From: srs5694
Originally written: 3/14/2012; last Web page update: -9/19/2015, referencing rEFInd 0.9.2
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
diff --git a/docs/refind/configfile.html b/docs/refind/configfile.html index c62fcd5..36fc59d 100644 --- a/docs/refind/configfile.html +++ b/docs/refind/configfile.html @@ -17,7 +17,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -11/1/2015, referencing rEFInd 0.9.3
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -132,7 +132,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comMany casual users will be able to use rEFInd without making changes to its settings; in its default configuration, the boot manager automatically detects all the EFI boot loader programs you have on your EFI System Partition (ESP) (or your OS X boot partition, in the case of Macs) and displays icons for them. On Macs, rEFInd also presents legacy BIOS boot options by default. Sometimes, though, you may want to tweak rEFInd's configuration. Sometimes you can obtain your desired results by adjusting the filenames of your boot loaders. Other times, you can edit rEFInd's configuration file, refind.conf, which resides in the same directory as its binary file (refind_x64.efi or whatever you've renamed it).
+Many casual users will be able to use rEFInd without making changes to its settings; in its default configuration, the boot manager automatically detects all the EFI boot loader programs you have on your EFI System Partition (ESP) (or your OS X boot partition, in the case of Macs) in conventional locations and displays icons for them. On Macs, rEFInd also presents legacy BIOS boot options by default. Sometimes, though, you may want to tweak rEFInd's configuration. Sometimes you can obtain your desired results by adjusting the filenames of your boot loaders. Other times, you can edit rEFInd's configuration file, refind.conf, which resides in the same directory as its binary file (refind_x64.efi or whatever you've renamed it).
Prior to version 0.2.4, rEFInd supported a token called disable, whose function partially overlapped with hideui. Version 0.2.4 merges many of the features of these two tokens into hideui and creates the new showtools option, which provides the remaining functionality in a more flexible way.
-As an example of rEFInd configuration, consider the following refind.conf file:
@@ -505,7 +503,7 @@ default_selection eliloAs an example, consider the following entries:
-menuentry "Ubuntu Linux" { +menuentry "Ubuntu" { loader /EFI/ubuntu/grubx64.efi disabled } @@ -525,7 +523,7 @@ menuentry "Windows via shell script" { }-This example sets up three entries: one for Ubuntu Linux, one for Arch Linux, and one to launch a shell script. Note that the final entry uses different directory separators from the first two, simply to demonstrate the fact that it's possible. (The form of directory separators in options lines is important, though, because the program being launched may expect a particular directory separator character.) The Ubuntu entry sets no icon, since rEFInd will note that the boot loader is stored in the ubuntu directory, and it will automatically find the appropriate Ubuntu icon (os_ubuntu.png). This option is, however, disabled, so no matching icon will appear when you reboot unless you first comment out or delete the disabled line.
+This example sets up three entries: one for Ubuntu, one for Arch Linux, and one to launch a shell script. Note that the final entry uses different directory separators from the first two, simply to demonstrate the fact that it's possible. (The form of directory separators in options lines is important, though, because the program being launched may expect a particular directory separator character.) The Ubuntu entry sets no icon, since rEFInd will note that the boot loader is stored in the ubuntu directory, and it will automatically find the appropriate Ubuntu icon (os_ubuntu.png). This entire entry is, however, disabled, so no matching icon will appear when you reboot unless you first comment out or delete the disabled line.
@@ -641,7 +639,7 @@ menuentry Arch {Adjusting the Default Boot Option
-Just before launching an OS, rEFInd stores the description in the EFI variable PreviousBoot with a GUID of 36d08fa7-cf0b-42f5-8f14-68df73ed3740. The next time it launches, it reads that same variable and sets the default boot loader to that value, if it's still available and if the first item in default_selection in the refind.conf file is a plus sign (+).
+Just before launching an OS, rEFInd stores the description in the EFI variable PreviousBoot with a GUID of 36d08fa7-cf0b-42f5-8f14-68df73ed3740. The next time rEFInd launches, it reads that same variable and sets the default boot loader to that value, if it's still available and if the first item in default_selection in the refind.conf file is a plus sign (+).
