Translate

Image of Advanced Programming in the UNIX Environment, Second Edition (Addison-Wesley Professional Computing Series)
Image of Android Wireless Application Development
Image of Modern Operating Systems (3rd Edition)
Image of Linux Kernel Development (3rd Edition)

UEFI-based Windows 10 Platform - Failure to Boot Due to Missing or Corrupt BCD

I was prompted to write this post as a result of Windows 10 Professional recently attempting to do a silent update while I was waiting in an airport which I unknowingly interrupted when I powered down my UEFI-based laptop prior to boarding the plane.

When I later powered on the laptop, it failed to boot and simply displayed the following message:

A Boot Configuration Data (BCD) store (there can be more than one) contains boot configuration parameters which control how the operating system is started in Windows 10. First introduced in Windows Vista, these parameters were previously stored in the boot.ini file on BIOS-based platforms and as NVRAM variables in UEFI-based platforms. If the BCD store is missing, becomes corrupted, or is not properly configured, Windows 10 will not boot.

Here are two graphics which provide an overview of how a UEFI-based platform boots into the Windows 10 operating system:


I assume by now that the majority of readers of my blog are quite familiar with UEFI-based platforms so the contents of the above graphics should be self-explanatory. Both graphics come from a UEFI-plugfest presentation by Murali Ravirala of the Microsoft Kernel Platform Architecture Team. Note that the Microsoft Boot Manager (bootmgfw.efi) is the only executable in the boot sequence which actually accesses the BCD store.

When you do an Internet search for how to fix BCD-related errors, you will find many articles explaining how to use the bootrec utility to effect the repair. Typically the described repair procedure is similar to the following:

X:>bootrec /scanos
Scanning all disks for Windows installations.  

Please wait, since this may take a while...  

Successfully scanned Windows installations. 
Total identified Windows installations: 1 

The operation completed successfully.

X:>del d:\boot\bcd

X:>bootrec /rebuildbcd
Scanning all disks for Windows installations.  

Please wait, since this may take a while...  

Successfully scanned Windows installations. 
Total identified Windows installations: 1 
[1] D:\Windows 
Add installation to boot list? Yes/No/All:

However, what is rarely pointed out to readers is the fact that the bootrec utility is not useful on UEFI-based platforms. It only works with with older BIOS-based systems which use an MBR (Master Boot Record) for booting!

On UEFI-based platforms, you should use the bcdedit command-line utility to manage BCD stores on your system. It has been available in all versions of Windows since Windows 7. Note that administrative privileges are required to use bcdedit to modify a BCD store. Furthermore, the BCD store is no longer located by default at c:>\boot\bcd but instead is located at /efi/microsoft/boot/bcd.

By the way, on a Windows 10 UEFI-platform you can delete the entire c:>\boot folder. It really serves no useful function except as a quasi-backup of the Windows-related boot files in the ESP. I deleted this folder and it’s contents when I installed Windows 10 and have never run into an issue with it not being there.

Here is what I saw on my laptop after I used my Windows 10 USB-based install media (never travel without a Windows 10 install media!) to get to a recovery command prompt and used bcdedit to enumerate all the default BCD store entries:

Both entries appear to be normal.

Note the extra (and critical for repairing the BCD store) information displayed when the /enum all switch is added:

C:\>bcdedit /enum all

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {def0c639-218c-11e6-845f-68f7286346fb}
                        {def0c63a-218c-11e6-845f-68f7286346fb}
                        {def0c632-218c-11e6-845f-68f7286346fb}
                        {def0c633-218c-11e6-845f-68f7286346fb}
                        {def0c63b-218c-11e6-845f-68f7286346fb}
                        {def0c63c-218c-11e6-845f-68f7286346fb}
                        {def0c63d-218c-11e6-845f-68f7286346fb}
                        {def0c63e-218c-11e6-845f-68f7286346fb}
                        {def0c638-218c-11e6-845f-68f7286346fb}
timeout                 0

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7ce0dd34-d277-11e4-8263-68f7286346fb}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {03426d41-d289-11e4-8264-806e6f6e6963}
description             Diagnostic Splash Screen

Firmware Application (101fffff)
-------------------------------
identifier              {03426d42-d289-11e4-8264-806e6f6e6963}
description             Lenovo Diagnostics

Firmware Application (101fffff)
-------------------------------
identifier              {03426d43-d289-11e4-8264-806e6f6e6963}
description             Startup Interrupt Menu

Firmware Application (101fffff)
-------------------------------
identifier              {03426d44-d289-11e4-8264-806e6f6e6963}
description             Rescue and Recovery

Firmware Application (101fffff)
-------------------------------
identifier              {03426d45-d289-11e4-8264-806e6f6e6963}
description             MEBx Hot Key

Firmware Application (101fffff)
-------------------------------
identifier              {def0c632-218c-11e6-845f-68f7286346fb}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\fpm\SHELLX64.EFI
description             UEFI 2.3 Shell

Firmware Application (101fffff)
-------------------------------
identifier              {def0c633-218c-11e6-845f-68f7286346fb}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Boot\LenovoBT.EFI
description             Lenovo BT

Firmware Application (101fffff)
-------------------------------
identifier              {def0c634-218c-11e6-845f-68f7286346fb}
description             IDER BOOT CDROM

Firmware Application (101fffff)
-------------------------------
identifier              {def0c635-218c-11e6-845f-68f7286346fb}
description             IDER BOOT Floppy

Firmware Application (101fffff)
-------------------------------
identifier              {def0c636-218c-11e6-845f-68f7286346fb}
description             ATA HDD

