function checkSecureBoot {
  if ((Get-Command Confirm-SecureBootUEFI -ErrorAction  SilentlyContinue) -ne $null) {
    try {
      return Confirm-SecureBootUEFI
    }
    catch {
      return $false
    }
  }
  return $false
}

if (CheckSecureBoot) {
  Write-Host "SecureBoot: ON" 
} else {
  Write-Host "SecureBoot: OFF"
  exit 0
}

if ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023') {
  Write-Host  "SecureBoot DB already been updated. Nothing to do any ore."
  exit 0
} else {
  $value = (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot").AvailableUpdates
  if ($value -eq 0x40) {
    Write-Host  "SecureBoot DB updated. But reboot required."
    exit 0
  }
  $value = (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecureBoot").MicrosoftUpdateManagedOptIn
  if ($value -eq 0x5944){
    Write-Host  "SecureBoot DB ready to update by Microsoft."
    exit 0
  } else {
    Write-Host  "SecureBoot DB is not updated."
    exit 1
  }
}