It's pretty straightforward:

cp $MY_DER_ENCODED_CERT pub.cer
make VENDOR_CERT_FILE=pub.cer
make EFIDIR=my_esp_dir_name install

There are a couple of ways to customize the build:

Install targets:
- install
  installs shim as if to a hard drive, including installing MokManager and
  fallback appropriately.
- install-as-data
  installs shim files to /usr/share/shim/$(EFI_ARCH)-$(VERSION)/

Variables you should set to customize the build:
- EFIDIR
  This is the name of the ESP directory.  The install targets won't work
  without it.
- DESTDIR
  This will be prepended to any install targets, so you don't have to
  install to a live root directory.
- DEFAULT_LOADER
  defaults to \\\\grub$(EFI_ARCH).efi , but you could set it to whatever.
  Be careful with the leading backslashes, they can be hard to get
  correct.

Variables you could set to customize the build:
- ENABLE_SHIM_CERT
  if this variable is defined on the make command line, shim will
  generate keys during the build and sign MokManager and fallback with
  them, and the signed version will be what gets installed with the
  install targets
- ENABLE_HTTPBOOT
  build support for http booting
- REQUIRE_TPM
  if tpm logging or extends return an error code, treat that as a fatal error.
- ARCH
  This allows you to do a build for a different arch that we support.  For
  instance, on x86_64 you could do "setarch linux32 make ARCH=ia32" to get
  the ia32 build instead.  (DEFAULT_LOADER will be automatically adjusted
  in that case.)
- TOPDIR
  You can use this along with make -f to build in a subdir.  For instance,
  on an x86_64 machine you could do:

    mkdir build-ia32 build-x64 inst
    cd build-ia32
    setarch linux32 make TOPDIR=.. ARCH=ia32 -f ../Makefile
    setarch linux32 make TOPDIR=.. ARCH=ia32 \
			 DESTDIR=../inst EFIDIR=debian \
			 -f ../Makefile install
    cd ../build-x64
    make TOPDIR=.. -f ../Makefile
    make TOPDIR=.. DESTDIR=../inst EFIDIR=debian \
			-f ../Makefile install

  That would get you x86_64 and ia32 builds in the "inst" subdir.
- OSLABEL
  This is the label that will be put in BOOT$(EFI_ARCH).CSV for your OS.
  By default this is the same value as EFIDIR .

# vim:filetype=mail:tw=74