Built off the open source project Osquery
Description: Checks status of Secure Boot.
What The Data Shows:Secure Boot is important b/c it helps prevent malicious applications from loading at startup.
SQL:
WITH sb1 AS (
SELECT COUNT(*) AS cnt,
1 AS one
FROM registry
WHERE PATH='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State\UEFISecureBootEnabled'
),
sb2 AS (
SELECT COUNT(*) AS cnt,
1 AS one
FROM registry
WHERE PATH='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\State\UEFISecureBootEnabled'
AND DATA = 1
)
SELECT
CASE
WHEN sb1.cnt = 0 THEN "NON-UEFI"
WHEN sb2.cnt = 1 THEN "ENABLED"
WHEN sb2.cnt = 0 THEN "DISABLED"
END SECUREBOOT_STATUS
FROM sb1
JOIN sb2 USING(one);
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.