This is the built-in help made by Microsoft for the command 'Set-SecureBootUEFI', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Sets the Secure Boot-related UEFI variables such as Platform Key, Key Exchange Key, Signature Database and Forbidden Signature Database.
Set-SecureBootUEFI [-AppendWrite [<SwitchParameter>]] [-OutputFilePath <String>] [-SignedFilePath <String>] -Name <String> -Time <String>
[<CommonParameters>]
Set-SecureBootUEFI [-Content <Byte[]>] [<CommonParameters>]
Set-SecureBootUEFI [-ContentFilePath <String>] [<CommonParameters>]
The Set-SecureBootUEFI cmdlet takes a formatted content object that is created by running the Format-SecureBootUEFI cmdlet and a signed file,
combines the twos and attempts to set the package in one of the Secure Boot variables. The supported Secure Boot variables include Platform
Key (PK), Key Exchange Key (KEK), Signature Database (DB), and Forbidden Signature Database (DBX).
This cmdlet returns an UEFIEnvironmentVariable object if successful, otherwise displays an error.
This cmdlet runs on both UEFI and BIOS (non-UEFI) computer.If the computer does not support Secure Boot or is a non-UEFI computer, then this
cmdlet returns an error displaying the following: Cmdlet not supported on this platform.
If Windows PowerShell® is not run in administrator mode, then this cmdlet returns an error displaying the following: Unable to set proper
privileges. Access was denied.
If the signed file supplied to this cmdlet is not valid, then this cmdlet returns an error displaying the following: Incorrect authentication
data.
<
Confirm-SecureBootUEFI
Format-SecureBootUEFI
Get-SecureBootPolicy
Get-SecureBootUEFI
<
EXAMPLE 1
@{navigationLink=@{uri=; linkText=Windows Software Development Kit (SDK) for Windows 8}; #text=System.Management.Automation.PSObject[]}
This example sets the information obtained from the Format-SecureBootUEFI cmdlet to the DBX UEFI variable. This cmdlet supplies a path to the
signed package to be authenticated. The file named GeneratedFileToSign.bin is a digest created by the Format-SecureBootUEFI cmdlet that needs
to be signed according to the UEFI specification.
EXAMPLE 2
PS C:\> Set-SecureBootUEFI -ContentFilePath FormattedVariable.bin -SignedFilePath GeneratedFileToSign.bin.p7
Name : dbx
Bytes : {161, 89, 192, 165...}
Attributes : NON VOLATILE
BOOTSERVICE ACCESS
RUNTIME ACCESS
TIME BASED AUTHENTICATED WRITE ACCESS
This example sets the formatted data that was written to file FormattedVariable.bin to the DBX UEFI variable. This cmdlet supplies a path to
the signed package to be authenticated.
EXAMPLE 3
PS C:\> $objectFromFormat = ( Format-SecureBootUEFI -Name DB -SignatureOwner 12345678-1234-1234-1234-123456789abc –Time 2011-11-01T13:30:00Z
-CertificateFilePath db.cer –FormatWithCert )
PS C:\> $objectFromFormat | Set-SecureBootUEFI
Name : db
Bytes : {161, 89, 192, 165...}
Attributes : NON VOLATILE
BOOTSERVICE ACCESS
RUNTIME ACCESS
TIME BASED AUTHENTICATED WRITE ACCESS
This example creates formatted data that is not signed and sets the unsigned data into the UEFI variable named db.