>Get-SecureBootUefi -Name PK | Format-List
Name : PK
Bytes : {161, 89, 192, 165...}
Attributes : NON VOLATILE
BOOTSERVICE ACCESS
RUNTIME ACCESS
TIME BASED AUTHENTICATED WRITE ACCESS
This command gets information about PK from the UEFI variable.
Required Parameters
Specifies the name of the UEFI environment variable.
Type: | String |
Aliases: | n |
Parameter Sets: | PK, KEK, db, dbx, SetupMode, SecureBoot, PKDefault, KEKDefault, dbDefault, dbxDefault, dbt, dbtDefault |
Position: | 1 |
Default value: | None |
Accept pipeline input: | True (ByValue) |
Accept wildcard characters: | False |
Optional Parameters
Specifies the output file path of the UEFI environment variable.
Type: | String |
Aliases: | f |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
System.String
You can pipe a string that represents the UEFI variable name to this cmdlet.
Outputs
Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable
This cmdlet returns a UEFIEnvironmentVariable object that contains the following properties:
- Name
- Bytes
- Attributes