# installs to the ESP by default.
#
# This program is copyright (c) 2012-2015 by Roderick W. Smith
-# It is released under the terms of the GNU GPL, version 3,
-# a copy of which should be included in the file COPYING.txt.
#
+# This program is licensed under the terms of the GNU GPL, version 3,
+# or (at your option) any later version.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
# Revision history:
#
+# 0.10.4 -- Improved handling of disks (other than /dev/[sh]d? disks).
+# 0.10.2 -- Improved Secure Boot detection in Linux, fixed --usedefault in OS X,
+# and fixed bug that could cause mountesp to be installed as a FILE
+# called /usr/local/bin in OS X.
# 0.10.1 -- Improve extraction of default kernel options from /proc/cmdline.
-# Add support for AMD64 (aka AARCH64, aa64) platform.
+# Add support for AMD64 (aka AARCH64, aa64) platform. Added
+# warning when --alldrivers used without --usedefault.
# 0.10.0 -- Enable running under OS X's recovery system & add warning about
# SIP & brief instructions on how to deal with it if SIP is
# detected to be enabled. Also change way refind_linux.conf default
echo "The --keepname option is incompatible with --usedefault! Aborting!"
exit 1
fi
+ if [[ "$InstallDrivers" == "all" && "$TargetDir" != "/EFI/BOOT" ]] ; then
+ echo "The --alldrivers option is meant for creating USB flash drives with (near-)"
+ echo "universal boot support. Using it on a hard disk partition runs the risk of"
+ echo "creating serious problems, up to and including rendering your computer"
+ echo -n "unbootable. Are you SURE you want to proceed (Y/N)? "
+ ReadYesNo
+ if [[ "$YesNo" != "Y" && "$YesNo" != "y" ]] ; then
+ echo "Aborting installation!"
+ exit 0
+ fi
+ fi
RLConfFile="$RootDir/boot/refind_linux.conf"
EtcKeysDir="$RootDir/etc/refind.d/keys"
} # GetParams()
<key>ProductName</key>
<string>rEFInd</string>
<key>ProductVersion</key>
- <string>0.10.0</string>
+ <string>0.10.3</string>
</dict>
</plist>
ENDOFHERE
} # SetupMacHfs()
CheckForSIP() {
- if [[ -x "/usr/bin/csrutil" ]] ; then
+ if [[ -x "/usr/bin/csrutil" && -z "$TargetPart" ]] ; then
local OKToInstall=`/usr/bin/csrutil status | \
grep "Protection status: disabled\|enabled (Apple Internal)\|NVRAM Protections: disabled"`
if [[ -z "$OKToInstall" ]] ; then
# Sets Problems=1 if problems found during the installation.
InstallOnOSX() {
echo "Installing rEFInd on OS X...."
- if [[ "$InstallToEspOnMac" == "1" ]] ; then
+ if [[ "$InstallToEspOnMac" == "1" && -z "$TargetPart" ]] ; then
MountOSXESP
elif [[ "$TargetDir" == "/EFI/BOOT" || "$OwnHfs" == '1' ]] ; then
MountDefaultTarget
DetermineTargetDir
CheckForSIP
CopyRefindFiles
- cp "$ThisDir/mountesp" /usr/local/bin &> /dev/null
- if [[ $InstallToEspOnMac == "1" ]] ; then
+ mkdir -p /usr/local/bin &> /dev/null
+ cp "$ThisDir/mountesp" /usr/local/bin/ &> /dev/null
+ if [[ $InstallToEspOnMac == "1" && -z "$TargetPart" ]] ; then
bless --mount "$InstallDir" --setBoot --file "$InstallDir/$TargetDir/$Refind" --shortform
elif [[ "$TargetDir" != "/EFI/BOOT" ]] ; then
bless --setBoot --folder "$InstallDir/$TargetDir" --file "$InstallDir/$TargetDir/$Refind"
# If we're NOT in Secure Boot mode but the user HAS specified the --shim
# or --localkeys option, warn the user and offer to abort.
CheckSecureBoot() {
- local IsSecureBoot
- if [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
+ IsSecureBoot="0"
+ if [[ -f /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c ]] ; then
+ IsSecureBoot=`od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c | awk '{print substr($0,length,1)}'`
+ elif [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
IsSecureBoot=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'`
- else
- IsSecureBoot="0"
fi
if [[ $IsSecureBoot == "1" && "$TargetDir" != '/EFI/BOOT' && "$ShimSource" == "none" ]] ; then
echo ""
# Sign a single binary. Requires parameters:
# $1 = source file
# $2 = destination file
-# Also assumes that the SBSign, PESign, UseSBSign, UsePESign, and various key variables are set
-# appropriately.
+# Also assumes that the SBSign and various key variables are set appropriately.
# Aborts script on error
SignOneBinary() {
- $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1"
- if [[ $? != 0 ]] ; then
+ $SBSign --key "$PrivateKey" --cert "$CertKey" --output "$2" "$1" 2>&1 >/dev/null | \
+ grep -v "data remaining.*gaps between PE/COFF sections"
+ if [[ "${PIPESTATUS[0]}" != 0 ]] ; then
echo "Problem signing the binary $1! Aborting!"
exit 1
fi
# and EspFilesystem the filesystem (always "vfat")
FindLinuxESP() {
echo "The ESP doesn't seem to be mounted! Trying to find it...."
+ local Name
local Drive
local PartNum
local TableType
local DmStatus
local SkipIt
local Dmraid
- for Drive in `ls /dev/[sh]d?` ; do
+ for Name in `lsblk -r | grep disk | cut -f 1 -d " "` ; do
+ Drive="/dev/$Name"
SkipIt=0
Dmraid=`which dmraid 2> /dev/null`
if [ -x "$Dmraid" ] ; then
if [[ $EspFilesystem != 'vfat' ]] ; then
echo "$RootDir/$InstallDir doesn't seem to be on a VFAT filesystem. The ESP must be"
echo "mounted at $RootDir/boot or $RootDir/boot/efi and it must be VFAT! Aborting!"
- exit 1
+ if [[ -d /sys/firmware/efi ]] ; then
+ exit 1
+ else
+ echo "The computer appears to be running in BIOS mode and has no ESP. You should"
+ echo "create an ESP, and ideally boot in EFI mode, before installing rEFInd."
+ exit 0
+ fi
fi
echo "ESP was found at $InstallDir using $EspFilesystem"
} # FindMountedESP