docs: Remove references to shim as we don't directly support it

This commit is contained in:
mintsuki 2023-09-09 06:45:53 -05:00
parent e6a67c80a6
commit 2642249edd
2 changed files with 5 additions and 4 deletions

View File

@ -17,9 +17,9 @@ in the config file provides as much security as encrypting the kernel does.
### What? But what if someone modifies the config file! Ha! You clearly have not thought about that!
We have. While this is a pointless effort on legacy x86 BIOS, it is a reasonable expectation on UEFI systems with Secure Boot. Limine provides a
way to modify its own EFI executable to bake in the BLAKE2B checksum of the config file itself. The EFI executable gets then enrolled or otherwise
verified by the Secure Boot loader through, eg., the shim project. This prevents modifications being done to the config file (and in turn the
checksums contained there) from going unnoticed.
way to modify its own EFI executable to bake in the BLAKE2B checksum of the config file itself. The EFI executable can then get signed with
a key added to the firmware's keychain. This prevents modifications to the config file (and in turn the checksums contained there)
from going unnoticed.
### What about ext2/3/4? Why is that supported then?

View File

@ -142,7 +142,8 @@ either the root, `limine`, `boot`, or `boot/limine` directory of one of the
partitions, formatted with a supported file system (the ESP partition is recommended).
### Secure Boot
Limine can be booted with secure boot using shim. This will also allow one to enroll
Limine can be booted with secure boot if the executable is signed and the key used to
sign it is added to the firmware's keychain. This should be done in combination with enrolling
the BLAKE2B hash of the Limine config file into the Limine EFI executable image itself for
verification purposes.
For more information see the `limine enroll-config` program and [the philosophy](/PHILOSOPHY.md).