# "--shim {shimfile}" to install a shim.efi file for Secure Boot
# "--preloader" is synonymous with "--shim"
# "--localkeys" to re-sign x86-64 binaries with a locally-generated key
+# "--keepname" to keep refind_x64.efi name as such even when using shim
# "--yes" to assume a "yes" response to all prompts
#
# The "esp" option is valid only on Mac OS X; it causes
#
# Revision history:
#
+# 0.9.2 -- Added --keepname option.
+# 0.8.7 -- Better detection of Secure Boot mode & fixed errors when copying
+# Shim & MokManager files over themselves; fixed bug that caused
+# inappropriate installation to EFI/BOOT/bootx64.efi
# 0.8.6 -- Fixed bugs that caused misidentification of ESP on disks with
# partition numbers over 10 on OS X and misidentification of mount
# point if already-mounted ESP had space in path.
LocalKeysBase="refind_local"
ShimSource="none"
ShimType="none"
+KeepName=0
TargetShim="default"
TargetX64="refind_x64.efi"
TargetIA32="refind_ia32.efi"
ShimType=`basename $ShimSource`
shift
;;
+ --keepname) KeepName=1
+ ;;
--drivers | --alldrivers) InstallDrivers="all"
;;
--nodrivers) InstallDrivers="none"
--yes) AlwaysYes=1
;;
* ) echo "Usage: $0 [--notesp | --usedefault {device-file} | --root {dir} |"
- echo " --ownhfs {device-file} ]"
- echo " [--nodrivers | --alldrivers] [--shim {shim-filename}]"
- echo " [--localkeys] [--yes]"
+ echo " --ownhfs {device-file} ] [--keepname]"
+ echo " [--nodrivers | --alldrivers]"
+ echo " [--localkeys] [--keepname] [--yes]"
exit 1
esac
shift
echo "If you use --ownhfs, you may NOT use --usedefault! Aborting!"
exit 1
fi
+ if [[ "$KeepName" == 1 && "$ShimSource" == "none" ]] ; then
+ echo "The --keepname option is meaningful only in conjunction with --shim"
+ echo "or --preloader! Aborting!"
+ exit 1
+ fi
+ if [[ "$KeepName" == 1 && "$OSName" != "Linux" ]] ; then
+ echo "The --keepname option is valid only under Linux! Aborting!"
+ exit 1
+ fi
+ if [[ "$KeepName" == 1 && "$TargetDir" != "/EFI/BOOT" ]] ; then
+ echo "The --keepname option is incompatible with --usedefault! Aborting!"
+ exit 1
+ fi
RLConfFile="$RootDir/boot/refind_linux.conf"
EtcKeysDir="$RootDir/etc/refind.d/keys"
} # GetParams()
exit 1
fi
+ echo "ShimSource is $ShimSource"
if [[ "$ShimSource" != "none" ]] ; then
if [[ -f "$ShimSource" ]] ; then
if [[ $ShimType == "shimx64.efi" || $ShimType == "shim.efi" ]] ; then
# Helper for CopyRefindFiles; copies shim files (including MokManager, if it's
# available) to target.
CopyShimFiles() {
- cp -fb "$ShimSource" "$InstallDir/$TargetDir/$TargetShim"
- if [[ $? != 0 ]] ; then
- Problems=1
- fi
- if [[ -f "$MokManagerSource" ]] ; then
- cp -fb "$MokManagerSource" "$InstallDir/$TargetDir/"
+ local inode1=`ls -i "$ShimSource" 2> /dev/null | cut -f 1 -d " "`
+ local inode2=`ls -i "$InstallDir/$TargetDir/$TargetShim" 2> /dev/null | cut -f 1 -d " "`
+ if [[ $inode1 != $inode2 ]] ; then
+ cp -fb "$ShimSource" "$InstallDir/$TargetDir/$TargetShim"
+ if [[ $? != 0 ]] ; then
+ Problems=1
+ fi
fi
- if [[ $? != 0 ]] ; then
- Problems=1
+ inode1=`ls -i "$MokManagerSource" 2> /dev/null | cut -f 1 -d " "`
+ local TargetMMName=`basename $MokManagerSource`
+ inode2=`ls -i "$InstallDir/$TargetDir/$TargetMMName" 2> /dev/null | cut -f 1 -d " "`
+ if [[ $inode1 != $inode2 ]] ; then
+ if [[ -f "$MokManagerSource" ]] ; then
+ cp -fb "$MokManagerSource" "$InstallDir/$TargetDir/"
+ fi
+ if [[ $? != 0 ]] ; then
+ Problems=1
+ fi
fi
} # CopyShimFiles()
TargetIA32="bootia32.efi"
TargetShim="bootx64.efi"
fi
+ if [[ $KeepName == 1 ]] ; then
+ echo "Installation is to /EFI/BOOT, which is incompatible with --keepname! Aborting!"
+ exit 1
+ fi
} # SetVarsForBoot()
# Set variables for installation in EFI/Microsoft/Boot directory
TargetDir="/EFI/Microsoft/Boot"
if [[ $ShimSource == "none" ]] ; then
TargetX64="bootmgfw.efi"
+ TargetIA32="bootmgfw.efi"
else
if [[ $ShimType == "shim.efi" || $ShimType == "shimx64.efi" ]] ; then
TargetX64="grubx64.efi"
fi
TargetShim="bootmgfw.efi"
fi
+ if [[ $KeepName == 1 ]] ; then
+ echo "Installation is to /EFI/Microsoft/Boot, which is incompatible with --keepname!"
