Import Upstream version 0.9+1474479173.6c180c6upstream/0.9+1474479173.6c180c6

1 files changed, 16 insertions, 0 deletions

diff --git a/README b/README
new file mode 100644
index 00000000..24a39df1
--- /dev/null
+++ b/README
@@ -0,0 +1,16 @@
+shim is a trivial EFI application that, when run, attempts to open and
+execute another application. It will initially attempt to do this via the
+standard EFI LoadImage() and StartImage() calls. If these fail (because secure
+boot is enabled and the binary is not signed with an appropriate key, for
+instance) it will then validate the binary against a built-in certificate. If
+this succeeds and if the binary or signing key are not blacklisted then shim
+will relocate and execute the binary.
+
+shim will also install a protocol which permits the second-stage bootloader
+to perform similar binary validation. This protocol has a GUID as described
+in the shim.h header file and provides a single entry point. On 64-bit systems
+this entry point expects to be called with SysV ABI rather than MSABI, and
+so calls to it should not be wrapped.
+
+To use shim, simply place a DER-encoded public certificate in a file such as
+pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".