Skip to main content

Overview

The SecureBoot command checks the status and configuration of Secure Boot, a UEFI firmware security feature that ensures only trusted bootloaders and operating systems can run during system startup. Secure Boot status affects bootkit deployment and certain rootkit attacks.

Syntax

Seatbelt.exe SecureBoot

Remote Execution

Seatbelt.exe SecureBoot -computername=TARGET.domain.com [-username=DOMAIN\user -password=pass]

Output

Returns Secure Boot information:
  • Secure Boot enabled/disabled status
  • Setup Mode status
  • Secure Boot Policy
  • Platform key information

Use Cases

  • Red Team
  • Blue Team
  • Determine bootkit deployment viability
  • Assess firmware-level persistence options
  • Identify kernel driver signing requirements
  • Understand boot-time security controls

Example Output

====== SecureBoot ======

UEFISecureBootEnabled    : True
SecureBootCapable        : True
SetupMode                : 0 (User Mode)

[*] Secure Boot is ENABLED
[*] System is in User Mode (Secure Boot is enforcing)

Remote Execution

This command supports remote execution using the -computername parameter.

Detection Considerations

Minimal detection risk - reads UEFI variables via WMI.