[Documentation] Usage examples + Screenshots?

Question

[Documentation] Usage examples + Screenshots?

rubyFeedback opened this issue 6 months ago · comments

Hello there,

If it won't take too much time away, could it be shown what can be done via shim? Perhaps on
the main README; or of this is undesired, on the wiki and then a link from the main README to
the wiki with specific usage examples. Also, if possible, could one or two partial screenshots be
shown, that is how shim is actually used? That way users can quickly find out how shim
interacts within the Linux ecosystem. Right now I am not quite sure which niche is filled by shim,
but distrowatch lists it, so evidently shim must be useful.

Deleted user · Answer 1 · Thu Feb 01 2024 23:07:04 GMT+0800 (China Standard Time)

Have you ever heard of a GOOGLE SEARCH??? If you did you'd find a TON of stuff covering this.

Robby Cuenot · Answer 2 · Tue Feb 20 2024 06:05:45 GMT+0800 (China Standard Time)

@PC-Doctor666 , I hope your message is a troll comment. I found this issue for the same reason as @rubyFeedback. I'm trying to pxe boot Fedora CoreOS with Secure Boot + UEFI, and that search has taken me to this point. I downloaded the latest release and the only *.efi files I could find were within a folder called test-data, which didn't seem correct. I could boot them without secure boot, but once I enabled it I received a cert error. The readme explains generally what the project is for, but doesn't tell you where to begin.

Julian Andres Klode · Answer 3 · Tue Feb 20 2024 20:55:48 GMT+0800 (China Standard Time)

This is a very low-level distro integration software for distributions to embed their public key in and then get it signed by Microsoft such that it then can chainload a grub and the grub can load linux, both using the distro's public key embedded in the shim.

Arguably that's precisely what is written in the first two paragraphs of README.md

The only user-facing component, to some extend, is MokManager, for when you need to enroll a MOK to sign custom kernel modules.

Robby Cuenot · Answer 4 · Fri Feb 23 2024 21:45:07 GMT+0800 (China Standard Time)

@julian-klode thank you for the clarification, I think I was misunderstanding the role of this project. I was under the impression that the shim was a signed binary, added to the Microsoft UEFI CA, that could be loaded in a secure-boot environment to then load grub and an OS from there. I was basing this on two RedHat articles detailing the process:

https://www.redhat.com/sysadmin/pxe-boot-uefi

https://access.redhat.com/articles/5254641

Robby Cuenot · Answer 5 · Sun Mar 03 2024 11:06:28 GMT+0800 (China Standard Time)

I wrote some documentation explaining how I use a signed shim from Fedora to PXE boot FCOS with UEFI / SecureBoot: https://github.com/robbycuenot/uefi-pxe-agents