-if [[ ! -n $ExistingEntry ]] ; then
- InstallDisk=`grep /boot/efi /etc/mtab | cut -d " " -f 1 | cut -c 1-8`
- PartNum=`grep /boot/efi /etc/mtab | cut -d " " -f 1 | cut -c 9-10`
- efibootmgr -c -d $InstallDisk -p $PartNum -l \\EFI\\refind\\refind.efi -L "rEFInd Boot Manager"
+if [[ -n $ExistingEntry ]] ; then
+ efibootmgr --bootnum $ExistingEntry --delete-bootnum &> /dev/null
+fi
+
+cd /usr/share/refind-%{version}
+
+if [[ -f /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data ]] ; then
+ IsSecureBoot=`od -An -t u1 /sys/firmware/efi/vars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c/data | tr -d '[[:space:]]'`
+else
+ IsSecureBoot="0"
+fi
+# Note: Two find operations for ShimFile favors shim over PreLoader -- if both are
+# present, the script uses shim rather than PreLoader.
+declare ShimFile=`find /boot -name shim\.efi -o -name shimx64\.efi -o -name PreLoader\.efi 2> /dev/null | head -n 1`
+if [[ ! -n $ShimFile ]] ; then
+ declare ShimFile=`find /boot -name PreLoader\.efi 2> /dev/null | head -n 1`
+fi
+declare SBSign=`which sbsign 2> /dev/null`
+declare OpenSSL=`which openssl 2> /dev/null`
+
+# Run the rEFInd installation script. Do so with the --shim option
+# if Secure Boot mode is suspected and if a shim program can be
+# found, or without it if not. If the sbsign and openssl programs
+# can be found, do the install using a local signing key. Note that
+# this option is undesirable for a distribution, since it would
+# then require the user to enroll an extra MOK. I'm including it
+# here because I'm NOT a distribution maintainer, and I want to
+# encourage users to use their own local keys.
+if [[ $IsSecureBoot == "1" && -n $ShimFile ]] ; then
+ if [[ -n $SBSign && -n $OpenSSL ]] ; then
+ ./install.sh --shim $ShimFile --localkeys --yes
+ else
+ ./install.sh --shim $ShimFile --yes
+ fi
+else
+ if [[ -n $SBSign && -n $OpenSSL ]] ; then
+ ./install.sh --localkeys --yes
+ else
+ ./install.sh --yes
+ fi