From 2616b13645ca387fc6f85c608e00a5229033fe96 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 23 Jun 2020 01:57:05 +0000 Subject: Convert README -> README.md One of the really great things about Github IMO is how "front and center" the README file in a repository is (just compare with Sourceforge). Github renders it more nicely if the file is declared to be Markdown, so let's do that. Add a bit of formatting: using code fences for code, hyperlinks for other files etc. I also added a title block from the Fedora package `Summary` since while I know in theory shim is independent of bootloaders, let's say what the 95% case is here. --- README | 23 ----------------------- README.md | 25 +++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 23 deletions(-) delete mode 100644 README create mode 100644 README.md diff --git a/README b/README deleted file mode 100644 index 07030490..00000000 --- a/README +++ /dev/null @@ -1,23 +0,0 @@ -shim is a trivial EFI application that, when run, attempts to open and -execute another application. It will initially attempt to do this via the -standard EFI LoadImage() and StartImage() calls. If these fail (because secure -boot is enabled and the binary is not signed with an appropriate key, for -instance) it will then validate the binary against a built-in certificate. If -this succeeds and if the binary or signing key are not blacklisted then shim -will relocate and execute the binary. - -shim will also install a protocol which permits the second-stage bootloader -to perform similar binary validation. This protocol has a GUID as described -in the shim.h header file and provides a single entry point. On 64-bit systems -this entry point expects to be called with SysV ABI rather than MSABI, so calls -to it should not be wrapped. - -On systems with a TPM chip enabled and supported by the system firmware, -shim will extend various PCRs with the digests of the targets it is -loading. A full list is in the file README.tpm . - -To use shim, simply place a DER-encoded public certificate in a file such as -pub.cer and build with "make VENDOR_CERT_FILE=pub.cer". - -There are a couple of build options, and a couple of ways to customize the -build, described in BUILDING. diff --git a/README.md b/README.md new file mode 100644 index 00000000..c4663a79 --- /dev/null +++ b/README.md @@ -0,0 +1,25 @@ +# shim, a first-stage UEFI bootloader + +shim is a trivial EFI application that, when run, attempts to open and +execute another application. It will initially attempt to do this via the +standard EFI `LoadImage()` and `StartImage()` calls. If these fail (because Secure +Boot is enabled and the binary is not signed with an appropriate key, for +instance) it will then validate the binary against a built-in certificate. If +this succeeds and if the binary or signing key are not blacklisted then shim +will relocate and execute the binary. + +shim will also install a protocol which permits the second-stage bootloader +to perform similar binary validation. This protocol has a GUID as described +in the shim.h header file and provides a single entry point. On 64-bit systems +this entry point expects to be called with SysV ABI rather than MSABI, so calls +to it should not be wrapped. + +On systems with a TPM chip enabled and supported by the system firmware, +shim will extend various PCRs with the digests of the targets it is +loading. A full list is in the file [README.tpm](README.tpm) . + +To use shim, simply place a DER-encoded public certificate in a file such as +pub.cer and build with `make VENDOR_CERT_FILE=pub.cer`. + +There are a couple of build options, and a couple of ways to customize the +build, described in [BUILDING](BUILDING). -- cgit v1.2.3