2 # Post-installation script (run on USER'S system after installing the
7 # Remove any existing NVRAM entry for rEFInd, to avoid creating a duplicate.
8 ExistingEntry
=`efibootmgr | grep "rEFInd Boot Manager" | cut -c 5-8`
9 if [[ -n $ExistingEntry ]] ; then
10 efibootmgr
--bootnum $ExistingEntry --delete-bootnum &> /dev
/null
15 if [[ -f /sys
/firmware
/efi
/vars
/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
/data
]] ; then
16 IsSecureBoot
=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'`
20 # Note: Two find operations for ShimFile favors shim over PreLoader -- if both are
21 # present, the script uses shim rather than PreLoader.
22 declare ShimFile
=`find /boot -name shim\.efi -o -name shimx64\.efi -o -name PreLoader\.efi 2> /dev/null | head -n 1`
23 if [[ ! -n $ShimFile ]] ; then
24 declare ShimFile
=`find /boot -name PreLoader\.efi 2> /dev/null | head -n 1`
26 declare SBSign
=`which sbsign 2> /dev/null`
27 declare OpenSSL
=`which openssl 2> /dev/null`
29 # Run the rEFInd installation script. Do so with the --shim option
30 # if Secure Boot mode is suspected and if a shim program can be
31 # found, or without it if not. If a shim installation is attempted
32 # and the sbsign and openssl programs can be found, do the install
33 # using a local signing key. Note that this option is undesirable
34 # for a distribution, since it would then require the user to
35 # enroll an extra MOK. I'm including it here because I'm NOT a
36 # distribution maintainer, and I want to encourage users to use
37 # their own local keys.
38 if [[ $IsSecureBoot == "1" && -n $ShimFile ]] ; then
39 if [[ -n $SBSign && -n $OpenSSL ]] ; then
40 .
/install.sh
--shim $ShimFile --localkeys --yes
42 .
/install.sh
--shim $ShimFile --yes
45 if [[ -n $SBSign && -n $OpenSSL ]] ; then
46 .
/install.sh
--localkeys --yes