#resolution 1440 900
#resolution 3
+# Enable touch screen support. If active, this feature enables use of
+# touch screen controls (as on tablets). Note, however, that not all
+# tablets' EFIs provide the necessary underlying support, so this
+# feature may not work for you. If it does work, you should be able
+# to launch an OS or tool by touching it. In a submenu, touching
+# anywhere launches the currently-selection item; there is, at present,
+# no way to select a specific submenu item.
+#
+#enable_touch
+
# Launch specified OSes in graphics mode. By default, rEFInd switches
# to text mode and displays basic pre-launch information when launching
# all OSes except OS X. Using graphics mode can produce a more seamless
# (see also the windows_recovery_files option)
# mok_tool - makes available the Machine Owner Key (MOK) maintenance
# tool, MokManager.efi, used on Secure Boot systems
+# csr_rotate - adjusts Apple System Integrity Protection (SIP)
+# policy. Requires "csr_values" to be set.
# about - an "about this program" option
# exit - a tag to exit from rEFInd
# shutdown - shuts down the computer (a bug causes this to reboot
# reboot - a tag to reboot the computer
# firmware - a tag to reboot the computer into the firmware's
# user interface (ignored on older computers)
+# fwupdate - a tag to update the firmware; launches the fwupx64.efi
+# (or similar) program
# netboot - launch the ipxe.efi tool for network (PXE) booting
-# Default is shell,memtest,gdisk,apple_recovery,windows_recovery,mok_tool,about,shutdown,reboot,firmware
+# Default is shell,memtest,gdisk,apple_recovery,windows_recovery,mok_tool,about,shutdown,reboot,firmware,fwupdate
#
-#showtools shell, gdisk, memtest, mok_tool, apple_recovery, windows_recovery, about, reboot, exit, firmware
+#showtools shell, gdisk, memtest, mok_tool, apple_recovery, windows_recovery, about, reboot, exit, firmware, fwupdate
# Boot loaders that can launch a Windows restore or emergency system.
# These tend to be OEM-specific.
# non-Apple computers.
# The default is inactive (no OS X spoofing is done).
#
-#spoof_osx_version "10.9"
+#spoof_osx_version 10.9
+
+# Set the CSR values for Apple's System Integrity Protection (SIP) feature.
+# Values are one-byte (two-character) hexadecimal numbers. These values
+# define which specific security features are enabled. Below are the codes
+# for what the values mean. Add them up (in hexadecimal!) to set new values.
+# Apple's "csrutil enable" and "csrutil disable" commands set values of 10
+# and 77, respectively.
+# CSR_ALLOW_UNTRUSTED_KEXTS 0x01
+# CSR_ALLOW_UNRESTRICTED_FS 0x02
+# CSR_ALLOW_TASK_FOR_PID 0x04
+# CSR_ALLOW_KERNEL_DEBUGGER 0x08
+# CSR_ALLOW_APPLE_INTERNAL 0x10
+# CSR_ALLOW_UNRESTRICTED_DTRACE 0x20
+# CSR_ALLOW_UNRESTRICTED_NVRAM 0x40
+#
+#csr_values 10,77
# Include a secondary configuration file within this one. This secondary
# file is loaded as if its options appeared at the point of the "include"
disabled
}
+# Below is a more complex Linux example, specifically for Arch Linux.
+# This example MUST be modified for your specific installation; if nothing
+# else, the PARTUUID code must be changed for your disk. Because Arch Linux
+# does not include version numbers in its kernel and initrd filenames, you
+# may need to use manual boot stanzas when using fallback initrds or
+# multiple kernels with Arch. This example is modified from one in the Arch
+# wiki page on rEFInd (https://wiki.archlinux.org/index.php/rEFInd).
+menuentry "Arch Linux" {
+ icon /EFI/refind/icons/os_arch.png
+ volume "Arch Linux"
+ loader /boot/vmlinuz-linux
+ initrd /boot/initramfs-linux.img
+ options "root=PARTUUID=5028fa50-0079-4c40-b240-abfaf28693ea rw add_efi_memmap"
+ submenuentry "Boot using fallback initramfs" {
+ initrd /boot/initramfs-linux-fallback.img
+ }
+ submenuentry "Boot to terminal" {
+ add_options "systemd.unit=multi-user.target"
+ }
+ disabled
+}
+
# A sample entry for loading Ubuntu using its standard name for
# its GRUB 2 boot loader. Note uses of Linux-style forward slashes
menuentry Ubuntu {