On 6/16/2026 1:21 AM, Peter Maydell wrote: > On Fri, 12 Jun 2026 at 17:17, Gerd Hoffmann <[email protected]> wrote: >> >> Signed-off-by: Gerd Hoffmann <[email protected]> >> --- >> docs/system/linuxboot.rst | 17 +++++++++++++++++ >> 1 file changed, 17 insertions(+) >> >> diff --git a/docs/system/linuxboot.rst b/docs/system/linuxboot.rst >> index f7573ab80a..c787481ccc 100644 >> --- a/docs/system/linuxboot.rst >> +++ b/docs/system/linuxboot.rst >> @@ -17,6 +17,23 @@ Use ``-kernel`` to provide the Linux kernel image and >> ``-append`` to >> give the kernel command line arguments. The ``-initrd`` option can be >> used to provide an INITRD image. >> >> +The ``-shim`` option specifies the ``shim.efi`` binary. This is needed >> +when you are booting UEFI firmware and using the ``-kernel`` option to >> +tell UEFI to boot a specific kernel image, and the UEFI firmware you >> +are booting has UEFI secure boot enabled. >> + >> +When this option is specified, the guest UEFI firmware will first >> +load, verify and run the shim binary, which is typically signed by >> +Microsoft so the firmware accepts it. The shim binary in turn will >> +load and verify the Linux kernel. The kernel is typically signed by >> +the distro and the certificates needed to verify them are compiled >> +into the shim binary, so shim + kernel must come from the same Linux > > extremely minor nit, I think I would say "and" rather than "+" here. > > Anyway > > Reviewed-by: Peter Maydell <[email protected]> > > thanks > -- PMM
Thanks Peter, I'll pull this and add the change you suggested. Regards, Pierrick
