Bootstraps UEFI or ARM32 ELF applications on hacked Lumia phones (Or something else, coming soon)
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
contrib/msvc Generalize naming (replace LK to Payload) Apr 5, 2018
gnu-efi @ f99001c update gnu-efi to latest Nov 6, 2017
.gitattributes update for Windows compilation and use the gnu-efi library Dec 2, 2014
Boot Shim.sln Project update. Mar 31, 2018

Boot Shim (ELF Variant)

Boot Shim is a small ARM32 Windows Boot Manager Application that intended to chain-load any random ARM32 ELF applications on hacked Lumias or other UEFI/ARM32 Windows devices.

It is based on UEFI-Simple. IDE-debugging is not supported.


Sub-Module initialization

For convenience, the project relies on the gnu-efi library, so you need to initialize the git submodule either through git commandline with:

git submodule init
git submodule update

Or, if using a UI client (such as TortoiseGit) by selecting Submodule Update in the context menu.

Compilation and testing

Only Visual Studio is supported in this branch. Do not use Release mode, it won't work.

I used a well-known certificate from Windows Kits to sign the binary. You can replace with yours.

Visual Studio 2017 and ARM support

Please be mindful that, to enable ARM compilation support in Visual Studio 2017, you MUST go to the Individual components screen in the setup application and select the ARM compilers and libraries there, as they do NOT appear in the default Workloads screen:

VS2017 Individual Components

ELF requirements

  • There must be a LOAD section has p_paddr and p_vaddr matches program entry point address (e_entry).
  • LOAD section must have p_paddr equals to p_vaddr (identity mapping requirements).
  • LOAD section must reside in device's memory region. That means p_paddr must larger or equal (not likely) to device's memory base, and p_addr + p_memsz must not go out of device's memory region.
  • LOAD section must have p_memsz equals to p_filesz.
  • Only first LOAD section that meets these requirements will be loaded into memory.
  • e_machine must be EM_ARM.
  • e_type must be ET_EXEC.
  • Has name of emmc_appsboot.mbn in a firmware-recognized partition (it will try all partitions and use the first one available)

Little Kernel (aboot) signed variants meet these requirements.