From 8e4abb05924e03da0ac4dbf1b12d0a7f9d7b8041 Mon Sep 17 00:00:00 2001
From: srs5694
If you're using Linux or Mac OS X, the easiest way to install rEFInd is to use the install.sh script. This script automatically copies rEFInd's files to your ESP or other target location and makes changes to your firmware's NVRAM settings so that rEFInd will start the next time you boot. If you've booted to OS X or in EFI mode to Linux on a UEFI-based PC, install.sh will probably do the right thing, so you can get by with the quick instructions. If your setup is unusual, though, or if you want to create a USB flash drive with rEFInd on it, you should read the extra instructions for this utility.
+If you're using Linux or Mac OS X, the easiest way to install rEFInd is to use the install.sh script. This script automatically copies rEFInd's files to your ESP or other target location and makes changes to your firmware's NVRAM settings so that rEFInd will start the next time you boot. If you've booted to OS X or in non-Secure-Boot EFI mode to Linux on a UEFI-based PC, install.sh will probably do the right thing, so you can get by with the quick instructions. If your setup is unusual, if your computer uses Secure Boot, or if you want to create a USB flash drive with rEFInd on it, you should read the extra instructions for this utility.
In addition to these quirks, you should be aware of some options that install.sh supports to enable you to customize your installation in various ways. The syntax for install.sh is as follows:
+ ++install.sh [--esp | --usedefault device-file] [--drivers] [--shim shim-filename] \ + [--localkeys] ++ +
The details of the options are summarized in Table 1. Using some of these options in unusual conditions can generate warnings and prompts to confirm your actions. In particular, using --shim or --localkeys when you're not booted in Secure Boot mode, or failing to use --shim when you are booted in Secure Boot mode, will generate a query and a request to confirm your installation. Consult the Managing Secure Boot page for more on this topic.
+ +Option | +Explanation | +
---|---|
--esp | +This option tells install.sh to install rEFInd to the ESP of your computer. This option is only useful on OS X; on Linux, installing to the ESP is the default, so --esp is implicit on Linux. Be aware that some users have reported sluggish boots when installing rEFInd to the ESP on Macs. Installing rEFInd anywhere but the ESP makes little sense on UEFI-based PCs, except for the partial exception of removable boot media, which you can prepare with --usedefault. | +
--usedefault device-file | +You can install rEFInd to a disk using the default/fallback filename of EFI/BOOT/bootx64.efi (and EFI/BOOT/bootia32.efi, if the 32-bit build is available) using this option. The device-file should be an unmounted ESP, or at least a FAT partition, as in --usedefault /dev/sdc1. Your computer's NVRAM entries will not be modified when installing in this way. The intent is that you can create a bootable USB flash drive or install rEFInd on a computer that tends to "forget" its NVRAM settings with this option. This option is mutually exclusive with --esp. | +
--drivers | +Ordinarily install.sh does not install drivers; but when you specify this option, it does; it copies all the driver files for your architecture. You may want to remove unused driver files after you use this option, especially if your computer uses Secure Boot. | +
--shim shim-filename | +If you pass this option to install.sh, the script will copy the specified shim program file to the target directory, copy the MokManager.efi file from the shim program file's directory to the target directory, copy the 64-bit version of rEFInd as grubx64.efi, and register shim with the firmware. (If you also specify --usedefault, the NVRAM registration is skipped.) The intent is to simplify rEFInd installation on a computer that uses Secure Boot; when so set up, rEFInd will boot in Secure Boot mode, with one caveat: The first time you boot, MokManager will launch, and you must use it to locate and install a public key. This key file will be located in the rEFInd directory under the name refind.cer. Note that I'm not providing a shim binary myself, but you can download one from here. In the not-too-distant future, most distributions will provide their own shim programs, so you'll be able to point to them—for instance, in /boot/efi/EFI/redhat/shim.efi. | +
--localkeys | +This option tells install.sh to generate a new Machine Owner Key (MOK), store it in /etc/refind.d/keys as refind_local.*, and re-sign all the 64-bit rEFInd binaries with this key before installing them. This is the preferable way to install rEFInd in Secure Boot mode, since it means your binaries will be signed locally rather than with my own key, which is used to sign many other users' binaries; however, this method requires that both the openssl and sbsign binaries be installed. The former is readily available in most distributions' repositories, but the latter is not, so this option is not the default. | +
In any event, you should peruse the script's output to ensure that everything looks OK. install.sh displays error messages when it encounters errors, such as if the ESP is mounted read-only or if you run out of disk space. You may need to correct such problems manually and re-run the script. In some cases you may need to fall back on manual installation, which gives you better control over details such as which partition to use for installation.
@@ -247,7 +255,7 @@ Filesystem 1K-blocks Used Available Use% Mounted on