Refind

Author: A | 2025-04-24

Create a directory called REFIND in the EFI volume at /EFI/REFIND; Copy the right files. All paths are from the root of the rEFInd directory that you downloaded and all the files go into the directory you just created. refind/drivers_x64/ refind/icons/ refind/refind_x64.efi; refind/tools_x64/

The rEFInd Boot Manager: Theming rEFInd

More commonly today, mmx64.efi) binaries to the directory you intend to use for rEFInd—for instance, EFI/refind on the ESP.Follow the installation instructions for rEFInd on the Installing rEFInd page; however, you should normally give rEFInd the filename grubx64.efi and register shimx64.efi with the EFI by using efibootmgr in Linux or bcdedit in Windows. Be sure that rEFInd (as grubx64.efi), shimx64.efi, and MokManager.efi/mmx64.efi all reside in the same directory. If you're using Shim 0.7 or later and are installing it under Linux, you may optionally keep rEFInd's refind_x64.efi name; but you must then tell Shim to use rEFInd by passing an additional -u "shimx64.efi refind_x64.efi" option to efibootmgr. (In early 2020, I discovered that some recent Shim binaries include a bug that prevents Shim from launching anything but grubx64.efi and its other internally-coded files. I haven't yet investigated to determine exactly which Shim versions are affected by this bug, though.) Change the filenames to the actual filenames used by Shim and rEFInd, respectively.Copy the refind.cer file from the rEFInd package to your ESP, ideally to a location with few other files. (The rEFInd installation directory should work fine.)Optionally, type mokutil -i refind.cer, adding whatever directory components are needed to access refind.cer; or you can substitute your own key file if you re-sign the rEFInd binaries, as described later, in Managing Your MOKs. You will be asked to enter a password, which is for temporary use only and need not match your user or root password. This action will store the rEFInd public key to the NVRAM, enabling MokManager to access it more easily. In theory, this step obviates the previous one; but it's generally a good idea to have rEFInd's Secure Boot public key on the boot disk so that it can be re-enrolled manually, if necessary.Reboot. With any luck, you'll see a simple text-mode user interface with a label of Shim UEFI key management. This is the MokManager program, which Shim launched when rEFInd failed verification because its key is not yet enrolled. You may be prompted to press a key to begin MOK management. You have only ten seconds to do so, or the boot will continue without enrolling the MOK, and rEFInd will probably not launch. What happens when you begin MOK management depends of whether you used mokutil to install the MOK....If you did not use mokutil, then you must locate and enroll the rEFInd key file as follows: Press your down arrow key and press Enter to select Enroll key from disk; or if you used mokutil earlier, instead select Enroll MOK. The screen will clear and, if you did not use mokutil to install the key, prompt you to select a key, as shown here:

nixevol/rEFInd-zh_cn: rEFInd - GitHub

Hola amig@s aquí les traigo un tutorial para instalar Refind en Windows 10. Recordar que los computadores con Windows 10 viene con EFI ( el cual digamos, no es muy amistoso con nuestras distribuciones Linux.Existe 3 grandes motivos por los cuales Ud. debe instalar Refind en Windows 10 (obviamente a mi parecer). No es recomendable eliminar la partición de rescate de Windows 10, ya que se puede corromper la BIOS, en especial aquella laptops que vienen con “System Rescue (F4)”. Si no desea borrar Windows 10 Si Ud. se pasa toda la vida cambiando el dispositivo de booteo, instale Refind y olvidese de tener que volver a entrar a la BIOS por algo así. Refind es un Boot Manager al igual que GRUB con la ventaja que detecta automáticamente en cada arranque los dispositivos o particiones “booteables” de tu computadora.(para más información visitar lo que significa que con esto podremos hacer que Windows 10 pueda ver las particiones con Linux.ADVERTENCIA: Alterar o modificar las entradas de Booteo siempre tiene un riesgo y muchas veces se puede cometer un error el cual impida que inicies tu Sistema Operativo (OS) para evitar posibles perdidas de datos por no poder acceder a tu OS, es recomendable que respaldes tu información antes de intentar este tutorial.Instalar Refind> Ahora el paso siguiente es instalar Refind para ello descargamos el siguiente fichero:> Una vez descargado descomprimirlo en una carpeta, la cual este ubicada en una dirección sencilla de encontrar o recordar.> Después de descargar y descomprimir el fichero presionamos WIN+X y hacemos click en Símbolo del Sistema (Administrador)> Una vez ingresando al Símbolo de Sistema tecleas:mountvol S: /s (Suponiendo que no existe la unidad S: si no es así cambia S por cualquier letra).> Ahora ingresa a la carpeta que descomprimiste refind para ver los subdirectorios al interior de estadir C:/Users/pacman/Documents/refind-bin-0.10.4 (Tips: al igual que en Linux puedes usar TAB para autocompletar)> Ya estando dentro de la carpeta de Refind y con la posibilidad de ver los subdirectorios (puedes hacer dir y deberías ver el archivo README entre otros) tecleas el siguiente comando el cual copia la carpeta refind a una nueva unidadxcopy /E refind S:\EFI\refind\> Ahora escribe para ingresar a la unidad S: y al directorio refind de la unidad S:S:cd EFI\refindEn el manual de instalación de Refind dice que puedes eliminar algunos drivers que no necesitas en las carpetas drivers_x64 y drivers_ia32 ya que