+ echo "Aborting!"
+ exit 1
+ fi
} # SetVarsForMsBoot()
# TargetDir defaults to /EFI/refind; however, this function adjusts it as follows:
DetermineTargetDir() {
Upgrade=0
- if [[ -f $InstallDir/EFI/BOOT/refind.conf ]] ; then
+ if [[ -f $InstallDir/EFI/BOOT/refind.conf && ! -f $InstallDir/EFI/refind/refind.conf ]] ; then
SetVarsForBoot
Upgrade=1
fi
- if [[ -f $InstallDir/EFI/Microsoft/Boot/refind.conf ]] ; then
+ if [[ -f $InstallDir/EFI/Microsoft/Boot/refind.conf && ! -f $InstallDir/EFI/refind/refind.conf ]] ; then
SetVarsForMsBoot
Upgrade=1
fi
if [[ -f $InstallDir/EFI/refind/refind.conf ]] ; then
TargetDir="/EFI/refind"
- if [[ "$OSName" == 'Darwin' ]] ; then
+ if [[ $ShimSource == "none" || $KeepName == 1 ]] ; then
TargetX64="refind_x64.efi"
TargetIA32="refind_ia32.efi"
fi
<key>ProductName</key>
<string>rEFInd</string>
<key>ProductVersion</key>
- <string>0.8.5</string>
+ <string>0.9.2</string>
</dict>
</plist>
ENDOFHERE
# appropriate options haven't been set, warn the user and offer to abort.
# If we're NOT in Secure Boot mode but the user HAS specified the --shim
# or --localkeys option, warn the user and offer to abort.
-#
-# FIXME: Although I checked the presence (and lack thereof) of the
-# /sys/firmware/efi/vars/SecureBoot* files on my Secure Boot test system
-# before releasing this script, I've since found that they are at least
-# sometimes present when Secure Boot is absent. This means that the first
-# test can produce false alarms. A better test is highly desirable.
CheckSecureBoot() {
- VarFile=`ls -d /sys/firmware/efi/vars/SecureBoot* 2> /dev/null`
- if [[ -n "$VarFile" && "$TargetDir" != '/EFI/BOOT' && "$ShimSource" == "none" ]] ; then
+ local IsSecureBoot
+ if [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
+ IsSecureBoot=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'`
+ else
+ IsSecureBoot="0"
+ fi
+ if [[ $IsSecureBoot == "1" && "$TargetDir" != '/EFI/BOOT' && "$ShimSource" == "none" ]] ; then
echo ""
- echo "CAUTION: Your computer appears to support Secure Boot, but you haven't"
- echo "specified a valid shim.efi file source. If you've disabled Secure Boot and"
- echo "intend to leave it disabled, this is fine; but if Secure Boot is active, the"
- echo "resulting installation won't boot. You can read more about this topic at"
+ echo "CAUTION: Your computer appears to be booted with Secure Boot, but you haven't"
+ echo "specified a valid shim.efi file source. Chances are you should re-run with"
+ echo "the --shim option. You can read more about this topic at"
echo "http://www.rodsbooks.com/refind/secureboot.html."
echo ""
echo -n "Do you want to proceed with installation (Y/N)? "
fi
fi
- if [[ "$ShimSource" != "none" && ! -n "$VarFile" ]] ; then
+ if [[ "$ShimSource" != "none" && ! $IsSecureBoot == "1" ]] ; then
echo ""
echo "You've specified installing using a shim.efi file, but your computer does not"
echo "appear to be running in Secure Boot mode. Although installing in this way"
fi
fi
- if [[ $LocalKeys != 0 && ! -n "$VarFile" ]] ; then
+ if [[ $LocalKeys != 0 && ! $IsSecureBoot == "1" ]] ; then
echo ""
echo "You've specified re-signing your rEFInd binaries with locally-generated keys,"
echo "but your computer does not appear to be running in Secure Boot mode. The"
# If this fails, sets Problems=1
AddBootEntry() {
local PartNum
- InstallIt="0"
Efibootmgr=`which efibootmgr 2> /dev/null`
if [[ "$Efibootmgr" ]] ; then
InstallDisk=`grep "$InstallDir" /etc/mtab | cut -d " " -f 1 | cut -c 1-8`
echo "manager. The boot order is being adjusted to make rEFInd the default boot"
echo "manager. If this is NOT what you want, you should use efibootmgr to"
echo "manually adjust your EFI's boot order."
- "$Efibootmgr" -b $ExistingEntryBootNum -B &> /dev/null
- InstallIt="1"
fi
- else
- InstallIt="1"
+ "$Efibootmgr" -b $ExistingEntryBootNum -B &> /dev/null
fi
- if [[ $InstallIt == "1" ]] ; then
- echo "Installing it!"
+ echo "Installing it!"
+ if [[ "$KeepName" == 0 ]] ; then
"$Efibootmgr" -c -l "$EfiEntryFilename" -L "rEFInd Boot Manager" -d $InstallDisk -p $PartNum &> /dev/null
- if [[ $? != 0 ]] ; then
- EfibootmgrProblems=1
- Problems=1
- fi
+ else
+ "$Efibootmgr" -c -l "$EfiEntryFilename" -L "rEFInd Boot Manager" -d $InstallDisk -p $PartNum \
+ -u "$TargetShim $TargetX64" &> /dev/null
+ fi
+ if [[ $? != 0 ]] ; then
+ EfibootmgrProblems=1
+ Problems=1
fi
else # efibootmgr not found