How to Get the BIOS Boot Mode (UEFI or Legacy) in Batch Script
Understanding whether a Windows machine booted in UEFI mode or Legacy BIOS mode is a critical prerequisite for many system administration tasks. Disk partitioning schemes (GPT vs. MBR), bootloader configurations, Secure Boot status, and OS deployment strategies all depend on the active firmware mode. A deployment script that assumes UEFI on a Legacy BIOS machine, or vice versa, will inevitably fail.
In this guide, we will explore multiple methods to detect the current boot mode from within a Batch Script, ranging from environment variable checks to registry queries and WMI lookups.
Method 1: The FIRMWARE_TYPE Environment Variable (Windows 10+)
Starting with Windows 10, Microsoft introduced the %FIRMWARE_TYPE% environment variable, which directly reports the firmware mode used during the last boot sequence.
@echo off
setlocal
echo Checking Boot Mode via Environment Variable...
echo.
if defined FIRMWARE_TYPE (
echo Firmware Type: %FIRMWARE_TYPE%
if /i "%FIRMWARE_TYPE%"=="UEFI" (
echo [RESULT] This system booted in UEFI mode.
) else if /i "%FIRMWARE_TYPE%"=="Legacy" (
echo [RESULT] This system booted in Legacy BIOS mode.
) else (
echo [RESULT] Unknown firmware type: %FIRMWARE_TYPE%
)
) else (
echo [WARNING] FIRMWARE_TYPE variable is not defined.
echo This may be an older Windows version. Try Method 2 or 3.
)
pause
Why This is the Preferred Method
The %FIRMWARE_TYPE% variable is populated by the Windows kernel itself during boot and is guaranteed to be accurate. It requires zero external commands, making it the fastest and most efficient check available.
The FIRMWARE_TYPE environment variable is only available on Windows 10 version 1607 (Anniversary Update) and later. On Windows 7, 8, or early Windows 10 builds, this variable will not exist.
Method 2: Checking the SecureBoot Registry Key
While the presence of Secure Boot does not technically guarantee UEFI (you could have UEFI without Secure Boot), the existence of the Secure Boot registry key itself is a strong indicator that the machine uses UEFI firmware.
@echo off
setlocal
echo Checking Boot Mode via Secure Boot Registry...
:: The SecureBoot State key only exists on UEFI systems
set "sb_key=HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\State"
reg query "%sb_key%" /v UEFISecureBootEnabled >nul 2>&1
if %errorlevel% equ 0 (
:: The key exists - this is a UEFI system. Read the Secure Boot value.
set "sb_val="
for /f "tokens=2*" %%A in ('reg query "%sb_key%" /v UEFISecureBootEnabled 2^>nul ^| findstr /i "REG_DWORD"') do set "sb_val=%%B"
echo [RESULT] System is UEFI.
if "!sb_val!"=="0x1" (
echo Secure Boot: ENABLED
) else (
echo Secure Boot: DISABLED (but UEFI firmware is active^)
)
) else (
echo [RESULT] Secure Boot registry key not found.
echo System is likely booted in Legacy BIOS mode.
echo (Or UEFI with Secure Boot completely unsupported by the firmware^)
)
pause
This method detects UEFI by checking for the Secure Boot registry key, which is an indirect indicator. Some UEFI systems that have Secure Boot capability disabled in the firmware setup may still have the registry key present with a value of 0x0. Conversely, very old UEFI implementations might not create this key at all. For the most reliable detection, combine this with Method 1 or Method 3.
Method 3: Using BCDEDIT (The Boot Configuration Database)
The Boot Configuration Data (BCD) store contains detailed information about how the system was booted. By querying bcdedit, we can examine the boot manager path, which differs between UEFI and Legacy boots.
@echo off
setlocal enabledelayedexpansion
:: Requires Admin
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Administrator privileges required for bcdedit.
pause
exit /b 1
)
echo Checking Boot Mode via BCD...
echo.
:: Dump BCD Boot Manager section
bcdedit /enum {bootmgr} > "%temp%\bcd.txt" 2>nul
if not exist "%temp%\bcd.txt" (
echo [ERROR] Failed to read BCD.
pause
exit /b 1
)
:: Debug output (optional but useful)
echo ===== BCD OUTPUT =====
type "%temp%\bcd.txt"
echo ======================
echo.
:: Detect UEFI by presence of .efi
findstr /i "\.efi" "%temp%\bcd.txt" >nul
if %errorlevel% equ 0 (
echo [RESULT] UEFI Boot Mode detected.
) else (
echo [RESULT] Legacy BIOS Boot Mode detected.
)
del "%temp%\bcd.txt" >nul 2>&1
pause
How the Detection Works
On UEFI systems, the Windows Boot Manager resides at \EFI\Microsoft\Boot\bootmgfw.efi on the EFI System Partition. On Legacy BIOS systems, the path is simply \bootmgr on the System Reserved partition. Searching for the string "efi" in the boot manager path is a reliable way to distinguish between the two modes.
Method 4: Using PowerShell with GetFirmwareType API
For maximum reliability across all Windows versions that support PowerShell, we can call the GetFirmwareType Windows API directly. This avoids relying on environment variables (which may not exist on older systems) or indirect indicators like registry keys.
@echo off
setlocal
echo Checking Boot Mode via PowerShell/GetFirmwareType API...
set "mode="
for /f "delims=" %%A in ('powershell -NoProfile -Command "[uint32]$ft=0; $sig='[DllImport(\"kernel32.dll\")]public static extern bool GetFirmwareType(out uint firmwareType);'; Add-Type -MemberDefinition $sig -Name FW -Namespace Win32; if([Win32.FW]::GetFirmwareType([ref]$ft)){ if($ft -eq 2){'UEFI'} elseif($ft -eq 1){'Legacy'} else{'Unknown'} } else {'Unknown'}" 2^>nul') do set "mode=%%A"
if /i "%mode%"=="UEFI" (
echo [RESULT] Boot Mode: UEFI
) else if /i "%mode%"=="Legacy" (
echo [RESULT] Boot Mode: Legacy BIOS
) else (
echo [RESULT] Boot Mode: Could not determine
)
pause
The GetFirmwareType API is available on Windows 8 and later. The function returns 1 for Legacy BIOS (FirmwareTypeBios), 2 for UEFI (FirmwareTypeUefi), and 3 for the maximum enum value (not a real type). The try/catch block provides a fallback to the FIRMWARE_TYPE environment variable if the P/Invoke call fails.
Method 5: Checking the System Disk Partition Style
UEFI systems typically use GPT (GUID Partition Table) disks, while Legacy BIOS systems use MBR (Master Boot Record). While this is not a 100% guarantee (you can have GPT on data disks in Legacy mode), the system disk's partition style is a strong indicator.
@echo off
setlocal enabledelayedexpansion
echo Checking System Disk Partition Style...
:: Requires Admin for diskpart
net session >nul 2>&1
if %errorlevel% neq 0 (
echo [ERROR] Administrator privileges required for diskpart.
pause
exit /b 1
)
:: Determine which disk number contains the system partition
:: by examining the SystemDrive (usually C:)
set "sys_disk=0"
for /f "tokens=1" %%D in ('powershell -NoProfile -Command ^
"(Get-Partition -DriveLetter ($env:SystemDrive[0])).DiskNumber" 2^>nul') do (
set "sys_disk=%%D"
)
:: Use diskpart to query the system disk
set "tmpfile=%temp%\diskpart_check_%RANDOM%.txt"
(
echo select disk %sys_disk%
echo detail disk
) | diskpart > "%tmpfile%" 2>nul
findstr /i "GPT" "%tmpfile%" >nul
if !errorlevel! equ 0 (
echo [RESULT] System disk (Disk %sys_disk%^) uses GPT partitioning.
echo This strongly indicates UEFI boot mode.
) else (
echo [RESULT] System disk (Disk %sys_disk%^) uses MBR partitioning.
echo This strongly indicates Legacy BIOS boot mode.
)
del "%tmpfile%" 2>nul
pause
This method checks the partition table style, which is a strong correlation with boot mode but not definitive proof. It is possible (though rare) to have a GPT data disk on a Legacy BIOS system, or an MBR system disk on a UEFI system booted via Compatibility Support Module (CSM). Always cross-reference with at least one other detection method.
A Comprehensive Detection Script
Here is an all-in-one script that tries multiple methods and provides a confident assessment.
@echo off
setlocal enabledelayedexpansion
echo =============================================
echo BOOT MODE DETECTION
echo =============================================
echo.
set "result=Unknown"
set "method=None"
set "is_admin=0"
:: Check admin rights once for methods that need it
net session >nul 2>&1
if !errorlevel! equ 0 set "is_admin=1"
:: Method 1: Environment Variable (fastest, no elevation needed)
if defined FIRMWARE_TYPE (
set "result=%FIRMWARE_TYPE%"
set "method=Environment Variable"
echo Method 1 (Env Var^): %FIRMWARE_TYPE%
goto :report
)
echo Method 1 (Env Var^): Not available (FIRMWARE_TYPE undefined^)
:: Method 2: Secure Boot Registry Key (no elevation needed)
reg query "HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\State" >nul 2>&1
if !errorlevel! equ 0 (
set "result=UEFI"
set "method=Secure Boot Registry"
echo Method 2 (Registry^): SecureBoot key found - UEFI
goto :report
)
echo Method 2 (Registry^): SecureBoot key not found
:: Method 3: BCDEDIT (requires admin)
if "!is_admin!"=="1" (
set "bpath="
for /f "tokens=2*" %%A in ('bcdedit /enum {bootmgr} 2^>nul ^| findstr /i "path"') do set "bpath=%%B"
if defined bpath (
echo !bpath! | findstr /i "efi" >nul
if !errorlevel! equ 0 (
set "result=UEFI"
) else (
set "result=Legacy"
)
set "method=BCD Boot Path"
echo Method 3 (BCD^): !result! - path: !bpath!
goto :report
)
echo Method 3 (BCD^): Could not parse boot path
) else (
echo Method 3 (BCD^): Skipped (not running as Administrator^)
)
echo.
echo [WARNING] All detection methods were inconclusive.
:report
echo.
echo =============================================
echo BOOT MODE: !result!
echo Detected via: !method!
echo =============================================
pause
Common Mistakes
The Wrong Way: Assuming UEFI Based on Windows Version
:: WRONG - Windows 10 can run in Legacy BIOS mode
if exist "C:\Windows\System32" echo Must be UEFI
Windows 10 and 11 fully support both UEFI and Legacy BIOS boot modes. The Windows version tells you nothing about the firmware mode. Always use the detection methods described above.
The Wrong Way: Using bcdedit Without Admin Rights
:: WRONG - bcdedit requires elevation
bcdedit /enum {bootmgr}
Running bcdedit as a standard user returns "Access is denied." Always check for admin rights before using this method, and prefer the %FIRMWARE_TYPE% variable when possible as it requires no elevation.
The Wrong Way: Relying Solely on the Secure Boot Registry Key
:: INCOMPLETE - Absence of the key does not definitively mean Legacy BIOS
reg query "HKLM\SYSTEM\...\SecureBoot\State" >nul 2>&1
if %errorlevel% neq 0 echo Definitely Legacy BIOS
A UEFI system with Secure Boot unsupported or fully disabled at the firmware level may not create the SecureBoot\State registry key. Treating the absence of this key as definitive proof of Legacy BIOS can produce false negatives. Always cross-reference with another detection method.
Best Practices
- Try
%FIRMWARE_TYPE%first: It is instant, requires no elevation, and works on Windows 10 1607+. - Layer multiple methods: For maximum compatibility across Windows versions, check the environment variable first, then fall back to the registry, then
bcdedit. - Log the result: In deployment scripts, always record the detected boot mode to a log file so that post-deployment audits can verify the machine was configured for the correct firmware type.
- Report which method succeeded: When layering multiple detection methods, record which method produced the result. This aids troubleshooting when different methods disagree or when a method that should work returns unexpected results.
- Check admin rights once: If the script uses multiple methods that may or may not require elevation, check
net sessiononce at the top and store the result in a variable rather than checking repeatedly.
Conclusion
Detecting whether a Windows machine booted in UEFI or Legacy BIOS mode is fundamental for system administration scripts that handle disk partitioning, bootloader repair, or OS deployment. The %FIRMWARE_TYPE% environment variable provides the fastest and simplest detection on modern Windows. For broader compatibility, querying the Secure Boot registry key or parsing the bcdedit boot manager path offers reliable fallback methods. Combining all three approaches into a layered detection script guarantees accurate results across virtually any Windows installation.