Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Documentation] Usage examples + Screenshots? #630

Open
rubyFeedback opened this issue Jan 24, 2024 · 5 comments
Open

[Documentation] Usage examples + Screenshots? #630

rubyFeedback opened this issue Jan 24, 2024 · 5 comments

Comments

@rubyFeedback
Copy link

Hello there,

If it won't take too much time away, could it be shown what can be done via shim? Perhaps on
the main README; or of this is undesired, on the wiki and then a link from the main README to
the wiki with specific usage examples. Also, if possible, could one or two partial screenshots be
shown, that is how shim is actually used? That way users can quickly find out how shim
interacts within the Linux ecosystem. Right now I am not quite sure which niche is filled by shim,
but distrowatch lists it, so evidently shim must be useful.

@ghost
Copy link

ghost commented Feb 1, 2024

Have you ever heard of a GOOGLE SEARCH??? If you did you'd find a TON of stuff covering this.

@robbycuenot
Copy link

@PC-Doctor666 , I hope your message is a troll comment. I found this issue for the same reason as @rubyFeedback. I'm trying to pxe boot Fedora CoreOS with Secure Boot + UEFI, and that search has taken me to this point. I downloaded the latest release and the only *.efi files I could find were within a folder called test-data, which didn't seem correct. I could boot them without secure boot, but once I enabled it I received a cert error. The readme explains generally what the project is for, but doesn't tell you where to begin.

@julian-klode
Copy link
Collaborator

julian-klode commented Feb 20, 2024

This is a very low-level distro integration software for distributions to embed their public key in and then get it signed by Microsoft such that it then can chainload a grub and the grub can load linux, both using the distro's public key embedded in the shim.

Arguably that's precisely what is written in the first two paragraphs of README.md

The only user-facing component, to some extend, is MokManager, for when you need to enroll a MOK to sign custom kernel modules.

@robbycuenot
Copy link

@julian-klode thank you for the clarification, I think I was misunderstanding the role of this project. I was under the impression that the shim was a signed binary, added to the Microsoft UEFI CA, that could be loaded in a secure-boot environment to then load grub and an OS from there. I was basing this on two RedHat articles detailing the process:

https://www.redhat.com/sysadmin/pxe-boot-uefi

https://access.redhat.com/articles/5254641

@robbycuenot
Copy link

I wrote some documentation explaining how I use a signed shim from Fedora to PXE boot FCOS with UEFI / SecureBoot: https://github.com/robbycuenot/uefi-pxe-agents

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants