Translations:Secure Boot/22/en: Difference between revisions

Latest revision as of 23:16, 9 December 2025

Message definition (Secure Boot)

== Checking Secure Boot status ==
The easiest way to check if your machine has Secure Boot enabled is through the use of [[Systemd]]'s <code>bootctl</code>. There is no need to be using [[Systemd/boot|systemd-boot]] as your bootloader for this command to work. <syntaxhighlight lang="console">
$ bootctl status
System:
   Firmware: UEFI 2.80 (American Megatrends 5.25)
   Firmware Arch: x64
   Secure Boot: enabled (user)
   TPM2 Support: yes
   Measured UKI: yes
   Boot into FW: supported
...
</syntaxhighlight>The system above has secure boot enabled and enforced. Other values include <code>disabled (setup)</code> for Setup Mode, <code>disabled (disabled)</code> or <code>disabled (unsupported)</code>. The unsupported tag only appears if your device firmware does not support Secure Boot at all.
If you see <code>disabled (disabled)</code>, this means you will need to enable Secure Boot in your UEFI firmware settings before proceeding to use one of the projects outlined below.

Checking Secure Boot status

The easiest way to check if your machine has Secure Boot enabled is through the use of Systemd's bootctl. There is no need to be using systemd-boot as your bootloader for this command to work.

$ bootctl status
System:
    Firmware: UEFI 2.80 (American Megatrends 5.25)
    Firmware Arch: x64
    Secure Boot: enabled (user)
    TPM2 Support: yes
    Measured UKI: yes
    Boot into FW: supported
...

The system above has secure boot enabled and enforced. Other values include disabled (setup) for Setup Mode, disabled (disabled) or disabled (unsupported). The unsupported tag only appears if your device firmware does not support Secure Boot at all.

If you see disabled (disabled), this means you will need to enable Secure Boot in your UEFI firmware settings before proceeding to use one of the projects outlined below.