X-Git-Url: https://code.delx.au/refind/blobdiff_plain/315c06865c0b4e3dfceec2107e6e12713813ea8a..a68334a13cf243fb024644fcca6ae04a9825ffa7:/keys/README.txt

diff --git a/keys/README.txt b/keys/README.txt
new file mode 100644
index 0000000..5376570
--- /dev/null
+++ b/keys/README.txt
@@ -0,0 +1,26 @@
+This directory contains known public keys for Linux distributions and other
+parties that sign boot loaders and kernels that should be verifiable by
+shim. I'm providing these keys as a convenience to enable easy installation
+of keys should you replace your distribution's version of shim with another
+one and therefore require adding its public key as a machine owner key
+(MOK).
+
+Files come with three extensions. A filename ending in .crt is a
+certificate file that can be used by sbverify to verify the authenticity of
+a key, as in:
+
+$ sbverify --cert keys/refind.crt refind/refind_x64.efi
+
+The .cer and .der filename extensions are equivalent, and are public key
+files similar to .crt files, but in a different form. The MokManager
+utility expects its input public keys in this form, so these are the files
+you would use to add a key to the MOK list maintained by MokManager and
+used by shim.
+
+The files in this directory are:
+
+- canonical-uefi-ca.der -- Canonical's public key, used to sign Ubuntu
+  boot loaders and kernels.
+
+- refind.cer & refind.crt -- My own (Roderick W. Smith's) public key,
+  used to sign refind_x64.efi and the 64-bit rEFInd drivers.