Hello,
Thank you so much for posting here.
As you mentioned, the Get-SecureBootUEFI cmdlet gets the UEFI variable values related to Secure Boot which are: SetupMode, SecureBoot, KEK, PK, SignatureDatabase (DB), and forbidden SignatureDatabase (DBX).
If the variable does not exist, this cmdlet displays the following:
Variable is currently undefined.
According to my research, to check whether our PC is vulnerable to BootHole, we could run the command. If we get a return of "True", then our PC is vulnerable. But no more information about this could be found. Nowhere describes what this output (Variable is currently undefined) mean and what could do with this output.
Here are some information we would like to share with you. Hope it could be of some help to you.
https://answers.microsoft.com/en-us/windows/forum/all/microsoft-guidance-for-applying-secure-boot-dbx/d0b9c235-6ed0-4be8-a497-b33eb750d814?auth=1
https://www.tomsguide.com/news/boothole-hack-windows-linux
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Thank you so much for your understanding and support.
Best regards,
Hannah Xiong