From 8c88ca0252c7923f1f57449658b5c527ea273699 Mon Sep 17 00:00:00 2001
From: Tim Crawford <tcrawford@system76.com>
Date: Tue, 21 Dec 2021 10:32:37 -0700
Subject: [PATCH] docs: Add notes about UEFI features

Document that only UEFI booting is supported, the current status of
Secure Boot, and that the shell and networking are disabled.

Signed-off-by: Tim Crawford <tcrawford@system76.com>
---
 docs/uefi.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 docs/uefi.md

diff --git a/docs/uefi.md b/docs/uefi.md
new file mode 100644
index 0000000..5c265eb
--- /dev/null
+++ b/docs/uefi.md
@@ -0,0 +1,27 @@
+# UEFI
+
+System76 uses [EDK2](https://github.com/tianocore/edk2) to implement UEFI.
+
+[coreboot](https://coreboot.org/) is used for Platform Initialization (PI).
+
+## Booting
+
+System76 Open Firmware only supports UEFI booting. Legacy BIOS-MBR booting is
+not supported. `\EFI\BOOT\BOOTX64.EFI` must exist on the EFI System Partition
+to be considered valid.
+
+Network functionality is disabled. Native PXE booting is not supported.
+
+### Secure Boot
+
+Secure Boot support is currently disabled.
+
+The implementation from 9elements is in development. If building a custom
+image, the edk2 config `SECURE_BOOT_ENABLE` can be set to enable support.
+
+There is currently no firmware UI to view or configure Secure Boot.
+
+## Shell
+
+The internal UEFI shell is disabled. A separate binary on a bootable drive
+must be used to access the shell environment.