Under Linux, the variable that rEFInd uses to store this information is accessible as /sys/firmware/efi/efivars/PreviousBoot-36d08fa7-cf0b-42f5-8f14-68df73ed3740. Thus, you can back up this value, modify it, and write it back out to adjust your next-booted OS. Getting this string just right can be a bit tricky, though, and if the kernel doesn't like its format, it will not let you modify the variable. If you try to modify the variable, be aware that it's stored in UTF-16 format. As with the default_selection token in refind.conf, you can enter any substring that uniquely identifies the entry you want to boot.
diff --git a/docs/refind/drivers.html b/docs/refind/drivers.html index a497a71..22d6705 100644 --- a/docs/refind/drivers.html +++ b/docs/refind/drivers.html @@ -17,7 +17,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 4/19/2012; last Web page update: -9/19/2015, referencing rEFInd 0.9.2
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -238,7 +238,12 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com refind_linux.conf file. Without the first of these options, rEFInd could not locate my kernel; and without the second, the boot failed with a message to the effect that the initial RAM disk could not - find /sbin/init. + find /sbin/init. rEFInd 0.10.0 adds @/boot as a + standard option to also_scan_dirs, and its + refind-install and mkrlconf scripts should pick up + the root flags, assuming the system is booted into the regular + installation. These additions make it easier to set up rEFInd to work + with Btrfs.
When you reboot after installing drivers, rEFInd should automatically detect and use the drivers you install. There's likely to be an extra delay, typically from one to five seconds, as rEFInd loads the drivers and tells the EFI to detect the filesystems they handle. For this reason, and because of the possibility of drivers harboring bugs, I recommend installing only those drivers that you need. If you like, you can install drivers you don't plan on using to some other directory, such as /drivers on the ESP's root. You can then load these drivers manually with the EFI shell's load command if the need arises in the future. You can then tell the shell to re-assign drive identifiers with map -r:
-fs0: load reiserfs_x64.efi +fs0: load btrfs_x64.efi fs0: map -rdiff --git a/docs/refind/features.html b/docs/refind/features.html index d1ca426..4f98a37 100644 --- a/docs/refind/features.html +++ b/docs/refind/features.html @@ -17,7 +17,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com
Originally written: 3/14/2012; last Web page update: -9/19/2015, referencing rEFInd 0.9.2
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -244,6 +244,10 @@ such as those with Gigabyte's Hybrid EFI, lack a usable CSM.On the flip side, at least for Mac users, rEFInd comes with less sophisticated Mac installation tools than does rEFIt, in favor of more OS-agnostic packaging.
diff --git a/docs/refind/getting.html b/docs/refind/getting.html index c359222..6a9776a 100644 --- a/docs/refind/getting.html +++ b/docs/refind/getting.html @@ -17,7 +17,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -9/19/2015, referencing rEFInd 0.9.2
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -138,7 +138,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -11/1/2015, referencing rEFInd 0.9.3
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -144,6 +144,8 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comSubsequent sections of this document are on separate pages. Be aware that you probably don't need to read them all; just skip to the sections that interest you:
+Note: I consider rEFInd to be beta-quality software! That said, rEFInd is a usable program in its current form on many systems. If you have problems, feel free to drop me a line.
+ -Note: I consider rEFInd to be beta-quality software! That said, rEFInd is a usable program in its current form on many systems. If you have problems, feel free to drop me a line.
-Originally written: 3/14/2012; last Web page update: -9/19/2015, referencing rEFInd 0.9.2
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -226,11 +226,11 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comI provide RPM and Debian package files for rEFInd; and starting with version 0.8.1, I'm maintaining an Ubuntu PPA for rEFInd. If you have a working RPM-based or Debian-based Linux installation that boots in EFI mode, using one of these files is likely to be the easiest way to install rEFInd: You need only download the file and issue an appropriate installation command. In some cases, double-clicking the package in your file manager will install it. If that doesn't work, a command like the following will install the RPM on an RPM-based system:
-# rpm -Uvh refind-0.9.2-1.x86_64.rpm+
# rpm -Uvh refind-0.10.0-1.x86_64.rpm
On a Debian-based system, the equivalent command is:
-# dpkg -i refind_0.9.2-1_amd64.deb+
# dpkg -i refind_0.10.0-1_amd64.deb
Either command produces output similar to that described for using the refind-install script, so you can check it for error messages and other signs of trouble. The package file installs rEFInd and registers it with the EFI to be the default boot loader. The script that runs as part of the installation process tries to determine if you're using Secure Boot, and if so it will try to configure rEFInd to launch using shim; however, this won't work correctly on all systems. Ubuntu 12.10 users who are booting with Secure Boot active should be wary, since the resulting installation will probably try to use Ubuntu's version of shim, which won't work correctly with rEFInd. The shim program provided with more recent versions of Ubuntu should work correctly.
@@ -250,7 +250,7 @@ $ sudo apt-get install refindIf you're using Linux or Mac OS X, the easiest way to install rEFInd is to use the refind-install script. This script automatically copies rEFInd's files to your ESP or other target location and makes changes to your firmware's NVRAM settings so that rEFInd will start the next time you boot. If you've booted to OS X or in non-Secure-Boot EFI mode to Linux on a UEFI-based PC, refind-install will probably do the right thing, so you can get by with the quick instructions. If your setup is unusual, if your computer uses Secure Boot, or if you want to create a USB flash drive with rEFInd on it, you should read the extra instructions for this utility.
@@ -258,7 +258,7 @@ $ sudo apt-get install refindBy default, the refind-install script installs rEFInd to your disk's ESP. Under Mac OS X, you can instead install rEFInd to your current OS X boot partition by passing the script the --notesp option, or to a non-boot HFS+ partition by using the --ownhfs devicefile option. Under either OS, you can install to something other than the currently-running OS by using the --root /mountpoint option. (See Table 1 for details.)
@@ -490,7 +490,7 @@ Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda1 191284 16604 174681 9% /boot/efi - +This example shows that /dev/sda1 is mounted at /boot/efi, which is a typical configuration. (The ESP can be on another disk or partition, but /dev/sda1 is the most common place for an ESP.) If your output shows /boot or / under the Mounted on column, then your ESP isn't mounted. (An exception is if you're mounting the ESP at /boot. This is an unusual configuration. If you're using it, you can proceed, making suitable adjustments to subsequent commands.) If you get a df: `/boot/efi': No such file or directory error message, then the /boot/efi directory doesn't even exist. In such cases, you may need to jump through some extra hoops, as described on my EFI Boot Loader Installation page.
@@ -526,7 +526,7 @@ Filesystem 1K-blocks Used Available Use% Mounted onBefore installing rEFInd on a Mac, you must determine whether it uses a 32-bit or 64-bit EFI implementation. Most Intel-based Macs have 64-bit EFIs, so you should use the refind_x64.efi file with them; but very early Intel-based Macs have 32-bit EFIs (and sometimes 32-bit CPUs), which require the refind_ia32.efi file. You can determine whether your Mac needs the x86-64 or IA32 build by typing the following command in a Mac Terminal window:
@@ -547,16 +547,19 @@ $ ioreg -l -p IODeviceTree | grep firmware-abiPrior to version 0.8.5, these instructions and the refind-install script omitted the --shortform option from the bless command when installing rEFInd to the ESP. An rEFInd user, however, discovered that using the option eliminated the 30-second delay, so it is now the default with 0.8.5's refind-install, and is specified in the instructions. If you installed rEFInd 0.8.4 or earlier, you may want to re-install or re-bless rEFInd using this option.
+Prior to version 0.8.5, these instructions and the refind-install script omitted the --shortform option from the bless command when installing rEFInd to the ESP. A rEFInd user, however, discovered that using the option eliminated the 30-second delay, so it is now the default with 0.8.5's refind-install, and is specified in the instructions. If you installed rEFInd 0.8.4 or earlier, you may want to re-install or re-bless rEFInd using this option.
There is one caveat, though: The man page for bless notes that --shortform notes that its use can come "at the expense of boot time performance." Thus, it's not clear to me that this option might not actually create problems on some computers. (It's eliminated the boot delay on my 2014 MacBook Air and has no detrimental effect on an old 32-bit Mac Mini that's never had a boot delay problem, though.) Thus, if you have problems with rEFInd 0.8.5 or later, you might try running bless, as described in Installing rEFInd Manually Using OS X's step 8, but omit the --shortform option.
