diff --git a/resources/device_probe.py b/resources/device_probe.py
index 4d25555a9..b54eb02bc 100644
--- a/resources/device_probe.py
+++ b/resources/device_probe.py
@@ -485,6 +485,8 @@ class Computer:
     bluetooth_chipset: Optional[str] = None
     ambient_light_sensor: Optional[bool] = False
     third_party_sata_ssd: Optional[bool] = False
+    secure_boot_model: Optional[str] = None
+    secure_boot_status: Optiona[int] = None
 
     @staticmethod
     def probe():
@@ -705,6 +707,9 @@ class Computer:
         self.opencore_version = utilities.get_nvram("opencore-version", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True)
         self.opencore_path = utilities.get_nvram("boot-path", "4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102", decode=True)
 
+        # SecureBoot Variables
+        self.secure_boot_model = utilities.check_secure_boot_model()
+        self.secure_boot_status = utilities.check_ap_security_mode()
     def cpu_probe(self):
         self.cpu = CPU(
             subprocess.run("sysctl machdep.cpu.brand_string".split(), stdout=subprocess.PIPE).stdout.decode().partition(": ")[2].strip(),
diff --git a/resources/utilities.py b/resources/utilities.py
index 2c49a057a..44568f85e 100644
--- a/resources/utilities.py
+++ b/resources/utilities.py
@@ -206,6 +206,34 @@ def check_filevault_skip():
         return False
 
 
+def check_secure_boot_model():
+    sbm_byte = get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False)
+    if sbm_byte:
+        sbm_byte = sbm_byte.replace(b"\x00", b"")
+        sbm_string = sbm_byte.decode("utf-8")
+        return sbm_string
+    return None
+
+def check_ap_security_mode():
+    ap_security_mode_byte = get_nvram("ApSecurityMode", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False)
+    if ap_security_mode_byte:
+        # Ref:
+        # https://github.com/acidanthera/OpenCorePkg/blob/f7c1a3d483fa2535b6a62c25a4f04017bfeee09a/Include/Apple/Protocol/AppleImg4Verification.h#L27-L31
+        #     AppleImg4SbModeDisabled = 0,
+        #     AppleImg4SbModeMedium   = 1,
+        #     AppleImg4SbModeFull     = 2
+        return int.from_bytes(ap_security_mode_byte, byteorder="little")
+    return 0
+
+def check_secure_boot_level():
+    if check_secure_boot_model() in constants.Constants().sbm_values:
+        if check_ap_security_mode() == 2:
+            return True
+        else:
+            return False
+    return False
+
+
 def patching_status(os_sip, os):
     # Detection for Root Patching
     sip_enabled = True  #  System Integrity Protection
@@ -223,16 +251,7 @@ def patching_status(os_sip, os):
         # Catalina and older supports individually disabling Library Validation
         amfi_enabled = False
 
-    sbm_byte = get_nvram("HardwareModel", "94B73556-2197-4702-82A8-3E1337DAFBFB", decode=False)
-    if sbm_byte:
-        # SecureBootModel has a ton of null bytes, so strip them out
-        sbm_string = sbm_byte.decode("utf-8")
-        if sbm_string in constants.Constants().sbm_values:
-            sbm_enabled = True
-        else:
-            sbm_enabled = False
-    else:
-        sbm_enabled = False
+    sbm_enabled = check_secure_boot_level()
 
     if os > os_data.os_data.yosemite:
         sip_enabled = csr_decode(os_sip)