cws6206/secureboot-inspector — explained in plain English
Analysis updated 2026-05-18
Check whether Secure Boot is properly enabled and configured on a Windows 11 machine.
Inspect the Platform Key, Key Exchange Key, and allowed or forbidden signature databases.
Copy or save a plain-text report of firmware security settings for documentation or an audit.
Review certificate names, issuers, expiration dates, and thumbprints stored in firmware.
| cws6206/secureboot-inspector | petrovicar/rdr-2-menu-26 | aidotnet/codexswitch | |
|---|---|---|---|
| Stars | 64 | 64 | 63 |
| Language | C# | C# | C# |
| Setup difficulty | easy | easy | moderate |
| Complexity | 2/5 | 1/5 | 2/5 |
| Audience | ops devops | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Must be run as administrator because reading Secure Boot firmware variables is a protected Windows operation.
SecureBoot Inspector is a small Windows 11 utility that checks whether your computer's Secure Boot feature is properly configured. Secure Boot is a security standard built into modern computers that prevents unauthorized software from loading when your machine starts up. This tool reads the relevant settings directly from your PC's firmware and reports what it finds in plain text. The app checks your firmware type and whether Secure Boot is currently active. It also reads the four main signature databases that Secure Boot relies on: the Platform Key, the Key Exchange Key, the allowed signatures list, and the forbidden signatures list. For each certificate it finds, it shows the certificate's name, who issued it, when it expires, and a unique fingerprint called a thumbprint. It also displays any SHA-256 hash entries stored in those databases. When the inspection is done, you can copy the results to your clipboard or save them as a text report. The app is distributed as a portable folder rather than a single self-contained file, because some Windows systems reject single-file executables with a loader error. To use it, right-click the executable and choose "Run as administrator." Administrator privileges are required because reading these firmware variables is a protected operation on Windows. No installation is needed. The source description is in German, but the tool itself and its README are written in English. It is released under the GNU General Public License version 3 or later.
A Windows 11 tool that inspects Secure Boot firmware settings and certificate databases, then lets you export a plain-text report.
Mainly C#. The stack also includes C#, Windows.
Released under the GNU GPL v3 or later, which requires that modified versions you distribute stay open source under the same license.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.