@@ -1211,7 +1212,8 @@ $ ioreg -l -p IODeviceTree | grep firmware-abiThis example shows use of efibootmgr's --verbose (-v) option to display boot programs so as to identify which one is rEFInd, followed by --delete-bootnum (-B) to delete a boot program and --bootnum (-b) to identify which one to delete. Of course, in this example there's not much else left, so you'd presumably want to install another boot program at this point! If you already have another one installed, you may want to check the BootOrder line to determine which one will take precedence when you reboot. If you don't like what it shows, you can adjust it with the --bootorder (-o) option; consult efibootmgr's man page for details.
If you're not using Linux, you may be able to find a utility that serves diff --git a/docs/refind/linux.html b/docs/refind/linux.html index 5598748..a6dc04c 100644 --- a/docs/refind/linux.html +++ b/docs/refind/linux.html @@ -17,7 +17,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com
Originally written: 3/19/2012; last Web page update: -9/19/2015, referencing rEFInd 0.9.2
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
diff --git a/docs/refind/revisions.html b/docs/refind/revisions.html index 32f708b..bd713c6 100644 --- a/docs/refind/revisions.html +++ b/docs/refind/revisions.html @@ -16,7 +16,7 @@by Roderick W. Smith, rodsmith@rodsbooks.com
-Last Web page update: 9/19/2015
+Last Web page update: 11/8/2015
This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -132,6 +132,92 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 11/13/2012; last Web page update: -9/19/2015, referencing rEFInd 0.9.2
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -154,6 +154,13 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com + +If you're using a computer that supports Secure Boot, you may run into extra complications. This feature is intended to make it difficult for malware to insert itself early into the computer's boot process. Unfortunately, it also complicates multi-boot configurations such as those that rEFInd is intended to manage. This page describes some Secure Boot basics and two specific ways of using rEFInd with Secure Boot: Using the Shim program and using the PreLoader program. (My separate EFI Boot Loaders for Linux page on Secure Boot covers the additional topics of disabling Secure Boot and adding keys to the firmware's own set of keys.) This page concludes with a look at known bugs and limitations in rEFInd's Secure Boot features.
diff --git a/docs/refind/sip.html b/docs/refind/sip.html index 0973f40..87b055c 100644 --- a/docs/refind/sip.html +++ b/docs/refind/sip.html @@ -16,7 +16,7 @@by Roderick W. Smith, rodsmith@rodsbooks.com
-Originally written: 10/31/2015, referencing rEFInd 0.9.3
+Originally written: 11/8/2015, referencing rEFInd 0.10.0
This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -174,9 +174,9 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comTo understand SIP, you should first know that Unix-like systems, including OS X, have traditionally provided a model of security in which ordinary users can read and write their own files (word processor documents, their own digital photos, etc.), but cannot write to system files (programs, system configuration files, etc.)—and users cannot even read some system files. This system security model has worked well for decades on traditional Unix systems, which have been administered by computer professionals and used by individuals with less experience. For administrative tasks, the root account is used. On Macs, this access is generally granted by the sudo command or by various GUI tools. Most Macs are single-user computers that are administered by their users. Such people often lack the knowledge of the professional system administrators who have traditionally managed Unix systems; but they must still perform system administration tasks such as installing new software and configuring network settings. OS X has always provided some measure of security by requiring users to enter their passwords before performing these dangerous tasks, and by providing GUI tools to help guide users through these tasks in a way that minimizes the risk of damage.
+To understand SIP, you should first know that Unix-like systems, including OS X, have traditionally provided a model of security in which ordinary users can read and write their own files (word processor documents, their own digital photos, etc.), but cannot write to system files (programs, system configuration files, etc.)—and users cannot even read some system files. This system security model has worked well for decades on traditional Unix systems, which have been administered by computer professionals and used by individuals with less experience. For administrative tasks, the root account is used. On Macs, this access is generally granted by the sudo command or by various GUI tools. Most Macs, in contrast to traditional Unix mainframes and minicomputers from the 20th century, are single-user computers that are administered by their users. Such people often lack the knowledge of the professional system administrators who have traditionally managed Unix systems; but they must still perform system administration tasks such as installing new software and configuring network settings. OS X has always provided some measure of security by requiring users to enter their passwords before performing these dangerous tasks, and by providing GUI tools to help guide users through these tasks in a way that minimizes the risk of damage.
