Difference between revisions of "Package:Shim"

We have fedora's EFI secure boot shim. Documentation suggests loading the shim to unlock secure boot, and that the shim side loads grubx64.efi in the same directory.

sys-boot/shim

    Homepage:            https://apps.fedoraproject.org/packages/shim/
    Description:         Fedora's signed UEFI shim

root # emerge sys-boot/shim

these files are added to the system:

• /usr/share/shim/BOOTIA32.EFI
• /usr/share/shim/BOOTX64.EFI
• /usr/share/shim/mmia32.efi
• /usr/share/shim/mmx64.efi

root # mkdir /boot/EFI/FUNTOO
root # cp /usr/share/shim/* /boot/EFI/FUNTOO/

uefi secure boot

• press the f1 f2 f8 f9 f10 esc or delete to load bios.
• set bios to load uefi usb devices first, disable secure boot, and enable legacy mode. save settings and exit.
• press the f1 f2 f8 f9 f10 esc or delete to load your boot selection menu.
• load EFI from file, point to /boot/EFI/FUNTOO/shim
• shim will greet you with access violation warnings.
• fiddle around to get mok manager to load up.
• select add key
• point to /boot/EFI/FUNTOO/grubx86.efi
• press the f1 f2 f8 f9 f10 esc or delete key to load your boot selection menu.
• load EFI from file, and again point to /boot/EFI/FUNTOO/shim which will now load funtoo under secure boot.

fallback default efi partition

root # mkdir /boot/EFI/BOOT
root # cp /boot/EFI/FUNTOO/* /boot/EFI/BOOT/

Uncooperative

• mokutil looks helpful when uefi secure boot is uncooperative:

root # sys-boot/mokutil

https://wiki.ubuntu.com/UEFI/SecureBoot

Secure_Boot has more information.

https://blog.uncooperative.org/blog/2014/02/06/the-efi-system-partition/