"About" menu.
#!/bin/bash
+#
+# Mac OS X script to locate and mount an EFI System Partition (ESP)
+#
+# Usage:
+#
+# ./mountesp
+#
+# This program is copyright (c) 2012-2015 by Roderick W. Smith
+# It is released under the terms of the GNU GPL, version 3,
+# a copy of which should be included in the file COPYING.txt.
+#
+# Revision history:
+#
+# 0.9.3 -- Initial release (with rEFInd 0.9.3)
# Mount the ESP at /Volumes/ESP or determine its current mount
# point.
fi
fi
Esp=/dev/`echo $Temp`
+ echo "The ESP has been identified as $Esp; attempting to mount it...."
# If the ESP is mounted, use its current mount point....
Temp=`df -P | grep "$Esp "`
MountPoint=`echo $Temp | cut -f 6- -d ' '`
if [[ "$MountPoint" == '' ]] ; then
+ if [[ $UID != 0 ]] ; then
+ echo "You must run this program as root or using sudo! Exiting!"
+ exit 1
+ fi
MountPoint="/Volumes/ESP"
mkdir /Volumes/ESP &> /dev/null
mount -t msdos "$Esp" /Volumes/ESP
#define ICON_SIZE_SMALL 1
#define ICON_SIZE_BIG 2
+// The constants related to Apple's System Integrity Protection (SIP)....
+#define CSR_GUID { 0x7c436110, 0xab2a, 0x4bbb, { 0xa8, 0x80, 0xfe, 0x41, 0x99, 0x5c, 0x9f, 0x82 } };
+// These codes are returned in the first byte of the csr-active-config variable
+#define CSR_ALLOW_UNTRUSTED_KEXTS 0x01
+#define CSR_ALLOW_UNRESTRICTED_FS 0x02
+#define CSR_ALLOW_TASK_FOR_PID 0x04
+#define CSR_ALLOW_KERNEL_DEBUGGER 0x08
+#define CSR_ALLOW_APPLE_INTERNAL 0x10
+#define CSR_ALLOW_UNRESTRICTED_DTRACE 0x20
+#define CSR_ALLOW_UNRESTRICTED_NVRAM 0x40
+// Some summaries....
+#define SIP_ENABLED CSR_ALLOW_APPLE_INTERNAL
+#define SIP_DISABLED (CSR_ALLOW_UNRESTRICTED_NVRAM | \
+ CSR_ALLOW_UNRESTRICTED_DTRACE | \
+ CSR_ALLOW_APPLE_INTERNAL | \
+ CSR_ALLOW_TASK_FOR_PID | \
+ CSR_ALLOW_UNRESTRICTED_FS | \
+ CSR_ALLOW_UNTRUSTED_KEXTS)
+
// Names of binaries that can manage MOKs....
#define MOK_NAMES L"MokManager.efi,HashTool.efi,HashTool-signed.efi,KeyTool.efi,KeyTool-signed.efi"
// Directories to search for these MOK-managing programs. Note that SelfDir is
// misc functions
//
+static INTN GetCsrStatus(VOID) {
+ CHAR8 *CsrValues;
+ UINTN CsrLength;
+ EFI_GUID CsrGuid = CSR_GUID;
+ EFI_STATUS Status;
+
+ Status = EfivarGetRaw(&CsrGuid, L"csr-active-config", &CsrValues, &CsrLength);
+ if ((Status == EFI_SUCCESS) && (CsrLength == 4))
+ return CsrValues[0];
+ else
+ return -1;
+} // INTN GetCsrStatus()
+
static VOID AboutrEFInd(VOID)
{
CHAR16 *FirmwareVendor;
if (AboutMenu.EntryCount == 0) {
AboutMenu.TitleImage = BuiltinIcon(BUILTIN_ICON_FUNC_ABOUT);
- AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.9.2.4");
+ AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.9.2.5");
AddMenuInfoLine(&AboutMenu, L"");
AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2006-2010 Christoph Pfisterer");
AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2012-2015 Roderick W. Smith");
#else
AddMenuInfoLine(&AboutMenu, L" Platform: unknown");
#endif
+ if (StriSubCmp(L"Apple", ST->FirmwareVendor)) {
+ switch (GetCsrStatus()) {
+ case SIP_ENABLED:
+ AddMenuInfoLine(&AboutMenu, L" System Integrity Protection is enabled");
+ break;
+ case SIP_DISABLED:
+ AddMenuInfoLine(&AboutMenu, L" System Integrity Protection is disabled");
+ break;
+ default:
+ AddMenuInfoLine(&AboutMenu, L" System Integrity Protection status is unrecognized");
+ } // switch
+ } // if
FirmwareVendor = StrDuplicate(ST->FirmwareVendor);
LimitStringLength(FirmwareVendor, MAX_LINE_LENGTH); // More than ~65 causes empty info page on 800x600 display
AddMenuInfoLine(&AboutMenu, PoolPrint(L" Firmware: %s %d.%02d", FirmwareVendor, ST->FirmwareRevision >> 16,