From: srs5694 by Roderick W. Smith, rodsmith@rodsbooks.com Originally written: 3/14/2012; last Web page update:
-12/30/2012, referencing rEFInd 0.6.2 Originally written: 3/14/2013; last Web page update:
+1/6/2012, referencing rEFInd 0.6.3 I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
Before you invest time in downloading and trying to install rEFInd, you may want to verify that you can actually use the program at all. rEFInd is useful only on EFI-based computers, not older BIOS-based computers. In fact, most EFI-based x86-64 computers provide a Compatibility Support Module (CSM), which is essentially a BIOS emulation mode. Some EFI implementations are in fact built atop a conventional BIOS, and retain BIOS's boot abilities via this underlying code. Thus, it's possible that you're currently booting a modern EFI-capable computer in BIOS mode.
+Unfortunately, determining which mode you're using can be tricky; the clues are subtle or hidden in ways that require specialized knowledge to extract. This page will help you figure it out. I first present general information on identifying your hardware's capabilities. I then describe ways to identify your current boot mode in both Linux and Windows.
+Let's get the easy case out of the way: If you have a Macintosh with an Intel CPU, it's got EFI capabilities, and you'll be able to use rEFInd. Earlier Macs with PowerPC CPUs use OpenFirmware, and rEFInd can't be used with them.
@@ -114,7 +136,9 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comPositive identification of EFI support in your firmware does not guarantee that your current OSes are booting in EFI mode. (Mac OS X booting on a Mac is an exception to this rule, though.) For that, you'll need to run some tests in your running OSes.
+Identifying your boot mode in Linux is relatively straightforward. The simplest way is to check for the presence of a /sys/firmware/efi directory. The mere existence of this directory indicates that the computer has booted in EFI mode. Its absence suggests a BIOS-mode boot—but see below for an important caveat.
@@ -149,7 +173,9 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOne caveat exists to these tests: It's possible to boot Linux in EFI mode but disable the EFI features that create the /sys/firmware/efi directory and the copious EFI output in dmesg. This can happen because your kernel was compiled without EFI support or because you've added the noefi line to your existing BIOS boot loader configuration. To the best of my knowledge, no major Linux distribution ships with EFI support disabled in either of these ways, so chances are your tests won't mislead you to thinking you're using BIOS mode unless you've recompiled your kernel or deliberately added a noefi parameter to your boot loader configuration.
+The easiest way to determine your boot mode in Windows is probably to use the bcdedit program to examine your boot loader configuration. To do so, launch an administrative Command Prompt (by right-clicking a Command Prompt icon and selecting Run As Administrator from the context menu) and then type bcdedit in the window. The result will include two blocks of information, on the boot manager and the boot loader. The latter is more diagnostic. On an EFI-booted system, it will resemble the following:
@@ -194,7 +220,7 @@ resumeobject {3aa4c728-9935-11e0-9f12-806e6f6e6963}copyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/configfile.html b/docs/refind/configfile.html index 3ca8977..eb85930 100644 --- a/docs/refind/configfile.html +++ b/docs/refind/configfile.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -90,11 +90,35 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comMany casual users will be able to use rEFInd without making changes to its settings; in its default configuration, the boot manager automatically detects all the EFI boot loader programs you have on your ESP (or your OS X boot partition, in the case of Macs) and displays icons for them. On Macs, rEFInd also presents legacy BIOS boot options by default. Sometimes, though, you may want to tweak rEFInd's configuration. Sometimes you can obtain your desired results by adjusting the filenames of your boot loaders. Other times, you can edit rEFInd's configuration file, refind.conf, which resides in the same directory as its binary file (refind.efi or whatever you've renamed it).
+Broadly speaking, rEFInd's configuration file is broken down into two sections: global options and OS stanzas. The global options section sets options that apply globally—to set the timeout period, enable graphics or text mode, and so on. OS stanzas are optional, but if present, they enable you to add new boot options or replace the auto-detected options with customized ones. Both sections include configuration lines and comment lines, the latter being denoted by a leading hash mark (#). rEFInd ignores comment lines, so you can add explanatory text. The default configuration file includes numerous comments explaining each of the options.
+In addition to the main OS tag icon, you can set the badge icon for a volume by creating a file called .VolumeBadge.icns in the root directory of a partition. This icon file must include a 32x32 bitmap. If present, it replaces the disk-type icons that are overlaid on the main OS icon. If you use this feature, the badge is applied to all the boot loaders read from the disk, not just those stored in the root directory or the Apple boot loader location. You could use this feature to set a custom badge for different specific disks or to help differentiate multiple OS X installations on one computer. If you don't want any badges, you can replace the three badge icons in the rEFInd icons subdirectory (vol_external.icns, vol_internal.icns, and vol_optical.icns) with a completely transparent badge. The transparent.icns file in the rEFInd icons directory may be used for this purpose.
+You can adjust many of rEFInd's options by editing its refind.conf file. You can use any text editor you like for the job, but be sure it saves the file in plain ASCII text, not in a word processing format. (In theory, a UTF-16 encoding should also work, but I've not tried that myself.) Note that the EFI shell includes its own editor. If you need to make a change before you launch an OS, you can launch a shell, change to the rEFInd directory, and type edit refind.conf to edit the file. This EFI editor is quite primitive, but it gets the job done. After editing, you'll need to reboot for rEFInd to read the changed configuration file.
@@ -264,7 +290,9 @@ default_selection eliloThis example sets a timeout of 5 seconds; loads a custom graphic file called custom.bmp from the directory in which refind.efi resides; scans the drivers and EFI/tools/drivers directories for EFI drivers; uses manual boot loader configuration but also scans for external EFI boot loaders and EFI boot loaders on optical discs; and sets the default boot loader to the first loader found that includes the string elilo. Of course, since this file specifies use of manual boot loader configuration, it's not complete; you'll need to add at least one OS stanza to be able to boot from anything but an external disk or optical drive, as described shortly.
+OS stanzas in rEFInd are similar to those in GRUB Legacy, GRUB 2, or ELILO. You can use them to add configuration options to those that are auto-detected. You cannot modify the auto-detected options, though; if you just want to tweak one OS's configuration, you have several options, none of which is ideal:
@@ -376,7 +404,9 @@ fs0:\EFI\Microsoft\Boot\bootmgfw.efiYou can combine these OS stanzas with the global refind.conf options presented earlier. The result would contain just two entries on the rEFInd boot menu (for Gentoo and Windows, since the Ubuntu entry is disabled), unless rEFInd found other boot options on an external or optical disk.
+As described on the Using rEFInd page, rEFInd can present a menu of options for certain loader tags when you press the Insert, F2, or + key. rEFInd does this automatically when it detects Mac OS X or ELILO boot loaders, or when you set the OS type via the ostype option. The Mac OS X boot loader, in particular, accepts various options that you can use to boot in various ways.
@@ -472,7 +502,7 @@ menuentry Gentoo {copyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/drivers.html b/docs/refind/drivers.html index aa4bcee..4920313 100644 --- a/docs/refind/drivers.html +++ b/docs/refind/drivers.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 4/19/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -90,14 +90,41 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comBeginning with version 0.2.7, rEFInd has been able to load EFI drivers, and as of version 0.4.0, it has shipped with some EFI filesystem drivers. Although EFI implementations should be able to load drivers prior to rEFInd's launch, in my experience, most EFI implementations offer such poor control over EFI driver loading that they can't be counted on to do this. Thus, if you want to use EFI drivers, rEFInd's ability to do so can be useful. This page tells you why you might want to use drivers, how you can install and use rEFInd's own drivers, where you can go to find other drivers, and provides tips on a few specific drivers.
+EFI supports drivers, which can activate hardware or filesystems in the pre-boot environment. At the moment, EFI drivers are few and far between; but you can or might want to use them for various reasons:
As a side note, using an ISO-9660 driver can theoretically help you keep the size of a custom Linux boot CD/DVD down to a reasonable value. This is because EFI systems normally boot from optical discs by reading a FAT image file in El Torito format and treating that file as an ESP. If you need to store the kernel both in that file and directly in the ISO-9660 filesystem (to maintain bootability on BIOS systems), that can represent an unwanted extra space requirement. Placing rEFInd and an ISO-9660 driver in the FAT image file should enable you to store the kernel on the disc only once. Unfortunately, this doesn't work in practice. When the ISO-9660 driver is loaded from the El Torito image, the driver discovers that the optical disc is in use and refuses to access it. It's possible to use EFI shell commands to give the ISO-9660 driver access to the shell device, but this causes the El Torito access to go away, which means that anything loaded from the El Torito image (such as rEFInd) is likely to malfunction. Also, some EFI implementations include ISO-9660 drivers, so you might not need a separate ISO-9660 driver if you're building a disc for a particular computer.
+As already noted, I know of no EFI drivers for EFI hardware, aside from those that are built into motherboards' EFI implementations. I do, however, know of a few EFI filesystem drivers, in addition to those provided with rEFInd:
@@ -230,7 +261,7 @@ fs0: map -rcopyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/features.html b/docs/refind/features.html index 0979f4c..e3496a2 100644 --- a/docs/refind/features.html +++ b/docs/refind/features.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -179,7 +179,7 @@ lack a usable CSM.copyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/getting.html b/docs/refind/getting.html index 0db57ee..1b25ff7 100644 --- a/docs/refind/getting.html +++ b/docs/refind/getting.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -12/31/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -98,7 +98,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comcopyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/index.html b/docs/refind/index.html index b65c355..ad30fa3 100644 --- a/docs/refind/index.html +++ b/docs/refind/index.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -90,48 +90,58 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comThis page describes rEFInd, my fork of the rEFIt boot manager for computers based on the Extensible Firmware Interface (EFI) and Unified EFI (UEFI). Like rEFIt, rEFInd is a boot manager, meaning that it presents a menu of options to the user when the computer first starts up, as shown below. rEFInd is not a boot loader, which is a program that loads an OS kernel and hands off control to it. Many popular boot managers, such as the Grand Unified Bootloader (GRUB), are also boot loaders, which can blur the distinction in many users' minds. rEFInd, though, relies on a separate boot loader to finish the handoff to an OS; it just presents a pretty menu and gives you options for how to proceed prior to booting an OS. All EFI-capable OSes include boot loaders, so this limitation isn't a problem. If you're using Linux, you should be aware that several EFI boot loaders are available, so choosing between them can be a challenge. See my Web page on this topic for more information.
-In theory, EFI implementations should provide boot managers. Unfortunately, in practice these boot managers are often so poor as to be useless. The worst I've personally encountered is on Gigabyte's Hybrid EFI, which provides you with no boot options whatsoever, beyond choosing the boot device (hard disk vs. optical disc, for instance). I've heard of others that are just as bad. For this reason, a good EFI boot manager—either standalone or as part of a boot loader—is a practical necessity for multi-booting on an EFI computer. That's where rEFIt and rEFInd come into play.
I decided to fork the earlier rEFIt project because, although rEFIt is a useful program, it's got several important limitations, such as poor control over the boot loader detection process and an ability to display at most a handful of boot loader entries on its main screen. I fixed a few of these bugs and released a patched version here; however, rEFIt's author, Christoph Pfisterer, didn't respond to my e-mails, and the latest official version of rEFIt, 0.14, was released in March of 2010. Thus, it appears that rEFIt has been abandoned. Forking the project to give rEFIt new features seemed like the thing to do.
The rEFIt Web page has a distinct Mac bias, and the provided binaries work only on Macs because they're 32-/64-bit "fat" binaries, which Macs can handle but UEFI-based PCs can't. rEFIt can be recompiled to work on UEFI-based PCs, but prebuilt binaries for such systems are relatively rare. Although I do own a Mac Mini, my interest lies more on the side of standard PC hardware, and hence with UEFI. My development platform is Linux, and my installation instructions and binaries are much more platform-neutral. I'm aware that many Mac users will consider this a step backward, but I ask their indulgence; I only have so many hours a week to work on this project, and I prefer to devote my efforts to improvements that will benefit all rEFInd users, at least initially.
-As already noted, rEFInd is a boot manager for EFI and UEFI computers. (I use "EFI" to refer to either version unless the distinction is important.) You're likely to benefit from it on computers that boot multiple OSes, such as two or more of Linux, Mac OS X, and Windows. You will not find rEFInd useful on older BIOS-based computers. Prior to mid-2011, few computers outside of Intel-based Macs used EFI; but starting in 2011, computer manufacturers began adopting UEFI in droves, so most computers bought since then use EFI. Even so, many modern PCs support both EFI-style booting and BIOS-style booting, the latter via a BIOS compatibility mode that's known as the Compatibility Support Module (CSM). Thus, you may be using BIOS-style booting on an EFI-based computer. If you're unsure which boot method your computer uses, check the first of the below subsections.
+Subsequent sections of this document are on separate pages. Be aware that you probably don't need to read them all; just skip to the sections that interest you:
+ + +As already noted, rEFInd is a boot manager for EFI and UEFI computers. (I use "EFI" to refer to either version unless the distinction is important.) You're likely to benefit from it on computers that boot multiple OSes, such as two or more of Linux, Mac OS X, and Windows. You will not find rEFInd useful on older BIOS-based computers. Prior to mid-2011, few computers outside of Intel-based Macs used EFI; but starting in 2011, computer manufacturers began adopting UEFI in droves, so most computers bought since then use EFI. Even so, many modern PCs support both EFI-style booting and BIOS-style booting, the latter via a BIOS compatibility mode that's known as the Compatibility Support Module (CSM). Thus, you may be using BIOS-style booting on an EFI-based computer. If you're unsure which boot method your computer uses, check the first of the subsections, What's Your Boot Mode.
+ +Subsequent sections of this document are on separate pages. Be aware that you probably don't need to read them all; just skip to the sections that interest you:
+Note: I consider rEFInd to be beta-quality software! I'm discovering bugs (old and new) and fixing them every few days. That said, rEFInd is a usable program in its current form on many systems. If you have problems, feel free to drop me a line.
@@ -192,7 +202,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comcopyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/installing.html b/docs/refind/installing.html index 5fd14bb..64a89cf 100644 --- a/docs/refind/installing.html +++ b/docs/refind/installing.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -12/31/2012, referencing rEFInd 0.6.2-2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -890,7 +890,7 @@ Boot0007* CD/DVD Drivecopyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/linux.html b/docs/refind/linux.html index cadfc88..103795b 100644 --- a/docs/refind/linux.html +++ b/docs/refind/linux.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/19/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -90,8 +90,38 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comWindows and Mac OS X both provide relatively simple EFI boot loader programs. Launch them, and if they're launched from the correct locations and have the correct files in place, they'll boot their respective OSes. This makes rEFInd's job easy; it just locates the boot loader program files and runs them.
+Under Linux, by contrast, things can get complicated. As detailed on my Managing EFI Boot Loaders for Linux page, several different EFI boot loaders for Linux exist, and all of them require configuration. If you're lucky, your distribution will have set up a Linux boot loader in a sensible way, in which case rEFInd should detect it and it will work as easily as a Windows or Mac OS X boot loader. If you're not lucky, though, you may need to configure it further. rEFInd offers options to help out with this task. Naturally, rEFInd supports traditional Linux boot loaders. It works even better with the Linux EFI stub loader, so I provide instructions on starting with it. For those interested in manual configuration, I also provide detailed instructions on how the EFI stub support works and how to configure it.
@@ -105,7 +135,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comIf you prefer, you can disable automatic scanning and create an entry in refind.conf for your distribution, as described on the Configuring the Boot Manager page. This method is harder to set up but can be preferable if you want to customize your options.
-The EFI stub loader is basic and reliable, but it requires some setup to use it on some computers. I describe three methods of using it: an easiest method for those with compatible partition and filesystem layouts, a quick test configuration for those without such a layout, and a long-term setup for those without the ideal setup.
@@ -135,7 +165,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comWhen you reboot, you should see rEFInd options for your Linux kernels. If they work, your job is done, although you might want to apply some of the tweaks described in the maintenance-free setup section. If you have problems, you may need to adjust the refind_linux.conf file, as described in the detailed configuration section.
-If you're not sure you want to use the EFI stub loader in the long term, you can perform a fairly quick initial test of it. This procedure assumes that you have access to a 3.3.0 or later Linux kernel with EFI stub support compiled into it. (Fedora 17, Ubuntu 12.10, and probably other distributions ship with such kernels.) Creating this configuration poses no risk to your current boot options, provided you don't accidentally delete existing files. The procedure for a quick test is:
@@ -172,8 +202,8 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comYou can continue to boot your computer with this type of configuration; however, the drawback is that you'll need to copy your kernel whenever it's updated. This can be a hassle. A better way is to configure you system so that the EFI, and therefore rEFInd, can read your Linux /boot directory, where most Linux distributions place their kernels.
- -If your /boot directory happens to be on an XFS, JFS, or Btrfs partition that the EFI can't read, or it's tucked away in an LVM or RAID configuration that the EFI can't read, you won't be able to use the easiest solution. Fortunately, this problem can be overcome with relatively little fuss. Several variant procedures are possible, but I begin by describing one that will almost always work, although it's got some important caveats (described at the end). You should perform the following steps as root, or precede each of these commands with sudo:
diff --git a/docs/refind/refind.png b/docs/refind/refind.png index 230dbb2..3b4f607 100644 Binary files a/docs/refind/refind.png and b/docs/refind/refind.png differ diff --git a/docs/refind/revisions.html b/docs/refind/revisions.html index b457e26..6fa12ea 100644 --- a/docs/refind/revisions.html +++ b/docs/refind/revisions.html @@ -14,7 +14,7 @@by Roderick W. Smith, rodsmith@rodsbooks.com
-Last Web page update: 12/30/2012
+Last Web page update: 1/6/2013
I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -92,6 +92,8 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comcopyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/secureboot.html b/docs/refind/secureboot.html index 1380c74..2a24b48 100644 --- a/docs/refind/secureboot.html +++ b/docs/refind/secureboot.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 11/13/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -92,6 +92,24 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com + +If you're using a computer that supports Secure Boot, you may run into extra complications. This feature is intended to make it difficult for malware to insert itself early into the computer's boot process. Unfortunately, it also complicates multi-boot configurations such as those that rEFInd is intended to manage. This page describes some secure boot basics and two specific aspects of rEFInd and its interactions with Secure Boot: installation issues and MOK management. It concludes with a look at known bugs and limitations in rEFInd's Secure Boot features.
@@ -108,7 +126,7 @@ described on this page currently supports only x86-64, notThrough 2012, it became obvious that Secure Boot would be a feature that was controlled, to a large extent, by Microsoft. This is because Microsoft requires that non-server computers that display Windows 8 logos ship with Secure Boot enabled. As a practical matter, this also means that such computers ship with Microsoft's keys in their firmware. In the absence of an industry-standard body to manage the signing of Secure Boot keys, this means that Microsoft's key is the only one that's more-or-less guaranteed to be installed on the computer, thus blocking the ability to boot any OS that lacks a boot path through Microsoft's signing key.
-Fortunately, Microsoft will sign third-party binaries with their key. A payment of $99 to Verisign enables a software distributor to sign as many binaries as desired. Red Hat (Fedora), Novell (SUSE), and Canonical (Ubuntu) have all announced plans to take advantage of this system. Unfortunately, using a third-party signing service is an awkward solution for open source software. In fact, for this very reason Red Hat has developed a program that it calls shim that essentially shifts the Secure Boot "train" from Microsoft's proprietary "track" to one that's more friendly to open source authors. Shim is signed by Microsoft and redirects the boot process to another boot loader that can be signed with keys that the distribution maintains and that are built into shim. Fedora 18 is expected to use this system. SUSE has announced that it will use the same system, as does Ubuntu with version 12.10 and later. SUSE has contributed to the shim approach by providing expansions to shim that support a set of keys that users can maintain themselves. These keys are known as Machine Owner Keys (MOKs), and managing them is described later, in Managing MOKs. To reiterate, then, there are potentially three ways to sign a binary that will get it launched on a computer that uses shim:
+Fortunately, Microsoft will sign third-party binaries with their key—or more precisely, with a key that Microsoft uses to sign third-party binaries. (Microsoft uses another key to sign its own binaries, and some devices, such as the Microsoft Surface tablet, lack the third-party Microsoft key.) A payment of $99 to Verisign enables a software distributor to sign as many binaries as desired. Red Hat (Fedora), Novell (SUSE), and Canonical (Ubuntu) have all announced plans to take advantage of this system. Unfortunately, using a third-party signing service is an awkward solution for open source software. In fact, for this very reason Red Hat has developed a program that it calls shim that essentially shifts the Secure Boot "train" from Microsoft's proprietary "track" to one that's more friendly to open source authors. Shim is signed by Microsoft and redirects the boot process to another boot loader that can be signed with keys that the distribution maintains and that are built into shim. Fedora 18 is expected to use this system. SUSE has announced that it will use the same system, as does Ubuntu with version 12.10 and later. SUSE has contributed to the shim approach by providing expansions to shim that support a set of keys that users can maintain themselves. These keys are known as Machine Owner Keys (MOKs), and managing them is described later, in Managing MOKs. To reiterate, then, there are potentially three ways to sign a binary that will get it launched on a computer that uses shim:
copyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/themes.html b/docs/refind/themes.html index 6ad5599..43bb32f 100644 --- a/docs/refind/themes.html +++ b/docs/refind/themes.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 4/19/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -134,7 +134,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comcopyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/todo.html b/docs/refind/todo.html index bbf0d54..4eab151 100644 --- a/docs/refind/todo.html +++ b/docs/refind/todo.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -190,38 +190,12 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com and/or initial RAM disks relative to the rEFInd directory (or the boot loader's directory, in the case of initrds).copyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/docs/refind/using.html b/docs/refind/using.html index 8227ca1..85c2ed2 100644 --- a/docs/refind/using.html +++ b/docs/refind/using.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comOriginally written: 3/14/2012; last Web page update: -12/30/2012, referencing rEFInd 0.6.2
+1/6/2013, referencing rEFInd 0.6.3I'm a technical writer and consultant specializing in Linux technologies. This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!
@@ -90,19 +90,43 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comFor the most part, rEFInd is easy to use; just use your keyboard's arrow keys to select the OS you want to boot or the utility you want to launch and press the Enter key. A few details aren't entirely intuitive, though, so this page describes them.
+ +With rEFInd in place and added to your firmware's list of boot utilities, you can reboot your computer. Depending on your configuration, rEFInd may come up immediately or you may need to select it from your firmware's boot options or reconfigure your firmware to present rEFInd automatically. Unfortunately, I can't offer much specific advice on this score, since EFI implementations differ so much in their user interfaces.
Assuming rEFInd starts up correctly, you should see its main screen, which resembles the following:
-If you don't press any key before the timeout (shown on the last line) expires, the default boot loader will launch. This is normally the first item in the menu, but you can adjust the default by editing the configuration file. (In this example, it's the SUSE loader, which is further identified by text above the timeout as Linux 3.3.0-rc7 from ESP.)
+If you don't press any key before the timeout (shown on the last line) expires, the default boot loader will launch. This is normally the first item in the menu, but you can adjust the default by editing the configuration file. (In this example, it's the SUSE loader, which is further identified by text above the timeout as vmlinuz-3.4.6-2.10-desktop from SUSE boot.)
-This display is dominated by the central set of OS tags (icons), which in this example includes tags for OS X, Windows, Ubuntu, a generic Linux installation (ELILO, in fact), SUSE, and an unkown boot loader. All but the last of these are on hard disks, but the unknown boot loader is on an optical disc, as revealed by the small icons (known as badges) in the lower-right corner of the OS icons.
+This display is dominated by the central set of OS tags (icons), which in this example includes tags for OS X, Windows, SUSE, and an unkown boot loader. All but the last of these are on hard disks, but the unknown boot loader is on an optical disc, as revealed by the small icons (known as badges) in the lower-right corner of the OS icons.
