Browse files

Add basic documentation

  • Loading branch information...
1 parent 590b344 commit 3df9e294b791bc25a50fb216bc2ff39d4f228345 Matthew Garrett committed Jul 28, 2012
Showing with 16 additions and 0 deletions.
  1. +16 −0 README
@@ -0,0 +1,16 @@
+shim is a trivial EFI application that, when run, attempts to open and
+execute another application. It will initially attempt to do this via the
+standard EFI LoadImage() and StartImage() calls. If these fail (because secure
+boot is enabled and the binary is not signed with an appropriate key, for
+instance) it will then validate the binary against a built-in certificate. If
+this succeeds and if the binary or signing key are not blacklisted then shim
+will relocate and execute the binary.
+shim will also install a protocol which permits the second-stage bootloader
+to perform similar binary validation. This protocol has a GUID as described
+in the shim.h header file and provides a single entry point. On 64-bit systems
+this entry point expects to be called with SysV ABI rather than MSABI, and
+so calls to it should not be wrapped.
+To use shim, simply place a hex dump of the public certificate in cert.h
+and build it with make.

0 comments on commit 3df9e29

Please sign in to comment.