]> code.delx.au - refind/blob - install.sh
delx.au / code / refind / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Version 0.6.9 release
[refind] / install.sh
1 #!/bin/bash
2 #
3 # Linux/MacOS X script to install rEFInd
4 #
5 # Usage:
6 #
7 # ./install.sh [options]
8 #
9 # options include:
10 # "--esp" to install to the ESP rather than to the system's root
11 # filesystem. This is the default on Linux
12 # "--usedefault {devicefile}" to install as default
13 # (/EFI/BOOT/BOOTX64.EFI and similar) to the specified device
14 # (/dev/sdd1 or whatever) without registering with the NVRAM.
15 # "--alldrivers" to install all drivers along with regular files
16 # "--nodrivers" to suppress driver installation (default in Linux is
17 # driver used on /boot; --nodrivers is OS X default)
18 # "--shim {shimfile}" to install a shim.efi file for Secure Boot
19 # "--localkeys" to re-sign x86-64 binaries with a locally-generated key
20 #
21 # The "esp" option is valid only on Mac OS X; it causes
22 # installation to the EFI System Partition (ESP) rather than
23 # to the current OS X boot partition. Under Linux, this script
24 # installs to the ESP by default.
25 #
26 # This program is copyright (c) 2012 by Roderick W. Smith
27 # It is released under the terms of the GNU GPL, version 3,
28 # a copy of which should be included in the file COPYING.txt.
29 #
30 # Revision history:
31 #
32 # 0.6.9 -- Install gptsync on Macs if evidence of Windows found
33 # 0.6.8 -- Bug fix: ESP scan now uses "uniq".
34 # 0.6.6 -- Bug fix: Upgrade drivers when installed to EFI/BOOT. Also enable
35 # copying shim.efi and MokManager.efi over themselves.
36 # 0.6.4 -- Copies ext2 driver rather than ext4 driver for ext2/3fs
37 # 0.6.3 -- Support for detecting rEFInd in EFI/BOOT and EFI/Microsoft/Boot
38 # directories & for installing to EFI/BOOT in BIOS mode
39 # 0.6.2-1 -- Added --yes option & tweaked key-copying for use with RPM install script
40 # 0.6.1 -- Added --root option; minor bug fixes
41 # 0.6.0 -- Changed --drivers to --alldrivers and added --nodrivers option;
42 # changed default driver installation behavior in Linux to install
43 # the driver needed to read /boot (if available)
44 # 0.5.1.2 -- Fixed bug that caused failure to generate refind_linux.conf file
45 # 0.5.1.1 -- Fixed bug that caused script failure under OS X
46 # 0.5.1 -- Added --shim & --localkeys options & create sample refind_linux.conf
47 # in /boot
48 # 0.5.0 -- Added --usedefault & --drivers options & changed "esp" option to "--esp"
49 # 0.4.5 -- Fixed check for rEFItBlesser in OS X
50 # 0.4.2 -- Added notice about BIOS-based OSes & made NVRAM changes in Linux smarter
51 # 0.4.1 -- Added check for rEFItBlesser in OS X
52 # 0.3.3.1 -- Fixed OS X 10.7 bug; also works as make target
53 # 0.3.2.1 -- Check for presence of source files; aborts if not present
54 # 0.3.2 -- Initial version
55 #
56 # Note: install.sh version numbers match those of the rEFInd package
57 # with which they first appeared.
58
59 RootDir="/"
60 TargetDir=/EFI/refind
61 LocalKeysBase="refind_local"
62 ShimSource="none"
63 TargetShim="default"
64 TargetX64="refind_x64.efi"
65 TargetIA32="refind_ia32.efi"
66 LocalKeys=0
67 DeleteRefindDir=0
68 AlwaysYes=0
69
70 #
71 # Functions used by both OS X and Linux....
72 #
73
74 GetParams() {
75 InstallToEspOnMac=0
76 if [[ $OSName == "Linux" ]] ; then
77 # Install the driver required to read /boot, if it's available
78 InstallDrivers="boot"
79 else
80 InstallDrivers="none"
81 fi
82 while [[ $# -gt 0 ]]; do
83 case $1 in
84 --esp | --ESP) InstallToEspOnMac=1
85 ;;
86 --usedefault) TargetDir=/EFI/BOOT
87 TargetPart=$2
88 TargetX64="bootx64.efi"
89 TargetIA32="bootia32.efi"
90 shift
91 ;;
92 --root) RootDir=$2
93 shift
94 ;;
95 --localkeys) LocalKeys=1
96 ;;
97 --shim) ShimSource=$2
98 shift
99 ;;
100 --drivers | --alldrivers) InstallDrivers="all"
101 ;;
102 --nodrivers) InstallDrivers="none"
103 ;;
104 --yes) AlwaysYes=1
105 ;;
106 * ) echo "Usage: $0 [--esp | --usedefault {device-file} | --root {directory} ]"
107 echo " [--nodrivers | --alldrivers] [--shim {shim-filename}]"
108 echo " [--localkeys] [--yes]"
109 exit 1
110 esac
111 shift
112 done
113
114 if [[ $InstallToEspOnMac == 1 && $TargetDir == '/EFI/BOOT' ]] ; then
115 echo "You may use --esp OR --usedefault, but not both! Aborting!"
