whatisgithub

What is secureboot-inspector?

cws6206/secureboot-inspector — explained in plain English

Analysis updated 2026-05-18

64C#Audience · ops devopsComplexity · 2/5LicenseSetup · easy

In one sentence

A Windows 11 tool that inspects Secure Boot firmware settings and certificate databases, then lets you export a plain-text report.

Mindmap

mindmap
  root((repo))
    What it does
      Reads Secure Boot state
      Reads certificate databases
      Exports text report
    Tech stack
      C sharp
      Windows firmware APIs
    Use cases
      Verify Secure Boot config
      Inspect certificate thumbprints
      Save audit report
    Audience
      IT and security admins
    License
      GPL v3 or later

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Check whether Secure Boot is properly enabled and configured on a Windows 11 machine.

USE CASE 2

Inspect the Platform Key, Key Exchange Key, and allowed or forbidden signature databases.

USE CASE 3

Copy or save a plain-text report of firmware security settings for documentation or an audit.

USE CASE 4

Review certificate names, issuers, expiration dates, and thumbprints stored in firmware.

What is it built with?

C#Windows

How does it compare?

cws6206/secureboot-inspectorpetrovicar/rdr-2-menu-26aidotnet/codexswitch
Stars646463
LanguageC#C#C#
Setup difficultyeasyeasymoderate
Complexity2/51/52/5
Audienceops devopsgeneraldeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Must be run as administrator because reading Secure Boot firmware variables is a protected Windows operation.

Released under the GNU GPL v3 or later, which requires that modified versions you distribute stay open source under the same license.

So what is it?

SecureBoot Inspector is a small Windows 11 utility that checks whether your computer's Secure Boot feature is properly configured. Secure Boot is a security standard built into modern computers that prevents unauthorized software from loading when your machine starts up. This tool reads the relevant settings directly from your PC's firmware and reports what it finds in plain text. The app checks your firmware type and whether Secure Boot is currently active. It also reads the four main signature databases that Secure Boot relies on: the Platform Key, the Key Exchange Key, the allowed signatures list, and the forbidden signatures list. For each certificate it finds, it shows the certificate's name, who issued it, when it expires, and a unique fingerprint called a thumbprint. It also displays any SHA-256 hash entries stored in those databases. When the inspection is done, you can copy the results to your clipboard or save them as a text report. The app is distributed as a portable folder rather than a single self-contained file, because some Windows systems reject single-file executables with a loader error. To use it, right-click the executable and choose "Run as administrator." Administrator privileges are required because reading these firmware variables is a protected operation on Windows. No installation is needed. The source description is in German, but the tool itself and its README are written in English. It is released under the GNU General Public License version 3 or later.

Copy-paste prompts

Prompt 1
Explain what Secure Boot is and why the Platform Key and Key Exchange Key matter.
Prompt 2
Walk me through how to run this tool as administrator and interpret its certificate report.
Prompt 3
What does it mean that this app is distributed as a portable folder instead of one executable file?
Prompt 4
Summarize what the GPL v3 license requires if I modify and redistribute this tool.

Frequently asked questions

What is secureboot-inspector?

A Windows 11 tool that inspects Secure Boot firmware settings and certificate databases, then lets you export a plain-text report.

What language is secureboot-inspector written in?

Mainly C#. The stack also includes C#, Windows.

What license does secureboot-inspector use?

Released under the GNU GPL v3 or later, which requires that modified versions you distribute stay open source under the same license.

How hard is secureboot-inspector to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is secureboot-inspector for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.