-Apple has apparently decided that these safeguards are no longer sufficient. I won't try to speak for Apple or explain their motivations, but the result of Apple's decisions is SIP. With SIP active, as is the default, OS X limits your ability to perform some of these administrative tasks. You can still install and remove most third-party programs, configure your network, and so on; but some critical directories can no longer be written, even as root, and some utilities cannot be used in certain ways, even as root. These restrictions impact rEFInd because one of the affected tools, a command called bless, is required to tell the Mac to boot rEFInd rather than to boot OS X directly.
+Apple has apparently decided that these safeguards are no longer sufficient, at least for certain tasks, such as writing files to certain system directories and installing boot loaders. I won't try to speak for Apple or explain their motivations, but the result of Apple's decisions is SIP. With SIP active, as is the default, OS X 10.11 limits your ability to perform some of these administrative tasks. You can still install and remove most third-party programs, configure your network, and so on; but some critical directories can no longer be written, even as root, and some utilities cannot be used in certain ways, even as root. These restrictions impact rEFInd because one of the affected tools, a command called bless, is required to tell the Mac to boot rEFInd rather than to boot OS X directly.
At this point, rEFInd should come up and enable you to boot into OS X and any other OS(es) that are already installed. You should not need to perform these steps again unless OS X re-installs its own boot loader or a subsequent OS installation overrides the default boot option. You can install an updated rEFInd and it should install correctly, provided you're installing it to the EFI System Partition (ESP). The refind-install script may complain about a failure, but because you're overwriting one rEFInd binary with another one, it should continue to boot.
+At this point, rEFInd should come up and enable you to boot into OS X and any other OS(es) that are already installed. You should not need to perform these steps again unless OS X re-installs its own boot loader or a subsequent OS installation overrides the default boot option. You can install an updated rEFInd and it should install correctly, provided you're installing it to the EFI System Partition (ESP). The refind-install script may complain about a failure, but because you're overwriting one rEFInd binary with another one, it should continue to boot. (If you installed rEFInd to an HFS+ partition, though, replacing the original file will require using bless to tell the firmware about the change, so updating such an installation probably won't work with SIP active.)
You can use the Recovery HD, as in the previous procedure, to disable SIP. To do so, boot it and launch a Terminal window, as described in the previous section. Instead of locating and running the refind-instal script, though, you should type:
+You can use the Recovery HD, as in the previous procedure, to disable SIP. To do so, boot it and launch a Terminal window, as described in the previous section. Instead of locating and running the refind-install script, though, you should type:
# csrutil disable
This command will disable SIP for all OSes that honor this setting. (In theory, multiple versions of OS X might be installed on a single computer, and all of them that support SIP should honor the SIP settings. To the best of my knowledge, no non-Apple OS honors SIP settings, although that could change.)
-Once you've typed this command, you can reboot the computer. When you return to your regular OS X installation, SIP should be disabled and rEFInd should install normally, as described on the Installing rEFInd page. You will also be able to use disk partitioning tools like my GPT fdisk, write to directories that are normally off-limits, and so on. Note that disabling SIP does not disable normal Unix-style protections—you'll still need to use sudo (or enter your password in a GUI dialog box) to acquire root privileges to perform these system-administration tasks. You'll be no less safe with SIP disabled under OS X 10.11 than you would be with OS X 10.10 or earlier.
+Once you've typed this command, you can reboot the computer. When you return to your regular OS X installation, SIP should be disabled and rEFInd should install normally, as described on the Installing rEFInd page. You will also be able to use disk partitioning tools like my GPT fdisk, write to directories that are normally off-limits, and so on. Note that disabling SIP does not disable normal Unix-style protections—you'll still need to use sudo (or enter your password in a GUI dialog box) to acquire root privileges to perform these system-administration tasks. You'll be no less safe with SIP disabled under OS X 10.11 than you would be with OS X 10.10 or earlier; you simply won't have its added protections against user error or malicious software.
If you want to re-enable SIP, you can do so in exactly the way you disabled it, except that you should type csrutil enable rather than csrutil disable in the Recovery environment.
