Shell & Firmware Tools Seed

dmpstore Deep Dive

How to use UEFI Shell dmpstore to inspect boot variables, Secure Boot variables, setup variables, and NVRAM state during firmware debug.

2 min read
Shell & Firmware Tools cover

A boot option disappears after a BIOS update.

Windows says nothing useful. Setup shows a different boot order. The customer says the SSD is still installed.

Before touching the OS, check the firmware variable store.

Shell> dmpstore BootOrder
Shell> dmpstore Boot0000
Shell> dmpstore BootNext

What dmpstore really shows

UEFI variables are not just key-value pairs. A useful debug view includes:

Item Value Note
Variable name BootOrder, Boot0001, SecureBoot The human-visible variable name.
Vendor GUID Namespace owner Variables with the same name but different GUID are different variables.
Attributes NV, BS, RT, authenticated Shows whether the variable persists and when it is accessible.
Data Raw bytes May encode EFI_LOAD_OPTION, key database content, setup structure, or simple flags.

Real world example: BootOrder exists but boot still fails

Shell> dmpstore BootOrder
BootOrder: 0003 0001 0000

Shell> dmpstore Boot0003
Boot0003: ... HD(...) / File(\EFI\Microsoft\Boot\bootmgfw.efi)

This proves only that BDS has a boot option. It does not prove the path is valid.

Next checks:

BootOrder points to Boot0003

Boot0003 contains EFI_LOAD_OPTION

Device Path points to disk / partition / file

Shell map confirms the filesystem exists

File path exists under ESP

Secure Boot checks

Shell> dmpstore SecureBoot
Shell> dmpstore SetupMode
Shell> dmpstore PK
Shell> dmpstore KEK
Shell> dmpstore db
Shell> dmpstore dbx

For Secure Boot investigation, SecureBoot=1 alone is not enough. SetupMode, key presence, and db/dbx state matter.

Common pitfall: dumping everything creates noise

Shell> dmpstore

This can produce a huge output. For targeted debug, dump only the variables you need first.

Debug checklist

When using dmpstore

Treat the output as firmware state evidence.

Found this useful?

Save it or share it with someone learning firmware, BIOS/UEFI, and embedded systems.

Nội dung liên quan

Một số bài viết, ghi chú hoặc project có liên quan đến nội dung bạn vừa đọc.

Ghi chúShell & Firmware Tools

Boot Failure Playbook

A firmware engineer playbook for debugging missing boot options, invalid BootOrder, broken Device Paths, and BDS boot failures.

Ghi chúShell & Firmware Tools

Secure Boot Investigation Playbook

A firmware engineer playbook for Secure Boot failures involving PK, KEK, db, dbx, SetupMode, signatures, and EFI_SECURITY_VIOLATION.

Ghi chúShell & Firmware Tools

bcfg Deep Dive

How to use UEFI Shell bcfg to inspect, add, remove, and debug UEFI boot options from the firmware side.

Biến note thành bài viết hoàn chỉnh

Notes là nơi ghi nhanh khái niệm.

Đọc blog Xem notes khác