In this example, the SUSE tag is selected. You can move the selection left by pressing the left arrow key and right by pressing the right arrow key. If your system has many boot loaders, an arrow icon will appear to the right of the boot loader list, indicating that the boot loader list will scroll when you move off the right edge. If you do this, an arrow icon will appear to the left of the icon list, indicating that you can scroll back in a similar manner. You can scroll the list by one line full of icons by using the Page Up or Page Down keys to move left and right, respectively. Moving past the final selection or using the down arrow key moves the selection to the second row of small tags, which launch ancillary programs or perform special actions. If you've moved the selection cursor to the second row, pressing the up arrow key or scrolling past the left edge of the second row moves the cursor to the top row. In this figure, these five tags are present:
@@ -110,9 +134,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comThe last three of these options are always available by default, but the first depends on the presence of the EFI shell program file, as described earlier. To get the gptsync icon, you must install gptsync.efi and adjust the showtools option in refind.conf, as well.
+The last three of these options are always available by default, but the first depends on the presence of the EFI shell program file, as described earlier. To get the MokManager icon, you must install MokManager.efi, as well. Other ancillary tags may be present on other computers.
-To launch an OS or utility, you should select its tag and then press the Enter key. If you press the Insert key, rEFInd will show a menu that may hold additional options, depending on the OS type. The following figure shows the submenu for Mac OS X. You can use this menu much like the main menu; move the cursor to select the option you want to use, then press the Enter key to launch the boot loader with the selected options. Press the Esc key or select Return to Main Menu to return to the main menu. You can also press the Insert key again to edit your boot loader options. A simple text-mode line editor opens, enabling you to move a curso back and forth in the line with your arrow keys, delete text, and type in new text. If you want to boot with your edited options, press the Enter key. If you decide you picked the wrong entry, press the Esc key.
+To launch an OS or utility, you should select its tag and then press the Enter key. If you press the Insert, F2, or + key, rEFInd will show a menu that may hold additional options, depending on the OS type. The following figure shows the submenu for Mac OS X. You can use this menu much like the main menu; move the cursor to select the option you want to use, then press the Enter key to launch the boot loader with the selected options. Press the Esc key or select Return to Main Menu to return to the main menu. You can also press the Insert key again to edit your boot loader options. A simple text-mode line editor opens, enabling you to move a cursor back and forth in the line with your arrow keys, delete text, and type in new text. If you want to boot with your edited options, press the Enter key. If you decide you picked the wrong entry, press the Esc key.
Ordinarily, rEFInd displays tags for OSes it finds on internal hard disks, external hard disks (including USB flash drives, CF disks, and so on), and optical discs. Sometimes, though, the firmware hasn't had time to fully examine these devices by the time rEFInd starts; or you might only insert or plug in the media after rEFInd appears. In these cases, you can press the Esc key to have rEFInd re-read its configuration file and re-scan your media for boot loaders. This action can take a few seconds to complete, so be patient. You can also use this feature to detect OSes if you launch a shell and use it to load a driver or edit the refind.conf file. If you regularly need to press Esc, you might look into the scan_delay configuration file option, described on the Configuring the Boot Manager page.
+On some computers, the firmware doesn't mount external USB media unless you adjust a firmware option or use the EFI's own boot manager prior to launching rEFInd. If you don't see external media appear in rEFInd's list, consult your computer's manual or examine its firmware to locate a relevant option.
+If your computer supports Secure Boot, you may find that some of your OSes and tools won't work; they'll produce Access Denied error messages. You can overcome this problem by creating a signing key, signing your binaries with it, and adding the public version of that key to your machine owner key (MOK) list. This process is described on the Managing Secure Boot page.
+Although most rEFInd features can be activated via fairly obvious keyboard actions, some are not obvious. Table 1 summarizes the keystrokes that rEFInd accepts, and the action that each keystroke invokes.
@@ -265,7 +291,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.comcopyright © 2012 by Roderick W. Smith
+copyright © 2012–2013 by Roderick W. Smith
This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.
