Product SiteDocumentation Site

Chapter 4. Tools

4.1. Shim
4.2. Pesign
4.3. EFIKeyGen
4.4. sign-file
Several tools have been developed to allow Fedora to work with the UEFI Secure Boot firmware.

4.1. Shim

Shim is the cryptographically signed software that creates the trust between the UEFI firmware and GRUB and the kernel software. Shim is cryptographically signed by Verisign (via Microsoft) so that the UEFI firmware will cryptographically recognize the Fedora system and allow the software to continue through the boot process. The shim validates GRUB and kernel through a cryptographic verification based on a Fedora key used to sign all three.