LKBEN11500: Find out if windows has been started with secure boot
Symptom
You need to make shure your system has not been compromised at boot time
Cause
This is important for mobile device management (MDM) and compliance
Solution
Nowadays a computer has a Trusted Platform Module (TPM) Chip on the motherboard. Most PCs in 2021 do have version 2.0, some older systems might still have version 1.2.
With UEFI Secure Boot you can prevent "rootkit" malware and asure that a system was not hijacked at boot time. To find out if your Windows System is booted with secure boot you can use the following powershell command:
Confirm-SecureBootUEFI
Your powershell has to be started as administrator to execute the Confirm-SecureBootUEFI command!
This will respond with True, False are an error.
When this command delivers "False" but in your BIOS you see Secure Boot "enabled", your BIOS might have a Secure boot Status in "Setup mode". On a Lenovo System you have to reset the keys to factory defaults. After a reboot your system will be started with secure boot.
If you have an error, you do not have secure boot or you need to make changes to your BIOS first.
Have fun.
Disclaimer:
The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!About the Author
Author: - Keskon GmbH & Co. KG
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.
Latest update: 14-03-2022 | Comment: