XPost: alt.comp.os.windows-10   
   From: nospam@needed.invalid   
      
   On Fri, 3/6/2026 11:26 AM, J. P. Gilliver wrote:   
   > On 2026/3/6 4:27:10, Paul wrote:   
   >> On Thu, 3/5/2026 10:15 PM, Alan K. wrote:   
   >>> On 3/5/26 7:01 PM, Paul wrote:   
   >>>> On Thu, 3/5/2026 6:24 PM, Alan K. wrote:   
   >>>>> On 3/5/26 6:30 PM, Jack wrote:   
   >>>>>> Windows Secure Boot is EXPIRING: Do This Before June 2026!   
   > []   
   >>>>>> This only applies to UEFI boot. On Windows 10 this was not necessary but   
   >>>>>> for Windows 11 this is now mandatory. Whether Microsoft updates this   
   >   
   > Is there a way to tell from a running W10 setup (i. e. without having to   
   > do a reboot and watch for things flashing by) whether you have UEFI or   
   > legacy boot? (And, if UEFI, whether you have "Secure Boot enabled"   
   > [thanks VLH]?)   
   > []   
      
   If you go to Settings and enter TPM, the   
   Device Security on mine says:   
      
      "Security Processor"   
      ...   
      standard hardware security not supported   
      
   Which means, roughly, that it is not enabled at BIOS level   
   and used for the current boot. (The Security Processor is   
   operating, but the BIOS is not switched to a state where   
   it wants to measure anything, like measure a boot process.)   
      
   The other entry in a Settings Search is "Security Processor"   
   and it says   
      
      Attestation  Ready   
      Storage      Ready   
      
   and above that it indicates the TPM type and version. And that   
   is indicating, that if I did enable Secure Boot at BIOS level, it   
   should work.   
      
   The fact a TPM is detected and it is listed as an Infineon device   
   (one of the manufacturers of such), that indicates there is a   
   secure enclave for any TPM based measuring and recording to be done.   
      
   But if the BIOS does not contain code for operating the TPM   
   for the Secure Boot feature, that is a "lack of Attestation".   
   For example, on the Optiplex 780, there is a TPM present, but   
   there is no BIOS code to use it. On the Test Machine, there is   
   no TPM present and there *is* BIOS code to use it. And these   
   non-comformances prevent Secure Boot from happening.   
      
   If I do Start : Run : msinfo32, then look at System Summary   
   (there is at least one other MSFT utility to display this), it says:   
      
      BIOS Mode           UEFI   
      Secure Boot State   Off   
      
   and that's a decent summary suitable for determining whether   
   you're in CSM or UEFI, and if in UEFI whether Secure Boot   
   was used or not.   
      
      Paul   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)