diff --git a/filesystems/fsw_efi.c b/filesystems/fsw_efi.c index 21dafd4..5aa2936 100644 --- a/filesystems/fsw_efi.c +++ b/filesystems/fsw_efi.c @@ -98,7 +98,7 @@ EFI_GUID gEfiFileSystemVolumeLabelInfoIdGuid = EFI_FILE_SYSTEM_VOLUME_LABEL_INFO /** Helper macro for stringification. */ #define FSW_EFI_STRINGIFY(x) #x /** Expands to the EFI driver name given the file system type name. */ -#define FSW_EFI_DRIVER_NAME(t) L"rEFInd 0.6.2.1 " FSW_EFI_STRINGIFY(t) L" File System Driver" +#define FSW_EFI_DRIVER_NAME(t) L"rEFInd 0.6.3 " FSW_EFI_STRINGIFY(t) L" File System Driver" // function prototypes diff --git a/mvrefind.sh b/mvrefind.sh index 7c955bd..b1e14ec 100755 --- a/mvrefind.sh +++ b/mvrefind.sh @@ -24,8 +24,8 @@ SourceIA32="refind_ia32.efi" TargetIA32=$SourceIA32 SourceShim="shim.efi" TargetShim=$SourceShim -SourceDir=${1} -TargetDir=${2} +SourceDir=`readlink -f ${1}` +TargetDir=`readlink -f ${2}` # Identifies the ESP's location (/boot or /boot/efi); aborts if the ESP isn't # mounted at either location. Also splits the ESP location from SourceDir and diff --git a/refind.conf-sample b/refind.conf-sample index 0f580be..424b8c4 100644 --- a/refind.conf-sample +++ b/refind.conf-sample @@ -167,12 +167,14 @@ timeout 20 # for additional boot loaders, but it doesn't recurse into these directories. # The also_scan_dirs token adds more directories to the scan list. # Directories are specified relative to the volume's root directory. This -# option applies to ALL the volumes that rEFInd scans. If a specified -# directory doesn't exist, it's ignored (no error condition results). -# The default is to scan the "boot" directory in addition to various -# hard-coded directories. +# option applies to ALL the volumes that rEFInd scans UNLESS you include +# a volume name and colon before the directory name, as in "myvol:/somedir" +# to scan the somedir directory only on the filesystem named myvol. If a +# specified directory doesn't exist, it's ignored (no error condition +# results). The default is to scan the "boot" directory in addition to +# various hard-coded directories. # -#also_scan_dirs boot,EFI/linux/kernels +#also_scan_dirs boot,ESP2:EFI/linux/kernels # Partitions to omit from scans. You must specify a volume by its # label, which you can obtain in an EFI shell by typing "vol", from @@ -191,9 +193,12 @@ timeout 20 # or non-bootloader utilities provided by a hardware manufacturer. If # a directory is listed both here and in also_scan_dirs, dont_scan_dirs # takes precedence. Note that this blacklist applies to ALL the -# filesystems that rEFInd scans, not just the ESP. +# filesystems that rEFInd scans, not just the ESP, unless you precede +# the directory name by a filesystem name, as in "myvol:EFI/somedir" +# to exclude EFI/somedir from the scan on the myvol volume but not on +# other volumes. # -#dont_scan_dirs EFI/boot,EFI/Dell +#dont_scan_dirs ESP:/EFI/boot,EFI/Dell # Files that should NOT be included as EFI boot loaders (on the # first line of the display). If you're using a boot loader that diff --git a/refind.spec b/refind.spec index 3aa912f..07d5a23 100644 --- a/refind.spec +++ b/refind.spec @@ -1,6 +1,6 @@ Summary: EFI boot manager software Name: refind -Version: 0.6.2.1 +Version: 0.6.3 Release: 1%{?dist} License: GPLv3 URL: http://www.rodsbooks.com/refind/ @@ -107,6 +107,7 @@ install -Dp -m0755 mvrefind.sh $RPM_BUILD_ROOT/usr/sbin/ /etc/refind.d/ %post +env PATH=$PATH:/usr/local/bin # Remove any existing NVRAM entry for rEFInd, to avoid creating a duplicate. ExistingEntry=`efibootmgr | grep "rEFInd Boot Manager" | cut -c 5-8` diff --git a/refind/config.c b/refind/config.c index 81f87dd..99b9f7a 100644 --- a/refind/config.c +++ b/refind/config.c @@ -348,8 +348,6 @@ VOID ReadConfig(CHAR16 *FileName) if (StriCmp(FileName, CONFIG_FILE_NAME) == 0) { MyFreePool(GlobalConfig.AlsoScan); GlobalConfig.AlsoScan = StrDuplicate(ALSO_SCAN_DIRS); -// MyFreePool(GlobalConfig.DontScanVolumes); -// GlobalConfig.DontScanVolumes = StrDuplicate(L" "); MyFreePool(GlobalConfig.DontScanDirs); if (SelfVolume->VolName) { SelfPath = StrDuplicate(SelfVolume->VolName); diff --git a/refind/lib.c b/refind/lib.c index 3c9e4c4..7d6a29a 100644 --- a/refind/lib.c +++ b/refind/lib.c @@ -921,15 +921,15 @@ static VOID ScanExtendedPartition(REFIT_VOLUME *WholeDiskVolume, MBR_PARTITION_I VOID ScanVolumes(VOID) { EFI_STATUS Status; - UINTN HandleCount = 0; - UINTN HandleIndex; EFI_HANDLE *Handles; REFIT_VOLUME *Volume, *WholeDiskVolume; - UINTN VolumeIndex, VolumeIndex2; MBR_PARTITION_INFO *MbrTable; + UINTN HandleCount = 0; + UINTN HandleIndex; + UINTN VolumeIndex, VolumeIndex2; UINTN PartitionIndex; - UINT8 *SectorBuffer1, *SectorBuffer2; UINTN SectorSum, i, VolNumber = 0; + UINT8 *SectorBuffer1, *SectorBuffer2; MyFreePool(Volumes); Volumes = NULL; @@ -951,6 +951,8 @@ VOID ScanVolumes(VOID) ScanVolume(Volume); if (Volume->IsReadable) Volume->VolNumber = VolNumber++; + else + Volume->VolNumber = VOL_UNREADABLE; AddListElement((VOID ***) &Volumes, &VolumesCount, Volume); diff --git a/refind/lib.h b/refind/lib.h index 35a3740..369d3a8 100644 --- a/refind/lib.h +++ b/refind/lib.h @@ -73,6 +73,9 @@ typedef struct { #define DISK_KIND_EXTERNAL (1) #define DISK_KIND_OPTICAL (2) +#define VOL_DONTSCAN 998 +#define VOL_UNREADABLE 999 + #define IS_EXTENDED_PART_TYPE(type) ((type) == 0x05 || (type) == 0x0f || (type) == 0x85) EFI_STATUS InitRefitLib(IN EFI_HANDLE ImageHandle); diff --git a/refind/main.c b/refind/main.c index 290d73e..46062c7 100644 --- a/refind/main.c +++ b/refind/main.c @@ -64,10 +64,6 @@ // // variables -// #ifdef EFIX64 -// foo -// #endif - #define MACOSX_LOADER_PATH L"System\\Library\\CoreServices\\boot.efi" #if defined (EFIX64) #define SHELL_NAMES L"\\EFI\\tools\\shell.efi,\\EFI\\tools\\shellx64.efi,\\shellx64.efi" @@ -132,7 +128,7 @@ static VOID AboutrEFInd(VOID) if (AboutMenu.EntryCount == 0) { AboutMenu.TitleImage = BuiltinIcon(BUILTIN_ICON_FUNC_ABOUT); - AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.6.2.3"); + AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.6.3"); AddMenuInfoLine(&AboutMenu, L""); AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2006-2010 Christoph Pfisterer"); AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2012 Roderick W. Smith"); @@ -896,7 +892,8 @@ static VOID CleanUpLoaderList(struct LOADER_LIST *LoaderList) { // Returns FALSE if the specified file/volume matches the GlobalConfig.DontScanDirs // or GlobalConfig.DontScanVolumes specification, or if Path points to a volume // other than the one specified by Volume. Returns TRUE if none of these conditions -// is true. Also reduces *Path to a path alone, with no volume specification. +// is met -- that is, if the path is eligible for scanning. Also reduces *Path to a +// path alone, with no volume specification. static BOOLEAN ShouldScan(REFIT_VOLUME *Volume, CHAR16 *Path) { CHAR16 *VolName = NULL, *DontScanDir; UINTN i = 0, VolNum; @@ -911,7 +908,7 @@ static BOOLEAN ShouldScan(REFIT_VOLUME *Volume, CHAR16 *Path) { if (VolName != NULL) { if ((StriCmp(VolName, Volume->VolName) == 0) && (StriCmp(DontScanDir, Path) == 0)) ScanIt = FALSE; - if ((VolName[0] == L'f') && (VolName[1] == L's') && (VolName[2] >= L'0') && (VolName[2] <= '9')) { + if ((VolName[0] == L'f') && (VolName[1] == L's') && (VolName[2] >= L'0') && (VolName[2] <= L'9')) { VolNum = Atoi(VolName + 2); if ((VolNum == Volume->VolNumber) && (StriCmp(DontScanDir, Path) == 0)) ScanIt = FALSE; @@ -985,7 +982,7 @@ static VOID ScanEfiFiles(REFIT_VOLUME *Volume) { REFIT_DIR_ITER EfiDirIter; EFI_FILE_INFO *EfiDirEntry; CHAR16 FileName[256], *Directory, *MatchPatterns, *VolName = NULL; - UINTN i, Length; + UINTN i, Length, VolNum; MatchPatterns = StrDuplicate(LOADER_MATCH_PATTERNS); if (GlobalConfig.ScanAllLinux) @@ -1031,10 +1028,13 @@ static VOID ScanEfiFiles(REFIT_VOLUME *Volume) { // Scan user-specified (or additional default) directories.... i = 0; while ((Directory = FindCommaDelimited(GlobalConfig.AlsoScan, i++)) != NULL) { + VolNum = VOL_DONTSCAN; SplitVolumeAndFilename(&Directory, &VolName); CleanUpPathNameSlashes(Directory); Length = StrLen(Directory); - if ((Length > 0) && ((VolName == NULL) || (StriCmp(VolName, Volume->VolName) == 0))) + if ((Length > 0) && (VolName[0] == L'f') && (VolName[1] == L's') && (VolName[2] >= L'0') && (VolName[2] <= L'9')) + VolNum = Atoi(VolName + 2); + if ((Length > 0) && ((VolName == NULL) || (StriCmp(VolName, Volume->VolName) == 0) || (Volume->VolNumber == VolNum))) ScanLoaderDir(Volume, Directory, MatchPatterns); MyFreePool(Directory); MyFreePool(VolName);