Table of Contents

Configure UEFI shim image

Synopsis

  shim [--timeout <timeout>] [<extra options>] <uri|image>

Examples

Download and configure a shim (if needed)

  shim http://192.168.0.1/shimx64.efi

Boot the RHEL installer via shim (if needed)

  #!ipxe
  
  set mirror http://192.168.0.1/rhel/BaseOS/x86_64/os
  
  kernel ${mirror}/images/pxeboot/vmlinuz initrd=initrd.img inst.repo=${mirror}
  initrd ${mirror}/images/pxeboot/initrd.img
  shim   ${mirror}/EFI/BOOT/BOOTX64.EFI
  boot

Description

Downloads the specified image and configures it for use as a UEFI Secure Boot shim, if needed. A download progress timeout can be specified (in milliseconds) using the --timeout option.

The download will be skipped completely if iPXE is running in a BIOS environment, or if UEFI Secure Boot is disabled, or if a shim is not required to boot the currently selected image.

Command status

Success The shim was successfully downloaded, or the download was skipped
Failure The shim was not successfully downloaded

See also

Notes

The UEFI shim binary typically has a filename such as shimx64.efi or shimaa64.efi, but is often found published under a UEFI default boot filename such as BOOTX64.EFI or BOOTAA64.EFI.

The UEFI shim incorporates several curious design choices that generally render it incapable of directly executing a Linux kernel. It is possible to build a customised shim that does not suffer from these problems, but this is no help to end users since any custom built shim will not include a UEFI Secure Boot signature. iPXE therefore includes several workarounds that allow the shim binaries as signed and published by Linux distros to be used verbatim.

Various extra options are available to disable iPXE's workarounds for the problems in the UEFI shim: