xref: /shim/
NameDateSize

..16-Mar-201612 KiB

.gitignore12-Oct-2013203

cert.S13-Aug-20141.4 KiB

COPYRIGHT29-Dec-20121.4 KiB

crypt_blowfish.c03-Oct-201329.5 KiB

crypt_blowfish.h03-Oct-2013781

Cryptlib/07-Aug-20154 KiB

elf_aarch64_efi.lds03-Jul-20151.2 KiB

elf_arm_efi.lds03-Jul-20151.2 KiB

elf_ia32_efi.lds03-Jul-20151.2 KiB

elf_ia64_efi.lds03-Jul-20151.4 KiB

elf_x86_64_efi.lds03-Jul-20151.3 KiB

fallback.c03-Jul-201520.1 KiB

include/17-Jun-20154 KiB

lib/03-Jul-20154 KiB

make-certs29-Dec-201215.6 KiB

Makefile21-Sep-20156.4 KiB

MokManager.c17-Jun-201557.7 KiB

MokVars.txt03-Oct-20133 KiB

netboot.c14-Oct-20148.6 KiB

netboot.h23-Nov-2013257

PasswordCrypt.c15-Apr-20147.8 KiB

PasswordCrypt.h03-Oct-2013581

README22-Jul-2014970

replacements.c17-Jun-20157.6 KiB

replacements.h17-Jun-20151.9 KiB

shim.c03-Jul-201558.9 KiB

shim.h17-Jun-2015654

testplan.txt13-Oct-20144.3 KiB

TODO03-Oct-2013984

ucs2.h02-May-20132.5 KiB

version.c.in12-Oct-2013151

version.h12-Oct-2013127

README

1shim is a trivial EFI application that, when run, attempts to open and
2execute another application. It will initially attempt to do this via the
3standard EFI LoadImage() and StartImage() calls. If these fail (because secure
4boot is enabled and the binary is not signed with an appropriate key, for
5instance) it will then validate the binary against a built-in certificate. If
6this succeeds and if the binary or signing key are not blacklisted then shim
7will relocate and execute the binary.
8
9shim will also install a protocol which permits the second-stage bootloader
10to perform similar binary validation. This protocol has a GUID as described
11in the shim.h header file and provides a single entry point. On 64-bit systems
12this entry point expects to be called with SysV ABI rather than MSABI, and
13so calls to it should not be wrapped.
14
15To use shim, simply place a DER-encoded public certificate in a file such as
16pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".
17