Secure Boot Cmdlets in Windows PowerShell

Windows PowerShell® is a task-based command-line shell and scripting language designed especially for system administration. This reference topic for the information technology (IT) professional provides assistance in utilizing the Windows PowerShell cmdlets to script and automate tasks.

Secure Boot

This reference provides cmdlet descriptions and syntax for all Secure Boot-specific cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet.


cmdlet Description


Confirms that Secure Boot is enabled by checking the Secure Boot status on the local computer.


Formats certificates or hashes into a content object that is returned and creates a file that is ready to be signed.


Gets the publisher GUID and the policy version of the Secure Boot configuration policy.


Gets the UEFI variable values related to Secure Boot such as the SetupMode, SecureBoot, KEK, PK, SignatureDatabase, and forbidden SignatureDatabase.


Sets the Secure Boot-related UEFI variables such as Platform Key, Key Exchange Key, Signature Database and Forbidden Signature Database.

To list all the cmdlets that are available, use the Get-Command –Module SecureBoot cmdlet.

For more information about, or for the syntax of, any of the cmdlets, use the Get-Help <cmdlet name> cmdlet, where <cmdlet name> is the name of the cmdlet that you want to research. For more detailed information, you can run any of the following cmdlets:

Get-Help <cmdlet name> -Detailed
Get-Help <cmdlet name> -Examples
Get-Help <cmdlet name> -Full

Community Additions