@@ -242,7 +242,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comAs described later on this page, rEFInd provides SIP control features, but they're disabled by default—except on the USB flash drive and CD-R images available from the rEFInd downloads page. On these images, the SIP control features are enabled, and can toggle between the two main modes you can set via csrutil enable and csrutil disable in the Recovery HD system. Thus, to disable SIP to install rEFInd, you can:
+As described later on this page, rEFInd 0.10.0 provides SIP control features, but they're disabled by default—except on the USB flash drive and CD-R images available from the rEFInd downloads page. On these images, the SIP control features are enabled, and can toggle between the two main modes you can set via csrutil enable and csrutil disable in the Recovery HD system. Thus, to disable SIP to install rEFInd, you can:
Once you install rEFInd, you can leave SIP enabled, adjust its SIP settings to enable the features from rEFInd and disable it from within your regular rEFInd, or boot again from your external rEFInd to disable SIP.
+Once you install rEFInd, you can leave SIP enabled, enable your newly-installed rEFInd's SIP features and use them to disable SIP, or boot again from your external rEFInd to disable SIP.
This procedure has the advantage of being a bit quicker than using the Recovery HD—at least, if you've already got rEFInd 0.10.0 or later on an external medium. It will also work if your Recovery HD installation is missing or broken. On the other hand, it's probably easier to boot to the Recovery HD once or twice than to download and prepare a rEFInd boot medium. Also, some Macs are a little flaky when it comes to booting from external media, so you may have trouble booting in this way. Finally, if you don't already have rEFInd on an external medium and if you don't have an optical drive, writing a USB flash drive with dd carries a small risk of accidentally trashing your hard disk, particularly if you're unfamiliar with disk devices and dd.
@@ -280,7 +280,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com -I've tested this method of installing rEFInd on my MacBook Air, but I can't promise it will work on all Macs—or even on an identical Mac with a configuration that's different from mine. My preference is to install rEFInd under OS X on Macs, because Apple likes to do things differently from everybody else, and so a Mac's firmware might not react in the usual way to tools like efibootmgr in Linux or bcdedit in Windows.
+I've tested this method of installing rEFInd on my MacBook Air (purchased in late 2014) and on my first-generation 32-bit Mac Mini, but I can't promise it will work on all Macs—or even on a Mac that's identical to one of mine but with a configuration that's different from mine. My preference is to install rEFInd under OS X on Macs, because Apple likes to do things differently from everybody else, and so a Mac's firmware might not react in the usual way to tools like efibootmgr in Linux or bcdedit in Windows.
Note that both of these options must be set appropriately. If either of them is missing or misconfigured, rEFInd will not display the new SIP tool. A typical configuration using these features might look like this:
-showtools shell,memtest,gdisk,csr_rotate,apple_recovery,windows_recovery,mok_tool,about,shutdown,reboot,firmware +height="559" alt="rEFInd presents a graphical menu for selecting your boot OS." border=2>showtools shell,memtest,gdisk,csr_rotate,apple_recovery,windows_recovery,about,shutdown,reboot csr_values 10,77-Once these options are set and you reboot into rEFInd, you should see a new shield icon, as shown at the right. When you select this tool, rEFInd identifies the next available CSR value from the list you specified and switches to that mode, rotating back to the start of the list once the end is reached. To confirm that the SIP mode has changed, rEFInd displays, for three seconds, a message identifying the new mode.
+Once these options are set and you reboot into rEFInd, you should see a new shield icon on the second row, as shown at the right. When you select this tool, rEFInd identifies the next available CSR value from the list you specified and switches to that mode, rotating back to the start of the list once the end is reached. To confirm that the SIP mode has changed, rEFInd displays, for three seconds, a message identifying the new mode.
Whether or not you've enabled these SIP features in refind.conf, rEFInd displays the current SIP status on its "About" page:
@@ -315,11 +315,11 @@ csr_values 10,77
Note the line that reads "System Integrity Protection is disabled (0x77)." This line will be updated whenever you use the CSR rotation tool, so if you've specified a large number of values and have forgotten where you are in your rotation, you can use the About screen to figure it out.
+Note the line that reads "System Integrity Protection is disabled (0x77)" (highlighted in this screen shot). This line will be updated whenever you use the CSR rotation tool, so if you've specified a large number of values and have forgotten where you are in your rotation, you can use the About screen to figure it out.
