Package Details: shim-signed 15.f5-1

Git Clone URL: https://aur.archlinux.org/shim-signed.git (read-only)
Package Base: shim-signed
Description: Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments
Upstream URL: https://apps.fedoraproject.org/packages/shim
Keywords: fbx64 mmx64 MokManager SecureBoot shim UEFI
Licenses: BSD
Submitter: nl6720
Maintainer: nl6720
Last Packager: nl6720
Votes: 5
Popularity: 0.563597
First Submitted: 2016-12-07 12:04
Last Updated: 2018-05-07 13:57

Pinned Comments

nl6720 commented on 2016-12-07 13:17

shimx64.efi is signed with Microsoft key, it also has a hardcoded Fedora key inside. MokManager (mmx64.efi) is signed with Fedora key.

shimx64.efi can launch any EFI binary signed with Microsoft keys.

More information is available on the wiki: Secure Boot#shim.

fbx64.efi scans the ESP for CSV files with bootloader information and adds boot entries to the NVRAM. Read README.fallback.

Latest Comments

jussihi commented on 2018-08-09 16:08

the openssl command did not fail, and the boot configuration (USB stick) worked on other laptop flawlessly. I don't know what's up with that but I think that the bug is in shim itself. I opened an issue on their Github (https://github.com/rhboot/shim/issues/143).

Thanks for a quick response though! Shim seems to work on every machine except my own laptop :)

nl6720 commented on 2018-08-09 11:11

Just because it has a .cer or .der extension doesn't mean that it's a DER format certificate. Run openssl x509 -noout -text -inform DER -in MOK.cer. If it fails then the cert is not in DER format and you need to convert it.

jussihi commented on 2018-08-09 09:08

I keep getting the error "Unsupported Format: Only DER encoded certificate (*.cer/der/crt) is supported"

From source code (https://github.com/rhboot/shim/blob/master/MokManager.c#L1908) it seems like I have a wrong filename suffix for my cert, but the file name is indeed "MOK.cer".

Is this a bug?

crazyh commented on 2018-04-24 15:29

Sorry, my mistake.

nl6720 commented on 2018-04-24 07:01

This package has no hardcoded /boot/efi/ paths. The EFI binaries are installed to /usr/share/shim-signed/.

crazyh commented on 2018-04-24 01:43

It does not work when the ESP is mounted to /boot due to hardcoded "/boot/efi/..." paths. :(

nl6720 commented on 2016-12-07 13:17

shimx64.efi is signed with Microsoft key, it also has a hardcoded Fedora key inside. MokManager (mmx64.efi) is signed with Fedora key.

shimx64.efi can launch any EFI binary signed with Microsoft keys.

More information is available on the wiki: Secure Boot#shim.

fbx64.efi scans the ESP for CSV files with bootloader information and adds boot entries to the NVRAM. Read README.fallback.