Get-UEFICertificate

1.3

This script retrieves and displays Secure Boot certificates and signatures (PK, KEK, DB, and DBX) from UEFI firmware and optionally saves them to files. The DBX (forbidden signatures) database contains both certificates and hashes that are blocked by Secure Boot.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Get-UEFICertificate

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

Copyright (C) 2026 Richard M. Hicks Consulting, Inc. All Rights Reserved.

Package Details

Author(s)

  • Richard Hicks

Tags

UEFI SecureBoot Certificates PK KEK DB DBX

Functions

ConvertFrom-SignatureList ConvertTo-PemFormat

Dependencies

This script has no dependencies.

FileList

Version History

Version Downloads Last updated
1.3 (current version) 2,732 2/10/2026
1.2.1 138,481 1/12/2026
1.2 5,909 11/17/2025
1.1 10 11/15/2025
1.0 8 11/13/2025