Verify whether an instance is enabled for UEFI Secure Boot - Amazon Elastic Compute Cloud

Verify whether an instance is enabled for UEFI Secure Boot

You can use the mokutil utility to verify whether a Linux instance is enabled for UEFI Secure Boot. If mokutil is not installed on your instance, you must install it. For the installation instructions for Amazon Linux 2, see https://docs.aws.amazon.com/linux/al2/ug/find-install-software.html. For other Linux distributions, see their specific documentation.

To verify whether a Linux instance is enabled for UEFI Secure Boot

Run the following command as root on the instance.

mokutil --sb-state

Expected output:

  • If UEFI Secure Boot is enabled, the output contains SecureBoot enabled.

  • If UEFI Secure Boot is not enabled, the output contains SecureBoot disabled or Failed to read SecureBoot.

To verify whether a Windows instance is enabled for UEFI Secure Boot
  1. Open the msinfo32 tool.

  2. Check the Secure Boot State field. Supported indicates that UEFI Secure Boot is enabled.

    Secure Boot State within System Information.

You can also use the Windows PowerShell Cmdlet Confirm-SecureBootUEFI to check the the Secure Boot status. For more information about the cmdlet, see Confirm-SecureBootUEFI in the Microsoft Documentation website.