diff --git a/README b/README.md
similarity index 73%
rename from README
rename to README.md
index 0703049..c4663a7 100644
--- a/README
+++ b/README.md
@@ -1,7 +1,9 @@
+# shim, a first-stage UEFI bootloader
+
 shim is a trivial EFI application that, when run, attempts to open and
 execute another application. It will initially attempt to do this via the
-standard EFI LoadImage() and StartImage() calls. If these fail (because secure
-boot is enabled and the binary is not signed with an appropriate key, for
+standard EFI `LoadImage()` and `StartImage()` calls. If these fail (because Secure
+Boot is enabled and the binary is not signed with an appropriate key, for
 instance) it will then validate the binary against a built-in certificate. If
 this succeeds and if the binary or signing key are not blacklisted then shim
 will relocate and execute the binary.
@@ -14,10 +16,10 @@ to it should not be wrapped.
 
 On systems with a TPM chip enabled and supported by the system firmware,
 shim will extend various PCRs with the digests of the targets it is
-loading.  A full list is in the file README.tpm .
+loading.  A full list is in the file [README.tpm](README.tpm) .
 
 To use shim, simply place a DER-encoded public certificate in a file such as
-pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".
+pub.cer and build with `make VENDOR_CERT_FILE=pub.cer`.
 
 There are a couple of build options, and a couple of ways to customize the
-build, described in BUILDING.
+build, described in [BUILDING](BUILDING).