Windows tool to check if motherboard has BootGuard or PSB enabled.

Motivation

Before flashing unsigned firmware, one must be sure that BootGuard / PSB is not enabled on the platform in question. Identifying the state of these features on Windows can be a little annoying, so I built a simple program to read the relevant registers, using RwEverything’s kernel driver.

Under the hood

The program identifies the CPU vendor, checks for Hyper-V and then proceeds if no Hyper-V and Intel processor are detected. If they both are, it gives the user the option to continue, which will fail spectacularly if VBS is enabled. RwEverything’s driver has no exception handling for MSR access, when the hypervisor injects its #GP exception, it is uncaught and brings down the system.