Firmware Application (101fffff)
-------------------------------
identifier              {def0c637-218c-11e6-845f-68f7286346fb}
description             ATAPI CD

Firmware Application (101fffff)
-------------------------------
identifier              {def0c638-218c-11e6-845f-68f7286346fb}
description             PCI LAN

Firmware Application (101fffff)
-------------------------------
identifier              {def0c639-218c-11e6-845f-68f7286346fb}
description             USB CD

Firmware Application (101fffff)
-------------------------------
identifier              {def0c63a-218c-11e6-845f-68f7286346fb}
description             USB FDD

Firmware Application (101fffff)
-------------------------------
identifier              {def0c63b-218c-11e6-845f-68f7286346fb}
description             ATA HDD0

Firmware Application (101fffff)
-------------------------------
identifier              {def0c63c-218c-11e6-845f-68f7286346fb}
description             ATA HDD1

Firmware Application (101fffff)
-------------------------------
identifier              {def0c63d-218c-11e6-845f-68f7286346fb}
description             ATA HDD2

Firmware Application (101fffff)
-------------------------------
identifier              {def0c63e-218c-11e6-845f-68f7286346fb}
description             USB HDD

Firmware Application (101fffff)
-------------------------------
identifier              {def0c63f-218c-11e6-845f-68f7286346fb}
description             Setup

Firmware Application (101fffff)
-------------------------------
identifier              {def0c640-218c-11e6-845f-68f7286346fb}
description             Boot Menu

Firmware Application (101fffff)
-------------------------------
identifier              {def0c641-218c-11e6-845f-68f7286346fb}
description             Diagnostic Splash Screen

Firmware Application (101fffff)
-------------------------------
identifier              {def0c642-218c-11e6-845f-68f7286346fb}
description             Lenovo Diagnostics

Firmware Application (101fffff)
-------------------------------
identifier              {def0c643-218c-11e6-845f-68f7286346fb}
description             Startup Interrupt Menu

Firmware Application (101fffff)
-------------------------------
identifier              {def0c644-218c-11e6-845f-68f7286346fb}
description             Rescue and Recovery

Firmware Application (101fffff)
-------------------------------
identifier              {def0c645-218c-11e6-845f-68f7286346fb}
description             MEBx Hot Key

Firmware Application (101fffff)
-------------------------------
identifier              {def0c646-218c-11e6-845f-68f7286346fb}
description             Startup Interrupt Menu

Firmware Application (101fffff)
-------------------------------
identifier              {def0c647-218c-11e6-845f-68f7286346fb}
description             Rescue and Recovery

Firmware Application (101fffff)
-------------------------------
identifier              {def0c648-218c-11e6-845f-68f7286346fb}
description             MEBx Hot Key

Firmware Application (101fffff)
-------------------------------
identifier              {def0c649-218c-11e6-845f-68f7286346fb}
description             IDER BOOT CDROM

Firmware Application (101fffff)
-------------------------------
identifier              {def0c64a-218c-11e6-845f-68f7286346fb}
description             IDER BOOT Floppy

Firmware Application (101fffff)
-------------------------------
identifier              {def0c64b-218c-11e6-845f-68f7286346fb}
description             ATA HDD

Firmware Application (101fffff)
-------------------------------
identifier              {def0c64c-218c-11e6-845f-68f7286346fb}
description             ATAPI CD

Firmware Application (101fffff)
-------------------------------
identifier              {def0c64d-218c-11e6-845f-68f7286346fb}
description             PCI LAN

Windows Setup
-------------
identifier              {7254a080-1510-4e85-ac0f-e7fb3d444736}
device                  ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{7ce0dd33-d277-11e4-8263-68f7286346fb}
path                    \windows\system32\winload.efi
description             Windows Rollback
locale                  en-US
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{7ce0dd33-d277-11e4-8263-68f7286346fb}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7ce0dd36-d277-11e4-8263-68f7286346fb}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {7ce0dd34-d277-11e4-8263-68f7286346fb}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {7ce0dd36-d277-11e4-8263-68f7286346fb}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{7ce0dd37-d277-11e4-8263-68f7286346fb}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{7ce0dd37-d277-11e4-8263-68f7286346fb}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7ce0dd31-d277-11e4-8263-68f7286346fb}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-us
inherit                 {resumeloadersettings}
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {7ce0dd34-d277-11e4-8263-68f7286346fb}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {7ce0dd36-d277-11e4-8263-68f7286346fb}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  unknown
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7ce0dd33-d277-11e4-8263-68f7286346fb}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {7ce0dd37-d277-11e4-8263-68f7286346fb}
description             Windows Recovery
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Note the Windows Setup, Windows Recovery, duplicate Resume from Hibernate and more, and the two Windows Boot Loader entries. Duplicate entries are permitted but I personally like to have just one entry.

In general you will have the following entries in your default BCD store on a UEFI-based Windows 10 platforms:

  • Windows Boot Manager
  • Windows Boot Loader
  • Windows Resume from Hibernate
  • Windows Memory Tester

The Windows Boot Manager entry (Identifier bootmgr) manages the Windows 10 boot process. The entry specifies a boot manager called bootmgfw.efi, typically located in the ESP partition at \efi\microsoft\boot\bootmgfw.efi, loads a UEFI-based Windows loader which is located at c:>\windows\system32\winload.efi.

Microsoft publishes a number of documents on configuring the various BCD store settings using bcdedit. The best that I have come across is BCD System Store Settings for UEFI. Download and read this document in full before using bcdedit to modify the BCD system store!

