Add basic documentation

2025-08-06 15:47:22 +00:00 · 2012-07-28 00:42:43 -04:00 · 2012-07-28 00:42:43 -04:00 · 3df9e294b7
commit 3df9e294b7
parent 590b34492d
1 changed files with 16 additions and 0 deletions
--- a/16
+++ b/16
@ -0,0 +1,16 @@
+shim is a trivial EFI application that, when run, attempts to open and
+execute another application. It will initially attempt to do this via the
+standard EFI LoadImage() and StartImage() calls. If these fail (because secure
+boot is enabled and the binary is not signed with an appropriate key, for
+instance) it will then validate the binary against a built-in certificate. If
+this succeeds and if the binary or signing key are not blacklisted then shim
+will relocate and execute the binary.
+
+shim will also install a protocol which permits the second-stage bootloader
+to perform similar binary validation. This protocol has a GUID as described
+in the shim.h header file and provides a single entry point. On 64-bit systems
+this entry point expects to be called with SysV ABI rather than MSABI, and
+so calls to it should not be wrapped.
+
+To use shim, simply place a hex dump of the public certificate in cert.h
+and build it with make.