116 exit 1
117 fi
118 if [[ $RootDir != '/' && $TargetDir == '/EFI/BOOT' ]] ; then
119 echo "You may use --usedefault OR --root, but not both! Aborting!"
120 exit 1
121 fi
122 if [[ $RootDir != '/' && $InstallToEspOnMac == 1 ]] ; then
123 echo "You may use --root OR --esp, but not both! Aborting!"
124 exit 1
125 fi
126
127 RLConfFile="$RootDir/boot/refind_linux.conf"
128 EtcKeysDir="$RootDir/etc/refind.d/keys"
129 } # GetParams()
130
131 # Get a yes/no response from the user and place it in the YesNo variable.
132 # If the AlwaysYes variable is set to 1, skip the user input and set "Y"
133 # in the YesNo variable.
134 ReadYesNo() {
135 if [[ $AlwaysYes == 1 ]] ; then
136 YesNo="Y"
137 echo "Y"
138 else
139 read YesNo
140 fi
141 }
142
143 # Abort if the rEFInd files can't be found.
144 # Also sets $ConfFile to point to the configuration file,
145 # $IconsDir to point to the icons directory, and
146 # $ShimSource to the source of the shim.efi file (if necessary).
147 CheckForFiles() {
148 # Note: This check is satisfied if EITHER the 32- or the 64-bit version
149 # is found, even on the wrong platform. This is because the platform
150 # hasn't yet been determined. This could obviously be improved, but it
151 # would mean restructuring lots more code....
152 if [[ ! -f $RefindDir/refind_ia32.efi && ! -f $RefindDir/refind_x64.efi ]] ; then
153 echo "The rEFInd binary file is missing! Aborting installation!"
154 exit 1
155 fi
156
157 if [[ -f $RefindDir/refind.conf-sample ]] ; then
158 ConfFile=$RefindDir/refind.conf-sample
159 elif [[ -f $ThisDir/refind.conf-sample ]] ; then
160 ConfFile=$ThisDir/refind.conf-sample
161 else
162 echo "The sample configuration file is missing! Aborting installation!"
163 exit 1
164 fi
165
166 if [[ -d $RefindDir/icons ]] ; then
167 IconsDir=$RefindDir/icons
168 elif [[ -d $ThisDir/icons ]] ; then
169 IconsDir=$ThisDir/icons
170 else
171 echo "The icons directory is missing! Aborting installation!"
172 exit 1
173 fi
174
175 if [[ $ShimSource != "none" ]] ; then
176 if [[ -f $ShimSource ]] ; then
177 TargetX64="grubx64.efi"
178 MokManagerSource=`dirname $ShimSource`/MokManager.efi
179 else
180 echo "The specified shim file, $ShimSource, doesn't exist!"
181 echo "Aborting installation!"
182 exit 1
183 fi
184 fi
185 } # CheckForFiles()
186
187 # Helper for CopyRefindFiles; copies shim files (including MokManager, if it's
188 # available) to target.
189 CopyShimFiles() {
190 cp -fb $ShimSource $InstallDir/$TargetDir/$TargetShim
191 if [[ $? != 0 ]] ; then
192 Problems=1
193 fi
194 if [[ -f $MokManagerSource ]] ; then
195 cp -fb $MokManagerSource $InstallDir/$TargetDir/
196 fi
197 if [[ $? != 0 ]] ; then
198 Problems=1
199 fi
200 } # CopyShimFiles()
201
202 # Copy the public keys to the installation medium
203 CopyKeys() {
204 if [[ $LocalKeys == 1 ]] ; then
205 mkdir -p $InstallDir/$TargetDir/keys/
206 cp $EtcKeysDir/$LocalKeysBase.cer $InstallDir/$TargetDir/keys/
207 cp $EtcKeysDir/$LocalKeysBase.crt $InstallDir/$TargetDir/keys/
208 # else
209 # cp $ThisDir/refind.cer $InstallDir/$TargetDir/keys/
210 # cp $ThisDir/refind.crt $InstallDir/$TargetDir/keys/
211 fi
212 } # CopyKeys()
213
214 # Copy drivers from $RefindDir/drivers_$1 to $InstallDir/$TargetDir/drivers_$1,
215 # honoring the $InstallDrivers condition. Must be passed a suitable
216 # architecture code (ia32 or x64).
217 CopyDrivers() {
218 if [[ $InstallDrivers == "all" ]] ; then
219 mkdir -p $InstallDir/$TargetDir/drivers_$1
220 cp $RefindDir/drivers_$1/*_$1.efi $InstallDir/$TargetDir/drivers_$1/ 2> /dev/null
221 cp $ThisDir/drivers_$1/*_$1.efi $InstallDir/$TargetDir/drivers_$1/ 2> /dev/null
222 elif [[ $InstallDrivers == "boot" && -x `which blkid` ]] ; then
223 BootPart=`df /boot | grep dev | cut -f 1 -d " "`
224 BootFS=`blkid -o export $BootPart 2> /dev/null | grep TYPE= | cut -f 2 -d =`
225 DriverType=""
226 case $BootFS in
227 ext2 | ext3) DriverType="ext2"
228 # Could use ext4, but that can create unwanted entries from symbolic
229 # links in / to /boot/vmlinuz if a separate /boot partition is used.
230 ;;
231 ext4) DriverType="ext4"
232 ;;
233 reiserfs) DriverType="reiserfs"
234 ;;
235 hfsplus) DriverType="hfs"
236 ;;
237 *) BootFS=""
238 esac
239 if [[ -n $BootFS ]] ; then
240 echo "Installing driver for $BootFS (${DriverType}_$1.efi)"
241 mkdir -p $InstallDir/$TargetDir/drivers_$1
242 cp $RefindDir/drivers_$1/${DriverType}_$1.efi $InstallDir/$TargetDir/drivers_$1/ 2> /dev/null
243 cp $ThisDir/drivers_$1/${DriverType}_$1.efi $InstallDir/$TargetDir/drivers_$1/ 2> /dev/null
244 fi
245 fi
246 }
247
248 # Copy tools (currently only gptsync, and that only on Macs) to the EFI/tools
249 # directory on the ESP. Must be passed a suitable architecture code (ia32
250 # or x64).
251 CopyTools() {
252 mkdir -p $InstallDir/EFI/tools
253 if [[ $OSName == 'Darwin' ]] ; then
254 cp -f $RefindDir/tools_$1/gptsync_$1.efi $InstallDir/EFI/tools/
255 if [[ -f $InstallDir/EFI/tools/gptsync.efi ]] ; then
256 mv $InstallDir/EFI/tools/gptsync.efi $InstallDir/EFI/tools/gptsync.efi-disabled
257 echo "Found old gptsync.efi; disabling it by renaming it to gptsync.efi-disabled"
258 fi
259 fi
260 } # CopyTools()
261
262 # Copy the rEFInd files to the ESP or OS X root partition.
263 # Sets Problems=1 if any critical commands fail.
264 CopyRefindFiles() {
265 mkdir -p $InstallDir/$TargetDir
266 if [[ $TargetDir == '/EFI/BOOT' ]] ; then
267 cp $RefindDir/refind_ia32.efi $InstallDir/$TargetDir/$TargetIA32 2> /dev/null
268 if [[ $? != 0 ]] ; then
269 echo "Note: IA32 (x86) binary not installed!"
270 fi
271 cp $RefindDir/refind_x64.efi $InstallDir/$TargetDir/$TargetX64 2> /dev/null
272 if [[ $? != 0 ]] ; then
273 Problems=1
274 fi
275 if [[ $ShimSource != "none" ]] ; then
276 TargetShim="bootx64.efi"
277 CopyShimFiles
278 fi
279 if [[ $InstallDrivers == "all" ]] ; then
280 cp -r $RefindDir/drivers_* $InstallDir/$TargetDir/ 2> /dev/null
281 cp -r $ThisDir/drivers_* $InstallDir/$TargetDir/ 2> /dev/null
282 elif [[ $Upgrade == 1 ]] ; then
283 if [[ $Platform == 'EFI64' ]] ; then
284 CopyDrivers x64
285 CopyTools x64
286 else
287 CopyDrivers ia32
288 CopyTools ia32
289 fi
290 fi
291 Refind=""
292 CopyKeys
293 elif [[ $Platform == 'EFI64' || $TargetDir == "/EFI/Microsoft/Boot" ]] ; then
294 cp $RefindDir/refind_x64.efi $InstallDir/$TargetDir/$TargetX64
295 if [[ $? != 0 ]] ; then
296 Problems=1
297 fi
298 CopyDrivers x64
299 CopyTools x64
300 Refind="refind_x64.efi"
301 CopyKeys
302 if [[ $ShimSource != "none" ]] ; then
303 if [[ $TargetShim == "default" ]] ; then
304 TargetShim=`basename $ShimSource`
305 fi
306 CopyShimFiles
307 Refind=$TargetShim
308 if [[ $LocalKeys == 0 ]] ; then
309 echo "Storing copies of rEFInd Secure Boot public keys in $EtcKeysDir"
310 mkdir -p $EtcKeysDir
311 cp $ThisDir/keys/refind.cer $EtcKeysDir 2> /dev/null
312 cp $ThisDir/keys/refind.crt $EtcKeysDir 2> /dev/null
313 fi
314 fi
315 elif [[ $Platform == 'EFI32' ]] ; then
316 cp $RefindDir/refind_ia32.efi $InstallDir/$TargetDir/$TargetIA32
317 if [[ $? != 0 ]] ; then
318 Problems=1
319 fi
320 CopyDrivers ia32
321 CopyTools ia32
322 Refind="refind_ia32.efi"
323 else
324 echo "Unknown platform! Aborting!"
325 exit 1
326 fi
327 echo "Copied rEFInd binary files"
328 echo ""
329 if [[ -d $InstallDir/$TargetDir/icons ]] ; then
330 rm -rf $InstallDir/$TargetDir/icons-backup &> /dev/null
331 mv -f $InstallDir/$TargetDir/icons $InstallDir/$TargetDir/icons-backup
332 echo "Notice: Backed up existing icons directory as icons-backup."
333 fi
334 cp -r $IconsDir $InstallDir/$TargetDir
335 if [[ $? != 0 ]] ; then
336 Problems=1
337 fi
338 mkdir -p $InstallDir/$TargetDir/keys
339 cp -rf $ThisDir/keys/*.[cd]er $InstallDir/$TargetDir/keys/ 2> /dev/null
340 cp -rf $EtcKeysDir/*.[cd]er $InstallDir/$TargetDir/keys/ 2> /dev/null
341 if [[ -f $InstallDir/$TargetDir/refind.conf ]] ; then
342 echo "Existing refind.conf file found; copying sample file as refind.conf-sample"
343 echo "to avoid overwriting your customizations."
344 echo ""
345 cp -f $ConfFile $InstallDir/$TargetDir
346 if [[ $? != 0 ]] ; then
347 Problems=1
348 fi
349 else
350 echo "Copying sample configuration file as refind.conf; edit this file to configure"
351 echo "rEFInd."
352 echo ""
353 cp -f $ConfFile $InstallDir/$TargetDir/refind.conf
354 if [[ $? != 0 ]] ; then
355 Problems=1
356 fi
357 fi
358 if [[ $DeleteRefindDir == 1 ]] ; then
359 echo "Deleting the temporary directory $RefindDir"
360 rm -r $RefindDir
361 fi
362 } # CopyRefindFiles()
363
364 # Mount the partition the user specified with the --usedefault option
365 MountDefaultTarget() {
366 InstallDir=/tmp/refind_install
367 mkdir -p $InstallDir
368 if [[ $OSName == 'Darwin' ]] ; then
369 mount -t msdos $TargetPart $InstallDir
370 elif [[ $OSName == 'Linux' ]] ; then
371 mount -t vfat $TargetPart $InstallDir
372 fi
373 if [[ $? != 0 ]] ; then
374 echo "Couldn't mount $TargetPart ! Aborting!"
375 rmdir $InstallDir
376 exit 1
377 fi
378 UnmountEsp=1
379 } # MountDefaultTarget()
380
381 #
382 # A series of OS X support functions....
383 #
384
385 # Mount the ESP at /Volumes/ESP or determine its current mount
386 # point.
387 # Sets InstallDir to the ESP mount point
388 # Sets UnmountEsp if we mounted it
389 MountOSXESP() {
390 # Identify the ESP. Note: This returns the FIRST ESP found;
391 # if the system has multiple disks, this could be wrong!
392 Temp=`diskutil list | grep " EFI "`
393 Esp=/dev/`echo $Temp | cut -f 5 -d ' '`
394 # If the ESP is mounted, use its current mount point....
395 Temp=`df | grep $Esp`
396 InstallDir=`echo $Temp | cut -f 6 -d ' '`
397 if [[ $InstallDir == '' ]] ; then
398 mkdir /Volumes/ESP &> /dev/null
399 mount -t msdos $Esp /Volumes/ESP
400 if [[ $? != 0 ]] ; then
401 echo "Unable to mount ESP! Aborting!\n"
402 exit 1
403 fi
404 UnmountEsp=1
405 InstallDir="/Volumes/ESP"
406 fi
407 } # MountOSXESP()
408
409 # Control the OS X installation.
410 # Sets Problems=1 if problems found during the installation.
411 InstallOnOSX() {
412 echo "Installing rEFInd on OS X...."
413 if [[ $TargetDir == "/EFI/BOOT" ]] ; then
414 MountDefaultTarget
415 elif [[ $InstallToEspOnMac == "1" ]] ; then
416 MountOSXESP
417 else
418 InstallDir="$RootDir/"
419 fi
420 echo "Installing rEFInd to the partition mounted at '$InstallDir'"
421 Platform=`ioreg -l -p IODeviceTree | grep firmware-abi | cut -d "\"" -f 4`
422 CopyRefindFiles
423 if [[ $InstallToEspOnMac == "1" ]] ; then
424 bless --mount $InstallDir --setBoot --file $InstallDir/$TargetDir/$Refind
425 elif [[ $TargetDir != "/EFI/BOOT" ]] ; then
426 bless --setBoot --folder $InstallDir/$TargetDir --file $InstallDir/$TargetDir/$Refind
427 fi
428 if [[ $? != 0 ]] ; then
429 Problems=1
430 fi
431 if [[ -f /Library/StartupItems/rEFItBlesser || -d /Library/StartupItems/rEFItBlesser ]] ; then
432 echo
433 echo "/Library/StartupItems/rEFItBlesser found!"
434 echo "This program is part of rEFIt, and will cause rEFInd to fail to work after"
435 echo -n "its first boot. Do you want to remove rEFItBlesser (Y/N)? "
436 ReadYesNo
437 if [[ $YesNo == "Y" || $YesNo == "y" ]] ; then
438 echo "Deleting /Library/StartupItems/rEFItBlesser..."
439 rm -r /Library/StartupItems/rEFItBlesser
440 else
441 echo "Not deleting rEFItBlesser."
442 fi
443 fi
444 echo
445 echo "WARNING: If you have an Advanced Format disk, *DO NOT* attempt to check the"
446 echo "bless status with 'bless --info', since this is known to cause disk corruption"
447 echo "on some systems!!"
448 echo
449 } # InstallOnOSX()
450
451
452 #
453 # Now a series of Linux support functions....
454 #
455
456 # Check for evidence that we're running in Secure Boot mode. If so, and if
457 # appropriate options haven't been set, warn the user and offer to abort.
458 # If we're NOT in Secure Boot mode but the user HAS specified the --shim
459 # or --localkeys option, warn the user and offer to abort.
460 #
461 # FIXME: Although I checked the presence (and lack thereof) of the
462 # /sys/firmware/efi/vars/SecureBoot* files on my Secure Boot test system
463 # before releasing this script, I've since found that they are at least
464 # sometimes present when Secure Boot is absent. This means that the first
465 # test can produce false alarms. A better test is highly desirable.
466 CheckSecureBoot() {
467 VarFile=`ls -d /sys/firmware/efi/vars/SecureBoot* 2> /dev/null`
468 if [[ -n $VarFile && $TargetDir != '/EFI/BOOT' && $ShimSource == "none" ]] ; then
469 echo ""
470 echo "CAUTION: Your computer appears to support Secure Boot, but you haven't"
471 echo "specified a valid shim.efi file source. If you've disabled Secure Boot and"
472 echo "intend to leave it disabled, this is fine; but if Secure Boot is active, the"
473 echo "resulting installation won't boot. You can read more about this topic at"
474 echo "http://www.rodsbooks.com/refind/secureboot.html."
475 echo ""
476 echo -n "Do you want to proceed with installation (Y/N)? "
477 ReadYesNo
478 if [[ $YesNo == "Y" || $YesNo == "y" ]] ; then
479 echo "OK; continuing with the installation..."
480 else
481 exit 0
482 fi
483 fi
484
485 if [[ $ShimSource != "none" && ! -n $VarFile ]] ; then
486 echo ""
487 echo "You've specified installing using a shim.efi file, but your computer does not"
488 echo "appear to be running in Secure Boot mode. Although installing in this way"
489 echo "should work, it's unnecessarily complex. You may continue, but unless you"
490 echo "plan to enable Secure Boot, you should consider stopping and omitting the"
491 echo "--shim option. You can read more about this topic at"
492 echo "http://www.rodsbooks.com/refind/secureboot.html."
493 echo ""
494 echo -n "Do you want to proceed with installation (Y/N)? "
495 ReadYesNo
496 if [[ $YesNo == "Y" || $YesNo == "y" ]] ; then
497 echo "OK; continuing with the installation..."
498 else
499 exit 0
500 fi
501 fi
502
503 if [[ $LocalKeys != 0 && ! -n $VarFile ]] ; then
504 echo ""
505 echo "You've specified re-signing your rEFInd binaries with locally-generated keys,"
506 echo "but your computer does not appear to be running in Secure Boot mode. The"
507 echo "keys you generate will be useless unless you enable Secure Boot. You may"
508 echo "proceed with this installation, but before you do so, you may want to read"
509 echo "more about it at http://www.rodsbooks.com/refind/secureboot.html."
510 echo ""
511 echo -n "Do you want to proceed with installation (Y/N)? "
512 ReadYesNo
513 if [[ $YesNo == "Y" || $YesNo == "y" ]] ; then
514 echo "OK; continuing with the installation..."
515 else
516 exit 0
517 fi
518 fi
519
520 } # CheckSecureBoot()
521
522 # Check for the presence of locally-generated keys from a previous installation in
523 # $EtcKeysDir (/etc/refind.d/keys). If they're not present, generate them using
524 # openssl.
525 GenerateKeys() {
526 PrivateKey=$EtcKeysDir/$LocalKeysBase.key
527 CertKey=$EtcKeysDir/$LocalKeysBase.crt
528 DerKey=$EtcKeysDir/$LocalKeysBase.cer
529 OpenSSL=`which openssl 2> /dev/null`
530
531 # Do the work only if one or more of the necessary keys is missing
532 # TODO: Technically, we don't need the DerKey; but if it's missing and openssl
533 # is also missing, this will fail. This could be improved.
534 if [[ ! -f $PrivateKey || ! -f $CertKey || ! -f $DerKey ]] ; then
535 echo "Generating a fresh set of local keys...."
536 mkdir -p $EtcKeysDir
537 chmod 0700 $EtcKeysDir
538 if [[ ! -x $OpenSSL ]] ; then
539 echo "Can't find openssl, which is required to create your private signing keys!"
540 echo "Aborting!"
541 exit 1
542 fi
543 if [[ -f $PrivateKey ]] ; then
544 echo "Backing up existing $PrivateKey"
545 cp -f $PrivateKey $PrivateKey.backup 2> /dev/null
546 fi
547 if [[ -f $CertKey ]] ; then
548 echo "Backing up existing $CertKey"
549 cp -f $CertKey $CertKey.backup 2> /dev/null
550 fi
551 if [[ -f $DerKey ]] ; then
552 echo "Backing up existing $DerKey"
553 cp -f $DerKey $DerKey.backup 2> /dev/null
554 fi
555 $OpenSSL req -new -x509 -newkey rsa:2048 -keyout $PrivateKey -out $CertKey \
556 -nodes -days 3650 -subj "/CN=Locally-generated rEFInd key/"
557 $OpenSSL x509 -in $CertKey -out $DerKey -outform DER
558 chmod 0600 $PrivateKey
559 else
560 echo "Using existing local keys...."
561 fi
562 }
563
564 # Sign a single binary. Requires parameters:
565 # $1 = source file
566 # $2 = destination file
567 # Also assumes that the SBSign, PESign, UseSBSign, UsePESign, and various key variables are set
568 # appropriately.
569 # Aborts script on error
570 SignOneBinary() {
571 $SBSign --key $PrivateKey --cert $CertKey --output $2 $1
572 if [[ $? != 0 ]] ; then
573 echo "Problem signing the binary $1! Aborting!"
574 exit 1
575 fi
576 }
577
578 # Re-sign the x86-64 binaries with a locally-generated key, First look for appropriate
579 # key files in $EtcKeysDir. If they're present, use them to re-sign the binaries. If
580 # not, try to generate new keys and store them in $EtcKeysDir.
581 ReSignBinaries() {
582 SBSign=`which sbsign 2> /dev/null`
583 echo "Found sbsign at $SBSign"
584 TempDir="/tmp/refind_local"
585 if [[ ! -x $SBSign ]] ; then
586 echo "Can't find sbsign, which is required to sign rEFInd with your own keys!"
587 echo "Aborting!"
588 exit 1
589 fi
590 GenerateKeys
591 mkdir -p $TempDir/drivers_x64
592 cp $RefindDir/refind.conf-sample $TempDir 2> /dev/null
593 cp $ThisDir/refind.conf-sample $TempDir 2> /dev/null
594 cp $RefindDir/refind_ia32.efi $TempDir 2> /dev/null
595 cp -a $RefindDir/drivers_ia32 $TempDir 2> /dev/null
596 cp -a $ThisDir/drivers_ia32 $TempDir 2> /dev/null
597 SignOneBinary $RefindDir/refind_x64.efi $TempDir/refind_x64.efi
598 for Driver in `ls $RefindDir/drivers_x64/*.efi $ThisDir/drivers_x64/*.efi 2> /dev/null` ; do
599 TempName=`basename $Driver`
600 SignOneBinary $Driver $TempDir/drivers_x64/$TempName
601 done
602 RefindDir=$TempDir
603 DeleteRefindDir=1
604 }
605
606 # Identifies the ESP's location (/boot or /boot/efi, or these locations under
607 # the directory specified by --root); aborts if the ESP isn't mounted at
608 # either location.
609 # Sets InstallDir to the ESP mount point.
610 FindLinuxESP() {
611 EspLine=`df $RootDir/boot/efi 2> /dev/null | grep boot/efi`
612 if [[ ! -n $EspLine ]] ; then
613 EspLine=`df $RootDir/boot | grep boot`
614 fi
615 InstallDir=`echo $EspLine | cut -d " " -f 6`
616 if [[ -n $InstallDir ]] ; then
617 EspFilesystem=`grep $InstallDir /etc/mtab | uniq | cut -d " " -f 3`
618 fi
619 if [[ $EspFilesystem != 'vfat' ]] ; then
620 echo "$RootDir/boot/efi doesn't seem to be on a VFAT filesystem. The ESP must be"
621 echo "mounted at $RootDir/boot or $RootDir/boot/efi and it must be VFAT! Aborting!"
622 exit 1
623 fi
624 echo "ESP was found at $InstallDir using $EspFilesystem"
625 } # FindLinuxESP
626
627 # Uses efibootmgr to add an entry for rEFInd to the EFI's NVRAM.
628 # If this fails, sets Problems=1
629 AddBootEntry() {
630 InstallIt="0"
631 Efibootmgr=`which efibootmgr 2> /dev/null`
632 if [[ $Efibootmgr ]] ; then
633 InstallDisk=`grep $InstallDir /etc/mtab | cut -d " " -f 1 | cut -c 1-8`
634 PartNum=`grep $InstallDir /etc/mtab | cut -d " " -f 1 | cut -c 9-10`
635 EntryFilename=$TargetDir/$Refind
636 EfiEntryFilename=`echo ${EntryFilename//\//\\\}`
637 EfiEntryFilename2=`echo ${EfiEntryFilename} | sed s/\\\\\\\\/\\\\\\\\\\\\\\\\/g`
638 ExistingEntry=`$Efibootmgr -v | grep -i $EfiEntryFilename2`
639
640 if [[ $ExistingEntry ]] ; then
641 ExistingEntryBootNum=`echo $ExistingEntry | cut -c 5-8`
642 FirstBoot=`$Efibootmgr | grep BootOrder | cut -c 12-15`
643 if [[ $ExistingEntryBootNum != $FirstBoot ]] ; then
644 echo "An existing rEFInd boot entry exists, but isn't set as the default boot"
645 echo "manager. The boot order is being adjusted to make rEFInd the default boot"
646 echo "manager. If this is NOT what you want, you should use efibootmgr to"
647 echo "manually adjust your EFI's boot order."
648 $Efibootmgr -b $ExistingEntryBootNum -B &> /dev/null
649 InstallIt="1"
650 fi
651 else
652 InstallIt="1"
653 fi
654
655 if [[ $InstallIt == "1" ]] ; then
656 echo "Installing it!"
657 $Efibootmgr -c -l $EfiEntryFilename -L "rEFInd Boot Manager" -d $InstallDisk -p $PartNum &> /dev/null
658 if [[ $? != 0 ]] ; then
659 EfibootmgrProblems=1
660 Problems=1
661 fi
662 fi
663
664 else # efibootmgr not found
665 EfibootmgrProblems=1
666 Problems=1
667 fi
668
669 if [[ $EfibootmgrProblems ]] ; then
670 echo
671 echo "ALERT: There were problems running the efibootmgr program! You may need to"
672 echo "rename the $Refind binary to the default name (EFI/boot/bootx64.efi"
673 echo "on x86-64 systems or EFI/boot/bootia32.efi on x86 systems) to have it run!"
674 echo
675 fi
676 } # AddBootEntry()
677
678 # Create a minimal/sample refind_linux.conf file in /boot.
679 GenerateRefindLinuxConf() {
680 if [[ -f $RLConfFile ]] ; then
681 echo "Existing $RLConfFile found; not overwriting."
682 else
683 if [[ -f "$RootDir/etc/default/grub" ]] ; then
684 # We want the default options used by the distribution, stored here....
685 source "$RootDir/etc/default/grub"
686 fi
687 RootFS=`df $RootDir | grep dev | cut -f 1 -d " "`
688 StartOfDevname=`echo $RootFS | cut -b 1-7`
689 if [[ $StartOfDevname == "/dev/sd" || $StartOfDevName == "/dev/hd" ]] ; then
690 # Identify root filesystem by UUID rather than by device node, if possible
691 Uuid=`blkid -o export $RootFS 2> /dev/null | grep UUID=`
692 if [[ -n $Uuid ]] ; then
693 RootFS=$Uuid
694 fi
695 fi
696 DefaultOptions="$GRUB_CMDLINE_LINUX $GRUB_CMDLINE_LINUX_DEFAULT"
697 echo "\"Boot with standard options\" \"ro root=$RootFS $DefaultOptions \"" > $RLConfFile
698 echo "\"Boot to single-user mode\" \"ro root=$RootFS $DefaultOptions single\"" >> $RLConfFile
699 echo "\"Boot with minimal options\" \"ro root=$RootFS\"" >> $RLConfFile
700 fi
701 }
702
703 # Set varaibles for installation in EFI/BOOT directory
704 SetVarsForBoot() {
705 TargetDir="/EFI/BOOT"
706 if [[ $ShimSource == "none" ]] ; then
707 TargetX64="bootx64.efi"
708 TargetIA32="bootia32.efi"
709 else
710 TargetX64="grubx64.efi"
711 TargetIA32="bootia32.efi"
712 TargetShim="bootx64.efi"
713 fi
714 } # SetFilenamesForBoot()
715
716 # Set variables for installation in EFI/Microsoft/Boot directory
717 SetVarsForMsBoot() {
718 TargetDir="/EFI/Microsoft/Boot"
719 if [[ $ShimSource == "none" ]] ; then
720 TargetX64="bootmgfw.efi"
721 else
722 TargetX64="grubx64.efi"
723 TargetShim="bootmgfw.efi"
724 fi
725 }
726
727 # TargetDir defaults to /EFI/refind; however, this function adjusts it as follows:
728 # - If an existing refind.conf is available in /EFI/BOOT or /EFI/Microsoft/Boot,
729 # install to that directory under the suitable name; but DO NOT do this if
730 # refind.conf is also in /EFI/refind.
731 # - If booted in BIOS mode and the ESP lacks any other EFI files, install to
732 # /EFI/BOOT
733 # - If booted in BIOS mode and there's no refind.conf file and there is a
734 # /EFI/Microsoft/Boot/bootmgfw.efi file, move it down one level and
735 # install under that name, "hijacking" the Windows boot loader filename
736 DetermineTargetDir() {
737 Upgrade=0
738
739 if [[ -f $InstallDir/EFI/BOOT/refind.conf ]] ; then
740 SetVarsForBoot
741 Upgrade=1
742 fi
743 if [[ -f $InstallDir/EFI/Microsoft/Boot/refind.conf ]] ; then
744 SetVarsForMsBoot
745 Upgrade=1
746 fi
747 if [[ -f $InstallDir/EFI/refind/refind.conf ]] ; then
748 TargetDir="/EFI/refind"
749 Upgrade=1
750 fi
751 if [[ $Upgrade == 1 ]] ; then
752 echo "Found rEFInd installation in $InstallDir$TargetDir; upgrading it."
753 fi
754
755 if [[ ! -d /sys/firmware/efi && $Upgrade == 0 ]] ; then # BIOS-mode
756 FoundEfiFiles=`find $InstallDir/EFI/BOOT -name "*.efi" 2> /dev/null`
757 FoundConfFiles=`find $InstallDir -name "refind\.conf" 2> /dev/null`
758 if [[ ! -n $FoundConfFiles && -f $InstallDir/EFI/Microsoft/Boot/bootmgfw.efi ]] ; then
759 mv -n $InstallDir/EFI/Microsoft/Boot/bootmgfw.efi $InstallDir/EFI/Microsoft &> /dev/null
760 SetVarsForMsBoot
761 echo "Running in BIOS mode with a suspected Windows installation; moving boot loader"
762 echo "files so as to install to $InstallDir$TargetDir."
763 elif [[ ! -n $FoundEfiFiles ]] ; then # In BIOS mode and no default loader; install as default loader
764 SetVarsForBoot
765 echo "Running in BIOS mode with no existing default boot loader; installing to"
766 echo $InstallDir$TargetDir
767 else
768 echo "Running in BIOS mode with an existing default boot loader; backing it up and"
769 echo "installing rEFInd in its place."
770 if [[ -d $InstallDir/EFI/BOOT-rEFIndBackup ]] ; then
771 echo ""
772 echo "Caution: An existing backup of a default boot loader exists! If the current"
773 echo "default boot loader and the backup are different boot loaders, the current"
774 echo "one will become inaccessible."
775 echo ""
776 echo -n "Do you want to proceed with installation (Y/N)? "
777 ReadYesNo
778 if [[ $YesNo == "Y" || $YesNo == "y" ]] ; then
779 echo "OK; continuing with the installation..."
780 else
781 exit 0
782 fi
783 fi
784 mv -n $InstallDir/EFI/BOOT $InstallDir/EFI/BOOT-rEFIndBackup
785 SetVarsForBoot
786 fi
787 fi # BIOS-mode
788 } # DetermineTargetDir()
789
790 # Controls rEFInd installation under Linux.
791 # Sets Problems=1 if something goes wrong.
792 InstallOnLinux() {
793 echo "Installing rEFInd on Linux...."
794 modprobe efivars &> /dev/null
795 if [[ $TargetDir == "/EFI/BOOT" ]] ; then
796 MountDefaultTarget
797 else
798 FindLinuxESP
799 DetermineTargetDir
800 fi
801 CpuType=`uname -m`
802 if [[ $CpuType == 'x86_64' ]] ; then
803 Platform="EFI64"
804 elif [[ ($CpuType == 'i386' || $CpuType == 'i486' || $CpuType == 'i586' || $CpuType == 'i686') ]] ; then
805 Platform="EFI32"
806 # If we're in EFI mode, do some sanity checks, and alert the user or even
807 # abort. Not in BIOS mode, though, since that could be used on an emergency
808 # disc to try to recover a troubled Linux installation.
809 if [[ -d /sys/firmware/efi ]] ; then
810 if [[ $ShimSource != "none" && $TargetDir != "/BOOT/EFI" ]] ; then
811 echo ""
812 echo "CAUTION: Neither rEFInd nor shim currently supports 32-bit systems, so you"
813 echo "should not use the --shim option to install on such systems. Aborting!"
814 echo ""
815 exit 1
816 fi
817 echo
818 echo "CAUTION: This Linux installation uses a 32-bit kernel. 32-bit EFI-based"
819 echo "computers are VERY RARE. If you've installed a 32-bit version of Linux"
820 echo "on a 64-bit computer, you should manually install the 64-bit version of"
821 echo "rEFInd. If you're installing on a Mac, you should do so from OS X. If"
822 echo "you're positive you want to continue with this installation, answer 'Y'"
823 echo "to the following question..."
824 echo
825 echo -n "Are you sure you want to continue (Y/N)? "
826 ReadYesNo
827 if [[ $YesNo == "Y" || $YesNo == "y" ]] ; then
828 echo "OK; continuing with the installation..."
829 else
830 exit 0
831 fi
832 fi # in EFI mode
833 else
834 echo "Unknown CPU type '$CpuType'; aborting!"
835 exit 1
836 fi
837
838 if [[ $LocalKeys == 1 ]] ; then
839 ReSignBinaries
840 fi
841
842 CheckSecureBoot
843 CopyRefindFiles
844 if [[ $TargetDir != "/EFI/BOOT" && $TargetDir != "/EFI/Microsoft/Boot" ]] ; then
845 AddBootEntry
846 GenerateRefindLinuxConf
847 fi
848 } # InstallOnLinux()
849
850 #
851 # The main part of the script. Sets a few environment variables,
852 # performs a few startup checks, and then calls functions to
853 # install under OS X or Linux, depending on the detected platform.
854 #
855
856 OSName=`uname -s`
857 GetParams $@
858 ThisDir="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
859 RefindDir="$ThisDir/refind"
860 ThisScript="$ThisDir/`basename $0`"
861 if [[ `whoami` != "root" ]] ; then
862 echo "Not running as root; attempting to elevate privileges via sudo...."
863 sudo $ThisScript "$@"
864 if [[ $? != 0 ]] ; then
865 echo "This script must be run as root (or using sudo). Exiting!"
866 exit 1
867 else
868 exit 0
869 fi
870 fi
871 CheckForFiles
872 if [[ $OSName == 'Darwin' ]] ; then
873 if [[ $ShimSource != "none" ]] ; then
874 echo "The --shim option is not supported on OS X! Exiting!"
875 exit 1
876 fi
877 if [[ $LocalKeys != 0 ]] ; then
878 echo "The --localkeys option is not supported on OS X! Exiting!"
879 exit 1
880 fi
881 InstallOnOSX $1
882 elif [[ $OSName == 'Linux' ]] ; then
883 InstallOnLinux
884 else
885 echo "Running on unknown OS; aborting!"
886 fi
887
888 if [[ $Problems ]] ; then
889 echo
890 echo "ALERT:"
891 echo "Installation has completed, but problems were detected. Review the output for"
892 echo "error messages and take corrective measures as necessary. You may need to"
893 echo "re-run this script or install manually before rEFInd will work."
894 echo
895 else
896 echo
897 echo "Installation has completed successfully."
898 echo
899 fi
900
901 if [[ $UnmountEsp ]] ; then
902 echo "Unmounting install dir"
903 umount $InstallDir
904 fi
905
906 if [[ $InstallDir == /tmp/refind_install ]] ; then
907 # sleep 5
908 rmdir $InstallDir
909 fi