Logically, a BCD store is a namespace container for BCD objects and elements that hold the information that is required to load Windows or run other boot applications. Using a BCD store provides a firmware-independent mechanism for manipulating boot environment data for any type of Windows system.

The BCD architecture is a hierarchy composed of three basic components:

  • A BCD store is the top-level component in the hierarchy. It serves as the namespace container.
  • A BCD object is a container of BCD elements. The most common type of BCD object describes a boot environment application, e.g. an instance of the Windows boot loader.
  • A BCD element is a singular item of data such as a debugger setting, a boot application name, or an operating system device.

Physically, a BCD store is a binary file (hive) implemented using the standard Windows registry hive format. You can see the content of the BCD store used to boot Windows 10 using regedit or one of the many Windows registry viewers. Entries are stored under HKEY_LOCAL_MACHINE/BCD. The BCD that was used to boot windows is normally already mounted as BCD00000000.

Assuming you have administrator privileges, you can also view other BCD stores by clicking on HKEY_LOCAL_MACHINE, going to File->Load Hive and browsing to the BCD file you wish to mount, view, and edit entries.

According to Microsoft, a BCD store should not be accessed using registry APIs because of interaction with the underlying firmware. For this reason, BCD stores should be accessed only the available BCD tools or via the documented Windows Management Instrumentation (WMI) BCD provider. This WMI provider can be used to programmatically manipulate a local or remote BCD store.

By the way, it is possible to access the ESP from the command prompt if your have elevated privileges by assigning a temporary drive letter to the ESP using diskpart as shown below:

If you look at the contents of /efi/microsoft/boot, you will see two other files that form part of the Windows 10 boot process, i.e. bcd.log and boot.stl.

The BCD log files are the transaction journal(s) for the BCD store hive, and are for recovery purposes. They conform to the Windows registry file format specification.

As far as I know, there are no publicly available utilities to display the contents of such transaction logs in a useful format. Typically a hex editor such as WinHex is used.

Here, for example, is the first part of the base block for bcd.log:

Note the ASCII string regf. This string identifies a Windows registry format file. The DWORD at offset 4 contains the primary sequence number which is incremented by 1 in the beginning of a write operation on the primary file. The DWORD at offset 8 contains the secondary sequence number which is incremented by 1 at the end of a write operation on the primary file. The primary sequence number and the secondary sequence number should be equal after a successful write operation. The QWORD at offset 12 contains the last write timestamp. The ASCII string rmtm (Resource Manager, Transaction Manager) at offset 164 is a GUID signature first introduced in Windows 10.

The ASCII string HvLE at offset 512 indicates a log entry. Each log entry is stored at an offset divisible by 512 bytes and has a variable size which is a multiple of 512 bytes. There are no gaps between log entries. See the registry file format specification for more details.

Turning now to an examination of boot.stl which is another file found in the \efi\microsoft\boot folder. This file is a standard Microsoft certificate trust list (CRL).

 
d:>certutil -dump d:\efi\microsoft\boot\boot.stl

PKCS7 Message:
  CMSG_SIGNED(2)
  CMSG_SIGNED_DATA_PKCS_1_5_VERSION(1)
  Content Type: 1.3.6.1.4.1.311.10.1 Certificate Trust List

PKCS7 Message Content:
================ Begin Nesting Level 1 ================
Certificate Trust List:
Version: 1
Usage Entries: 1
  [0] 1.3.6.1.4.1.311.61.3.1 szOID_KMOD_REVOCATION_LIST
 ThisUpdate: 9/30/2015 4:53 AM
 NextUpdate: EMPTY
Subject Algorithm:
    Algorithm ObjectId: 1.3.6.1.4.1.311.61.3.1 szOID_KMOD_REVOCATION_LIST
    Algorithm Parameters:
    05 00
CTL Entries: 0
Extensions: 3
    1.3.6.1.4.1.311.61.3.3.1: Flags = 0, Length = 28
    szOID_KMOD_CERT_MD5
    0: 7e4d770dc4b5af90c7acf468f34d134e EMPTY
    1: a1ecf42df0a819057b2b361c55ed2b13 EMPTY

    1.3.6.1.4.1.311.61.3.3.2: Flags = 0, Length = 78
    szOID_KMOD_CERT_SHA1
    0: 0415f4e1565c3fef36cfd535c1346d7f... EMPTY
    1: 08222b4d0f69d65f101e26605dd0b578... EMPTY
    2: 0c873ebe4d199091c694ad3b1390f9c9... EMPTY
    3: 226786f69cbbbfc959552d3688126d10... EMPTY
    4: 2a0935479afbcf8455b932fc68a4a316... EMPTY
    5: 795634617e813a70a87c05dd87b05bde... EMPTY

    1.3.6.1.4.1.311.61.3.3.3: Flags = 0, Length = 3c
    szOID_KMOD_CERT_SHA256
    0: 1ee185a1a48b2ff301b641e91cdf3a98... EMPTY
    1: 4ef556c930201cfaeee893102954a630... EMPTY
    2: b68a22f66c3359c21ea9c523a1fa6728... EMPTY

----------------  End Nesting Level 1  ----------------

Signer Count: 1
Signing Certificate Index: 1
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 3 Hours, 51 Minutes, 26 Seconds

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 3 Hours, 51 Minutes, 26 Seconds

CertContext[0][0]: dwInfoStatus=122 dwErrorStatus=0
  Issuer: CN=Microsoft Certificate List CA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  NotBefore: 8/19/2015 1:17 AM
  NotAfter: 11/19/2016 1:17 AM
  Subject: CN=Microsoft Revoked List Publisher, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  Serial: 330000002112c797d2146f29c7000000000021
  SubjectAltName: Directory Address:SERIALNUMBER="38138+1df1138b-b256-41f0-b413-8a5b1556a840", OU=AOC
  Cert: d9e61ed62c65ca15366e0184aaeba245410d3f56
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_AUTO_UPDATE_END_REVOCATION (0x20)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Application[0] = 1.3.6.1.4.1.311.10.3.19 Revoked List Signer

CertContext[0][1]: dwInfoStatus=112 dwErrorStatus=0
  Issuer: CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  NotBefore: 3/30/2011 2:58 AM
  NotAfter: 3/30/2026 3:08 AM
  Subject: CN=Microsoft Certificate List CA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  Serial: 61116c92000000000007
  Template: SubCA
  Cert: b11264c19be7daa8c9e989176ae98961fade31cf
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_AUTO_UPDATE_CA_REVOCATION (0x10)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Application[0] = 1.3.6.1.5.5.7.3.3 Code Signing
  Application[1] = 1.3.6.1.4.1.311.10.3.1 Microsoft Trust List Signing
  Application[2] = 1.3.6.1.4.1.311.10.3.9 Root List Signer
  Application[3] = 1.3.6.1.4.1.311.10.3.19 Revoked List Signer

CertContext[0][2]: dwInfoStatus=13c dwErrorStatus=0
  Issuer: CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  NotBefore: 6/24/2010 5:57 AM
  NotAfter: 6/24/2035 6:04 AM
  Subject: CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  Serial: 28cc3a25bfba44ac449a9b586b4339aa
  Cert: 3b1efd3a66ea28b16697394703a72ca340a05bd5
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_AUTO_UPDATE_CA_REVOCATION (0x10)
  Element.dwInfoStatus = CERT_TRUST_AUTO_UPDATE_END_REVOCATION (0x20)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

Exclude leaf cert:
  Chain: 66a8e7955fc5c41355ac9ae19f3b299de9ea9155
Full chain:
  Chain: 7eb2aa2e9d03b7b78cba2e72eb9faf39fc1cdde9
------------------------------------
Verified Issuance Policies: None
Verified Application Policies:
    1.3.6.1.4.1.311.10.3.19 Revoked List Signer

Signer Info[0]:
Signature matches Public Key
CMSG_SIGNER_INFO_PKCS_1_5_VERSION(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
    Serial Number: 330000002112c797d2146f29c7000000000021
    Issuer: CN=Microsoft Certificate List CA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
    Subject: CN=Microsoft Revoked List Publisher, OU=AOC, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Hash Algorithm:
    Algorithm ObjectId: 2.16.840.1.101.3.4.2.1 sha256 (sha256NoSign)
    Algorithm Parameters: NULL
Encrypted Hash Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
    Algorithm Parameters: NULL
Encrypted Hash:
    0000  23 36 11 7d b2 aa bb ac  4a 51 8d 68 66 11 a6 93
    0010  9f 50 40 bc b4 bc a8 b7  52 32 5b 5c 25 00 10 a4
    0020  bd 2a 51 9a dd ea e5 62  c2 00 e5 30 6e 9d f8 cc
    0030  24 e7 01 00 fd e7 4b 3e  96 7d 40 cf 5e 26 a7 c3
    0040  57 0b f7 29 b3 a8 4c 8f  b8 a7 2b 57 45 52 d2 bf
    0050  66 2c 7e c9 44 46 49 2a  67 c6 84 b8 aa 81 6c 64
    0060  a6 c2 69 2e 05 b9 ab d3  14 ba ca ef 29 20 57 c4
    0070  d9 ee 65 b9 d4 2a 9d bc  bf 4e b8 ff 3a 9b 5b 20
    0080  33 e1 92 10 01 fb c8 dd  98 73 1d 89 70 96 b1 85
    0090  a4 74 0f 00 12 08 03 73  28 39 74 09 27 a5 2d c8
    00a0  e3 e4 92 f0 c2 be 51 c8  94 1a 6c 0b 4f c1 3e 1d
    00b0  29 4a 97 8f 7f 91 44 df  c6 4c 42 ce 57 ad ab 72
    00c0  09 7e b3 83 21 d0 6f 5e  54 cd 36 15 e1 e9 7b 2e
    00d0  8e 51 27 12 21 58 92 9e  b2 0d e9 19 dd d1 28 44
    00e0  f6 4b ec 3d 9a 3f 8a 13  6b 67 3d 09 92 56 f6 09
    00f0  3a d5 56 05 34 65 89 de  45 56 8f 90 5c 50 80 7b

Authenticated Attributes[0]:
  3 attributes:

  Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
    Value[0][0], Length = b
    1.3.6.1.4.1.311.10.1 Certificate Trust List

  Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
    Value[1][0], Length = 22
    Message Digest:
        0000  46 07 27 aa 07 30 2a 6f  ac e0 35 e3 b9 14 13 5b
        0010  85 40 16 58 aa d0 09 8d  3c 70 76 1e bf 8a ed 35

  Attribute[2]: 1.3.6.1.4.1.311.2.1.12 (SPC_SP_OPUS_INFO_OBJID)
    Value[2][0], Length = 4c
    Description: Microsoft Corporation
    Url: http://www.microsoft.com

Unauthenticated Attributes[0]:
  0 attributes:

