diff --git a/README.md b/README.md
index c58641417c93c88867dc275727471054eca8f4a3..fb4613d9a49d02dafa8640a2f1df336ef159bbfc 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,9 @@ sudo make install
 
 `rune` will be installed to `/usr/local/sbin/rune` on your system.
 
+### shim-rune
+`shim-rune` resides in between `containerd` and `rune`, conducting enclave signing and management beyond the normal `shim` basis. `shim-rune` and `rune` can compose a basic enclave containerization stack for the cloud-native ecosystem.
+
 ### enclave runtime
 The backend of `rune` is a component called enclave runtime, which is responsible for loading and running protected applications inside enclaves. The interface between `rune` and enclave runtime is [Enclave Runtime PAL API](https://github.com/alibaba/inclavare-containers/blob/master/rune/libenclave/internal/runtime/pal/spec.md), which allows invoking enclave runtime through well-defined functions. The software for confidential computing may benefit from this interface to interact with OCI runtime.
 
@@ -35,11 +38,6 @@ One typical class of enclave runtime implementations is based on library OSes. C
 
 In addition, you can write your own enclave runtime with any programming language and SDK (e.g, [Intel SGX SDK](https://github.com/intel/linux-sgx)) you prefer as long as it implements Enclave Runtime PAL API.
 
-### shim-rune
-`shim-rune` resides in between `containerd` and `rune`, conducting enclave signing and management beyond the normal `shim` basis. `shim-rune` and `rune` can compose a basic enclave containerization stack for the cloud-native ecosystem.
-
-`shim-rune` will be open source soon.
-
 ### runectl
 `runectl` is a command line assit tool for inclavare-containers. Its usage includes:
 - Given the signature file of an Enclave, `runectl gen-token` can generate the corresponding token file from Intel `aesmd` service.