From bbfd2ab18f52600aa41f061b2da9a2afe2a9d6ac Mon Sep 17 00:00:00 2001
From: Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>
Date: Fri, 4 Aug 2017 12:10:50 -0400
Subject: Import Upstream version 0.9+1474479173.6c180c6

---
 README | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 README

(limited to 'README')

diff --git a/README b/README
new file mode 100644
index 00000000..24a39df1
--- /dev/null
+++ b/README
@@ -0,0 +1,16 @@
+shim is a trivial EFI application that, when run, attempts to open and
+execute another application. It will initially attempt to do this via the
+standard EFI LoadImage() and StartImage() calls. If these fail (because secure
+boot is enabled and the binary is not signed with an appropriate key, for
+instance) it will then validate the binary against a built-in certificate. If
+this succeeds and if the binary or signing key are not blacklisted then shim
+will relocate and execute the binary.
+
+shim will also install a protocol which permits the second-stage bootloader
+to perform similar binary validation. This protocol has a GUID as described
+in the shim.h header file and provides a single entry point. On 64-bit systems
+this entry point expects to be called with SysV ABI rather than MSABI, and
+so calls to it should not be wrapped.
+
+To use shim, simply place a DER-encoded public certificate in a file such as
+pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".
-- 
cgit v1.2.3