Computed Hash: ...
    0000  9f 2a 9d e6 34 b6 fa b6  99 9e 6e 7b 07 67 0b bf
    0010  89 96 b0 57 1e e4 24 66  ae 7c 86 68 c9 b1 8f bc
No Recipient
Computed Hash: ...
    0000  9f 2a 9d e6 34 b6 fa b6  99 9e 6e 7b 07 67 0b bf
    0010  89 96 b0 57 1e e4 24 66  ae 7c 86 68 c9 b1 8f bc

Certificates:
================ Begin Nesting Level 1 ================
Element 0:
X509 Certificate:
Version: 3
Serial Number: 61116c92000000000007
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
    Algorithm Parameters:
    05 00
Issuer:
    CN=Microsoft Root Certificate Authority 2010
    O=Microsoft Corporation
    L=Redmond
    S=Washington
    C=US
  Name Hash(sha1): 36c61e7e4edbe33d203ae1c16d5e7d8a6f9d8f23
  Name Hash(md5): 83d006c6d15405e6ce2847a90a3f3ec9

 NotBefore: 3/30/2011 2:58 AM
 NotAfter: 3/30/2026 3:08 AM

Subject:
    CN=Microsoft Certificate List CA 2011
    O=Microsoft Corporation
    L=Redmond
    S=Washington
    C=US
  Name Hash(sha1): ecca5efef031521a908d56622ab07e1f4b6cf95b
  Name Hash(md5): 092ae8851478335ff5420029522550fa

Public Key Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
    Algorithm Parameters:
    05 00
Public Key Length: 4096 bits
Public Key: UnusedBits = 0
    0000  30 82 02 0a 02 82 02 01  00 b8 84 7a 80 fd 4d 27
    0010  a7 d2 ef 82 36 f1 53 05  9d be 42 6d 8e 31 08 47
    0020  cb cd b3 83 0a 4b 4e 33  1a 2e 7c dd 72 81 8d ce
    0030  90 fc 3c 05 cb 2f 34 85  38 8f 3c 1c 68 6d 60 51
    0040  52 4d ac da 6d 2b 7e b3  73 47 ab d2 dc 95 71 4a
    0050  31 81 5a a1 1f ab 82 26  45 2d 8c e8 84 78 bd 20
    0060  f0 0d c6 f5 ae 26 87 1e  56 8e 55 3c 08 30 32 94
    0070  94 22 93 0b a5 b0 c6 5d  e6 2d 81 39 cd e9 c7 ae
    0080  e8 d8 49 71 49 ab 91 74  b8 4f 8d 2f 47 b3 3f d0
    0090  93 83 5c 02 1a de 4b b8  b2 3c 37 e9 93 ea 72 5b
    00a0  98 c7 e3 ac 18 e0 e6 7e  4a c1 81 2c fd 22 14 76
    00b0  73 e1 68 dc 20 09 c0 f3  46 cd 23 26 c8 45 22 ca
    00c0  c7 bc 74 fc 89 ff 57 e0  cf bd 8e b0 2b ef 26 d6
    00d0  77 ab 1a f4 67 41 f1 5e  0c 71 aa 02 7f 5e c0 82
    00e0  aa 09 8b ec 89 88 41 f5  03 42 69 d9 1f 45 d9 57
    00f0  3e 04 96 4a d5 32 b7 d1  61 26 68 c7 c1 b1 a0 e0
    0100  7a 05 4e b5 6d c2 82 e0  2e b6 e7 64 9f 16 7d 95
    0110  2a 86 32 d0 21 c8 5d f8  cb 05 30 1e b9 02 98 6c
    0120  b3 93 6b c8 83 67 21 5d  d6 65 98 20 64 dd cb bf
    0130  47 9b ff 18 fa f1 90 de  a7 78 cd 7b 04 86 7e 27
    0140  8a b7 95 9c 26 dd b1 96  fc 4f e0 40 20 83 68 dd
    0150  ec 33 f2 2a a0 07 a7 eb  91 fa ac 0f 51 41 88 f1
    0160  c5 87 41 4c 87 47 62 9d  58 c0 9e 7f bb 12 7d de
    0170  d3 9f fd c1 c7 14 bd 7f  98 d0 57 9b e1 e3 6c 57
    0180  e1 65 5f f0 dc 2b 9c a1  54 c2 56 2a 15 64 cb aa
    0190  4e e4 fd c3 e8 77 88 ff  db 0d af 90 9f d7 68 81
    01a0  01 2f 94 e1 af c6 e4 c6  76 db 75 da df d0 12 4c
    01b0  f2 89 36 6f 48 80 81 58  dd 17 09 28 2b 55 ac 93
    01c0  23 e5 8e 31 65 ad 0d 8e  93 d3 71 a7 81 14 98 e9
    01d0  ac aa 05 58 ee d7 44 43  30 6d 1d c7 ba c2 7f f5
    01e0  48 c4 e5 a0 8e 55 8e b4  09 c0 01 c3 9d 1d 46 f5
    01f0  fe 46 b5 3a 00 88 23 b5  f0 ca 41 cd 3b 0d c6 f6
    0200  ca 40 04 ea 9b e5 88 36  9f 02 03 01 00 01
Certificate Extensions: 9
    1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
    CA Version
        V0.0

    2.5.29.14: Flags = 0, Length = 16
    Subject Key Identifier
        41 f0 21 c7 ed c4 87 fa 83 75 ff 0a 0c dc 2d ec a8 6a ab 59

    1.3.6.1.4.1.311.20.2: Flags = 0, Length = c
    Certificate Template Name (Certificate Type)
        SubCA