Both the summary on the About page and the CSR rotation tool depend on the presence of the csr-active-config NVRAM variable, which is where this information is stored. Thus, these features will not be present on older Macs that have not seen the presence of an OS X version that sets this variable. Likewise, you probably won't see the SIP summary in About or be able to set these values via csr_rotate and csr_values on a UEFI-based PC. (You could always create the variable on such a system in some other way, in which case rEFInd would let you adjust it, but it would have no effect on any OS except OS X.)
-I provide these features in rEFInd as a convenience for developers and other advanced users who have a legitimate need to adjust their SIP settings. Using rEFInd for this purpose is much faster than booting into the OS X Recovery system to make these adjustments. I discourage others from playing with these settings, since changing them inappropriately could cause problems; that's why they're not enabled by default.
+I provide these features in rEFInd as a convenience for developers and other advanced users who have a need to adjust their SIP settings. Using rEFInd for this purpose is much faster than booting into the OS X Recovery system to make these adjustments. I discourage others from playing with these settings, since changing them inappropriately could cause problems; that's why they're not enabled by default.
Originally written: 4/19/2012; last Web page update: -11/1/2015, referencing rEFInd 0.9.3
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -192,7 +192,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comNote that in this example, the text immediately below the icons is white, whereas the hint text at the bottom of the screen is black. The text color is determined by the brightness of the background; rEFInd uses black text against light backgrounds and light text against dark backgrounds. This adjustment is done on a line-by-line basis, so it copes better with horizontal lines than with vertical lines.
-If you want to use a full-screen background but also include the rEFInd logo, you can merge the two in a graphics editor by including the refind_banner-alpha.png image from the banners subdirectory of the rEFInd package in your background.
+If you want to use a full-screen background but also include the rEFInd logo, you can merge the two in a graphics editor by including the refind_banner-alpha.png or refind-banner.svg image from the banners subdirectory of the rEFInd package in your background.
Beginning with rEFInd 0.7.8, it's possible to stretch or shrink any image to fill the screen. To do so, you should use the banner_scale option in refind.conf: Set it to noscale (the default) to use small banners as such or to crop larger images; or set it to fillscreen to adjust your banner's size to exactly fill the screen. This should be particularly handy for theme developers who want to use a full-screen background image, since you can now do this with just one image file.
@@ -200,9 +200,9 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comThe core icons in rEFInd 0.9.3 and later come from the The core icons in rEFInd 0.10.0 and later come from the AwOken 2.5 icon set, with additional icons created by me, and a few others taken from other sources. (The details are documented in the README file in @@ -230,7 +230,7 @@ graphics, so you can change them.
-As an example of what the combination of icons and backgrounds can do, consider my own Snowy theme, showing the same boot options as the preceding image:
+As an example of what the combination of icons and backgrounds can do, consider my own Snowy theme, showing the same boot options as the preceding image:
Originally written: 3/14/2012; last Web page update: -9/13/2015, referencing rEFInd 0.9.1
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
diff --git a/docs/refind/using.html b/docs/refind/using.html index 4d5f3e7..3b3dff6 100644 --- a/docs/refind/using.html +++ b/docs/refind/using.html @@ -17,7 +17,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -11/1/2015, referencing rEFInd 0.9.3
+11/8/2015, referencing rEFInd 0.10.0This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -210,7 +210,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comIf you press the Insert, F2, or + key, rEFInd will show a menu that may hold additional options, depending on the OS type. (OS X and Linux are most likely to hold interesting options on their submenus.) The following figure shows the submenu for Mac OS X. You can use this menu much like the main menu; move the cursor to select the option you want to use, then press the Enter key to launch the boot loader with the selected options. Press the Esc key or select Return to Main Menu to return to the main menu.
+If you press the Insert, F2, or + key, rEFInd will show a menu that may hold additional options, depending on the OS type. (OS X and Linux are most likely to hold interesting options on their submenus.) The following figure shows the submenu for Mac OS X. You can use this menu much like the main menu; move the cursor to select the option you want to use, then press the Enter key to launch the boot loader with the selected options. Press the Esc key or select Return to Main Menu to return to the main menu. (See the Methods of Booting Linux page for information on what you might see on a Linux submenu page.)
Installing rEFInd using El Capitan
+rEFInd and System Integrity Protection
Return to my main Web page.