I tried to submit a patch some time ago, where you can get SecureBoot and
SetupMode variables from GRUB shell and config file:
http://lists.gnu.org/archive/html/grub-devel/2016-01/msg00078.html

It was abandoned for some reason.

Also, I think recent patches proposed by Matthew Garrett also allow to do
this

On Fri, Feb 17, 2017 at 8:17 AM, Dennis Wassenberg <
dennis.wassenberg@secunet.com> wrote:

> Hi, Daniel,
>
> On 16.02.2017 23:03, Daniel Kiper wrote:
> > On Thu, Feb 16, 2017 at 09:21:19AM +0100, Dennis Wassenberg wrote:
> >> Hi all,
> >>
> >> I have a question regarding grub2 in relation with UEFI secure boot. I
> >> do use a grub2 efi binary which is signed with sbsigntools. If the grub2
> >> starts I think there is in general no information about that the grub2
> >> is booted in secure boot environment.
> >
> > Why do you need that?
> Just to show that it is booted in secure mode. In general there are only
> a few devices which shows at the beginning that secureboot is active. So
> maybe it makes sense to show it at the booted efi application. If a user
> is interested in knowing if it is active or not he has to enter the
> Setup. In case of Lenovo there it is not shown directly if secureboot is
> active or not. At the secureboot tab there is shown that secureboot is
> enabled or not and if secureboot is in custom mode or setup mode. I
> believe that not every user known what this means. Thats why I think a
> hint if secureboot is currently active or not would make sense.
> >
> >> Is there a possibility to show that in grub2? I found no way to do that.
> >
> > If there is an use case why not.
> Would this be a use case?
> >
> >> Are you interested in having the possibility to show the uefi secure
> >> boot status (e.g. EFI variable secureboot)?
> >
> > I am going to work on shim protocol verification for Multiboot2
> > compatible images. I hope that it will be taken into GRUB2 2.03.
> Ah ok.
> >
> > Daniel
>
> Thank you for your response.
>
> Best regards,
> Dennis
> >
> > _______________________________________________
> > Grub-devel mailing list
> > Grub-devel@gnu.org
> > https://lists.gnu.org/mailman/listinfo/grub-devel
> >
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>