    2.5.29.15: Flags = 0, Length = 4
    Key Usage
        Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)

    2.5.29.19: Flags = 1(Critical), Length = 5
    Basic Constraints
        Subject Type=CA
        Path Length Constraint=None

    2.5.29.35: Flags = 0, Length = 18
    Authority Key Identifier
        KeyID=d5 f6 56 cb 8f e8 a2 5c 62 68 d1 3d 94 90 5b d7 ce 9a 18 c4

    2.5.29.31: Flags = 0, Length = 4f
    CRL Distribution Points
        [1]CRL Distribution Point
             Distribution Point Name:
                  Full Name:
                       URL=http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl

    1.3.6.1.5.5.7.1.1: Flags = 0, Length = 4e
    Authority Information Access
        [1]Authority Info Access
             Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
             Alternative Name:
                  URL=http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt

    2.5.29.37: Flags = 0, Length = 30
    Enhanced Key Usage
        Code Signing (1.3.6.1.5.5.7.3.3)
        Microsoft Trust List Signing (1.3.6.1.4.1.311.10.3.1)
        Root List Signer (1.3.6.1.4.1.311.10.3.9)
        Revoked List Signer (1.3.6.1.4.1.311.10.3.19)

Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
    Algorithm Parameters:
    05 00
Signature: UnusedBits=0
    0000  fb dc ed bd c9 64 b5 93  4f ae a8 76 10 12 d6 cc
    0010  e7 5c da 1e 51 d3 11 d6  7d b1 90 71 8a 86 a2 85
    0020  cf 8b e5 a4 62 1a 7a 4a  52 66 09 ee 07 07 e1 0e
    0030  18 7c 4d f4 1a 7d 44 99  69 f7 2d ff c0 85 56 14
    0040  50 8a 54 e0 b1 23 2a 61  85 47 0a d2 34 0d bc 26
    0050  0a ed 1f fb 8a e3 0e 48  5a 54 57 67 0d b9 66 37
    0060  6e 4b 82 43 9d d2 33 e5  8e d7 64 a9 db b9 0f 2e
    0070  a6 5b 10 1e c7 42 e9 28  f6 56 0e b9 a6 90 60 93
    0080  df f1 33 cb 19 25 eb e6  3e e9 92 97 d4 94 e0 5a
    0090  bb 3f 2d e1 36 05 48 ad  12 0e ad 0f b1 03 df 0f
    00a0  49 96 46 b7 cb 47 02 9c  16 44 0c 67 ac 0b e0 0f
    00b0  60 99 b6 91 d9 35 db 1a  04 eb 36 1d f1 10 cd 53
    00c0  92 dd 2e 41 10 eb ff 56  3a 94 cc c6 3d 51 4c 92
    00d0  a2 fe d1 33 6b 5d 27 72  1b e9 d2 9b 1f 57 bf 59
    00e0  83 db 0d 25 66 7e 39 7f  16 cd d1 b8 92 58 d3 89
    00f0  3b d5 bd 98 e4 f9 7b ef  a4 bb 6e 83 42 26 e5 27
    0100  27 2e 74 1e 55 18 0d 4b  d0 66 7f a6 44 36 1f b8
    0110  e9 4f 75 f0 b8 05 76 a6  5b 1d 5c a9 5b e3 83 43
    0120  4c f9 0b 30 ef 11 36 f9  31 bf 2e 78 33 f2 2a d8
    0130  6b bf d4 54 ee 50 10 b3  e5 55 8b 36 77 bf fe 3f
    0140  8b fd b7 4d a7 3a ea 56  31 25 3d 9c 9a 14 1f 48
    0150  af 82 f9 2f 4a ae dd 29  03 ee 19 01 2d 37 5b 39
    0160  49 74 6a b4 a3 6b 30 ad  f9 3e f9 c1 8c 8d 1a 74
    0170  79 30 44 dd 1a e7 6d 6d  04 04 29 23 5d 34 a6 ae
    0180  cf 37 de 21 e1 d2 19 14  87 ef 94 12 55 0b 0b e9
    0190  25 ef 32 c6 47 e3 6f 08  c4 af a9 bf d3 ab 09 5a
    01a0  dc 3e d8 34 e5 c7 75 69  3b 96 82 1a b1 68 69 81
    01b0  4c 37 00 1c 9b 13 40 d0  b6 7c 36 41 2b dc 10 51
    01c0  2d 8d cc 20 8f db 16 74  36 40 3e 13 29 28 79 49
    01d0  a5 e9 01 9d db 42 ea 50  0c 44 50 79 f6 fb ff f8
    01e0  99 f2 ad be 43 5d 0f a8  c8 a8 a7 f9 7d 2b ab f0
    01f0  41 9c 62 0f 34 27 41 59  c8 e5 bf b3 a5 a9 f7 82
Non-root Certificate
Key Id Hash(rfc-sha1): 41 f0 21 c7 ed c4 87 fa 83 75 ff 0a 0c dc 2d ec a8 6a ab 59
Key Id Hash(sha1): 8b 15 14 1f e2 d3 d2 3a 84 20 d4 2a 55 4a 79 df c3 f0 55 40
Key Id Hash(md5): 94ff0d17649573c35e06543c8ce19539
Key Id Hash(sha256): 4c4499a0c520ffff7d2f84fda3c40db4f70ee119d6a091745333070ef493037d
Cert Hash(md5): 09 14 90 7e 1f 61 10 43 e6 40 0f fb 7f d1 8d 41
Cert Hash(sha1): b1 12 64 c1 9b e7 da a8 c9 e9 89 17 6a e9 89 61 fa de 31 cf
Cert Hash(sha256): a53a400df29ec7b8c8fce7cfffe47334f43b1642e604dd0307491737ebbc00ce
Signature Hash: 7d4e39e7a6adcbfe591742255153d9808e3e59ef0cc8bac6196351be8464c286
----------------  End Nesting Level 1  ----------------
================ Begin Nesting Level 1 ================
Element 1:
X509 Certificate:
Version: 3
Serial Number: 330000002112c797d2146f29c7000000000021
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
    Algorithm Parameters:
    05 00
Issuer:
    CN=Microsoft Certificate List CA 2011
    O=Microsoft Corporation
    L=Redmond
    S=Washington
    C=US
  Name Hash(sha1): ecca5efef031521a908d56622ab07e1f4b6cf95b
  Name Hash(md5): 092ae8851478335ff5420029522550fa

