mirror of
https://git.proxmox.com/git/efi-boot-shim
synced 2025-08-04 21:59:11 +00:00
Add basic documentation
This commit is contained in:
parent
590b34492d
commit
3df9e294b7
16
README
Normal file
16
README
Normal file
@ -0,0 +1,16 @@
|
||||
shim is a trivial EFI application that, when run, attempts to open and
|
||||
execute another application. It will initially attempt to do this via the
|
||||
standard EFI LoadImage() and StartImage() calls. If these fail (because secure
|
||||
boot is enabled and the binary is not signed with an appropriate key, for
|
||||
instance) it will then validate the binary against a built-in certificate. If
|
||||
this succeeds and if the binary or signing key are not blacklisted then shim
|
||||
will relocate and execute the binary.
|
||||
|
||||
shim will also install a protocol which permits the second-stage bootloader
|
||||
to perform similar binary validation. This protocol has a GUID as described
|
||||
in the shim.h header file and provides a single entry point. On 64-bit systems
|
||||
this entry point expects to be called with SysV ABI rather than MSABI, and
|
||||
so calls to it should not be wrapped.
|
||||
|
||||
To use shim, simply place a hex dump of the public certificate in cert.h
|
||||
and build it with make.
|
Loading…
Reference in New Issue
Block a user