 NotBefore: 8/19/2015 1:17 AM
 NotAfter: 11/19/2016 1:17 AM

Subject:
    CN=Microsoft Revoked List Publisher
    OU=AOC
    O=Microsoft Corporation
    L=Redmond
    S=Washington
    C=US
  Name Hash(sha1): 0df7ace1921119f33f205e5faefad800827eb034
  Name Hash(md5): 02ee2457cc24be35af8aaf7ef42adb9b

Public Key Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters:
    05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
    0000  30 82 01 0a 02 82 01 01  00 a3 06 c3 a3 90 77 e5
    0010  44 b4 79 c8 c2 27 8d a2  d2 4d ef 1c 46 0b c9 9d
    0020  e3 80 a1 c8 af fb 51 7a  dc c5 f0 6a 89 8c 6f a9
    0030  a5 d6 c6 f7 8e f9 b6 80  3f ad 86 d3 ff ee be 62
    0040  91 c2 6d 76 79 dc 2e b1  5e dc dc 3f d8 cf 0f 8a
    0050  00 02 39 b7 f0 77 58 4c  3c 17 25 e3 e4 3b 27 45
    0060  39 e3 97 0e c5 65 17 83  52 72 23 c4 fd bb f9 d8
    0070  76 d3 8e cd e4 92 5e 2f  ea 0c a5 23 fe 02 5d 80
    0080  91 fd 98 9b 6d c2 55 4b  4e 71 70 86 aa 74 25 f5
    0090  be 8e e2 f2 2c b4 75 05  c7 09 04 bd 40 87 9c 51
    00a0  f6 f9 d8 5f f8 e2 03 c0  7c 25 f0 69 41 90 09 25
    00b0  1e 5c b9 63 01 10 0f cd  3c eb 14 28 4c b3 4c 82
    00c0  2c 43 b8 8d bf 0b 70 a4  30 26 6a af 5c 4a 95 03
    00d0  9d 74 f6 7d 94 2b 04 d0  a1 75 58 07 4a 9e 88 71
    00e0  d4 cf a0 26 85 f1 f3 5b  5b 03 54 13 a9 2d f3 5e
    00f0  b1 aa 7b 9c 88 35 4c 34  d5 8a c4 b4 3e 8c 4a 29
    0100  9c 49 b6 1c fb 8d 1c 32  e9 02 03 01 00 01
Certificate Extensions: 7
    2.5.29.37: Flags = 0, Length = e
    Enhanced Key Usage
        Revoked List Signer (1.3.6.1.4.1.311.10.3.19)

    2.5.29.14: Flags = 0, Length = 16
    Subject Key Identifier
        a8 a0 0d ca 73 8e 73 04 a8 24 ed dd 56 5e 83 e8 0c 01 55 86

    2.5.29.17: Flags = 0, Length = 49
    Subject Alternative Name
        Directory Address:
             SERIALNUMBER="38138+1df1138b-b256-41f0-b413-8a5b1556a840"
             OU=AOC

    2.5.29.35: Flags = 0, Length = 18
    Authority Key Identifier
        KeyID=41 f0 21 c7 ed c4 87 fa 83 75 ff 0a 0c dc 2d ec a8 6a ab 59

    2.5.29.31: Flags = 0, Length = 52
    CRL Distribution Points
        [1]CRL Distribution Point
             Distribution Point Name:
                  Full Name:
                       URL=http://crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl

    1.3.6.1.5.5.7.1.1: Flags = 0, Length = 51
    Authority Information Access
        [1]Authority Info Access
             Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
             Alternative Name:
                  URL=http://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt

    2.5.29.19: Flags = 1(Critical), Length = 2
    Basic Constraints
        Subject Type=End Entity
        Path Length Constraint=None

Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
    Algorithm Parameters:
    05 00
Signature: UnusedBits=0
    0000  66 6d 81 e8 24 ff 5a 70  14 a0 ed 81 76 e9 05 4f
    0010  86 63 2f 91 42 0d e9 50  50 09 de 47 a6 1d a7 df
    0020  16 fc 7f 6d 0e 72 47 09  18 cd 29 14 d8 5e 6b fd
    0030  16 86 ea 2f 9f e6 d6 ac  57 94 f1 df 4e d1 e0 d0
    0040  1e 8a 26 b8 54 aa d8 a5  0f 2e 16 d1 23 bf 8b ac
    0050  ee f0 ea 02 06 da 58 7d  2b e9 0d d5 25 48 df d6
    0060  a5 b7 25 49 29 5f a7 67  13 d5 c5 64 51 6e 9c ed
    0070  1f 3b 7b 44 ec 46 17 27  a7 96 40 a8 d3 bf b4 46
    0080  05 12 f8 d6 72 9f d2 cb  79 6a 1f a9 cf 1e 34 ee
    0090  f7 3d 9a 02 d5 c9 64 8f  c3 ab f4 57 b2 1d 50 e7
    00a0  7f b2 52 c3 06 3e e7 fa  a9 5f 23 8d a4 d1 01 30
    00b0  21 8a 8a 34 6f c8 d8 ee  0a e6 c2 af cf dc 20 c3
    00c0  e9 ae 86 4a dd 41 e0 73  37 ae bc d8 2e d4 87 70
    00d0  3f 38 c4 05 11 0c b7 21  0a 3a fb 7e 11 b7 ea 8d
    00e0  41 b3 74 4e 80 79 82 64  a6 83 e1 46 c3 48 cf d6
    00f0  c1 e2 b7 56 93 2a 66 2b  09 cf 82 c6 6e d7 02 56
    0100  f9 cc a8 44 27 b7 91 19  cc 1e 79 b8 2a e5 82 27
    0110  49 bc 4d 89 f4 8f 5f 9d  bb 00 86 94 8a e5 c3 f1
    0120  e8 8c 01 e7 53 28 5b b5  ce 5d 6a 60 ae ed b7 03
    0130  cd 09 fc 52 46 f4 61 3b  e8 99 69 64 11 52 fd 1a
    0140  c6 9b e0 63 99 60 50 8b  cd c8 1e ec a6 ab 6f d9
    0150  59 cf 96 20 bd 98 cc e2  12 9a 1e 8b b6 7d 2d ca
    0160  42 7a 0c 34 3d cc 45 cd  fe 71 b9 fb 5c cd ea a9
    0170  0b 39 c3 bc b7 59 1c b4  fc 0a 17 8b 4c 81 17 5b
    0180  be 4e 46 74 dd 59 76 48  6f 87 0d 9a 29 a5 85 07
    0190  b0 5d 02 56 53 5b 93 4f  72 0f 9b ab 95 e8 7b 55
    01a0  17 72 3b f6 5f c3 ab c0  01 1e 56 01 23 49 de 3d
    01b0  d1 8b d3 af 21 a4 3f a5  a8 74 fd 3e 85 2d 0a d2
    01c0  4d 07 f3 7f 55 70 b7 77  80 1b aa f7 6d b1 fe 0f
    01d0  17 94 d1 34 c9 4d 9c 89  09 94 96 9f e8 4d f4 0a
    01e0  94 c7 6a a3 dd cb e8 83  dc ab 61 b0 08 10 66 3a
    01f0  18 b1 9b 37 3d 3f 9c 55  1e 7c 38 dc e0 8b 80 2b
Non-root Certificate
Key Id Hash(rfc-sha1): a8 a0 0d ca 73 8e 73 04 a8 24 ed dd 56 5e 83 e8 0c 01 55 86
Key Id Hash(sha1): bc 23 44 2a e5 27 32 3f 28 99 bf f6 1e 35 b9 86 88 f9 1a fb
Key Id Hash(md5): 8b66a98e0818960cfb6dcf5e8e48a3e4
Key Id Hash(sha256): d8934114a0abae329ac981f69be56b573b197900554a945f3c20f76565ff4f75
Cert Hash(md5): 72 e9 55 5a d5 d5 54 ba d2 02 6e f6 42 b2 8d d2
Cert Hash(sha1): d9 e6 1e d6 2c 65 ca 15 36 6e 01 84 aa eb a2 45 41 0d 3f 56
Cert Hash(sha256): 3b038e54f690fb3046eccaadb63a8253c494458a9ca8740f2fb86ec9fa8b166c
Signature Hash: f7fba743d5c0494373030d5e5e9b0fd9eb74a5e8e076da39bf9f74ff524b897f
----------------  End Nesting Level 1  ----------------
No CRLs
CertUtil: -dump command completed successfully.


As per this Microsoft KB article, the 1.3.6.1.4.1.311.10.1 object id (OID) identifies a CTL which is a predefined list of items signed by a trusted entity in PKCS7 format. In this instance, boot.stl is a list of trusted root certificates. bootmgfw.efi looks at this file when it is invoked.

So how can you boot your UEFI-based system if you do not have Windows 10 install or recovery media available to you? The answer is quite simple provided you can get to a UEFI shell prompt. From the UEFI shell, you can directly invoke \efi\microsoft\boot\bootmgfw.efi and, provided your firmware NVRAM variables are undamaged, the BCD store is not actually seriously damaged, the NTFS partition is not damaged, Windows 10 should boot as normal.

Note this workaround does not fix any underlying problem; it is simply a useful workaround. You will still have to fix up the BCD store. Once you have Windows 10 booted, you can restore the BCD backup that you made from the command line using bcdedit, or if you used a GUI tool like EasyBCD, recover a good BCD using the EasyBCD Restore Backup option.

I hope this detailed explanation of how Windows 10 boots on a UEFI-platform will help you keep your sanity the next time you boot and see a missing or corrupt BCD message.

Remember to always configure your platform so that you can boot into a UEFI shell using the UEFI firmware-based boot manager and make a backup of your BCD store.

Feel free to ask questions.

Adeau zurlinux.com

I have decided to close the zurlinux.com website and move all the content to this website.

This work will take a few weeks to complete. All the posts from that website have been imported into this website but some clean up is necessary – especially w.r.t. post excerpts.

I plan to redirect zurlinux.com to this website in about 2 weeks time.