The rEFInd Boot Manager: Theming rEFInd - rodsbooks.com

Common on older computers (from 2013 or earlier), but they could exist on anything. Disabling Secure Boot may be the best solution to such problems.In 2020, a bug in GRUB 2, known as Boot Hole, was discovered. This bug could theoretically enable an attacker to run malicious code in the pre-boot environment. Subsequent analyses discovered several other potential security bugs in GRUB 2. Because there are so many signed GRUB 2 binaries in distribution, these flaws threatened to overrun the standard Secure Boot storage for forbidden binaries, known as the dbx. (The dbx is held in NVRAM, which is severely limited in size.) Thus, Linux distribution maintainers agreed to implement a dbx-like mechanism within Shim, and Microsoft would add earlier Shim binaries to the UEFI dbx. The upshot of this is that, if you installed rEFInd prior to these events, the Shim binary that it uses may be added to your computer's dbx by Windows updates, and rEFInd may stop working. The solution is to update the shimx64.efi file in rEFInd's directory with the latest version.As a follow-on to the preceding point, versions of Shim released since early 2021 require that signed EFI binaries launched by Shim include version information. This is known as the Secure Boot Advanced Targeting (SBAT) system, and the version information is stored in a part of the boot program binary known as .sbat. Starting with rEFInd 0.14.0, rEFInd builds an .sbat section. If you're using a version of Shim that was released prior to early 2021, you might want to consider upgrading it to a newer version. Note that the Shim that launches rEFInd is not updated automatically when a new Shim is installed; you must do this manually! If you completely control Secure Boot on your computer, or if you disable Secure Boot, then SBAT is irrelevant; it provides no benefit, and the .sbat section in rEFInd does no harm.If you launch a boot loader or other program from rEFInd that relies on the EFI's standard program-launching code, that program should take advantage of Shim and its MOKs. For instance, if you launch gummiboot (aka systemd-boot) from rEFInd (and rEFInd from Shim), gummiboot should be able to launch Shim/MOK-signed Linux kernels. In practice, this may not work with all versions of Shim, though. Shim 0.8 and later enables the binary that it launches to launch just one additional binary, not an endless stream of them. (rEFInd employs an internal workaround to this problem to do its own job.)My focus in testing rEFInd's Secure Boot capabilities has been on getting Linux kernels with EFI stub loaders to launch correctly. I've done some minimal testing with GRUB 2, though. I've also tested some self-signed binaries, such. Create a directory called REFIND in the EFI volume at /EFI/REFIND; Copy the right files. All paths are from the root of the rEFInd directory that you downloaded and all the files go into the directory you just created. refind/drivers_x64/ refind/icons/ refind/refind_x64.efi; refind/tools_x64/ Brief Installation Instructions (Binary Package) ===== This is rEFInd, an EFI boot manager. The binary package includes the following files and subdirectories: File Description - refind/refind_ia32.efi The main IA32 rEFInd binary refind/refind_x64.efi The main x rEFInd binary refind/refind.conf-sample A sample configuration file refind/icons/ Subdirectory containing icons refind

The rEFInd Boot Manager: Getting rEFInd - rodsbooks.com

Key, or a MOK; however, because Microsoft won't sign binaries distributed under the GPLv3, I can't distribute a version of rEFInd signed with Microsoft's Secure Boot key; and as I don't have access to the private Shim keys used by any distribution, I can't distribute a rEFInd binary signed by them. (Distributions can provide rEFInd binaries signed with the their own Shim keys. This appears to be the case with the rEFInd binaries distributed with ALT Linux, according to its package description. On the other hand, Ubuntu, for one, signs their GRUB binaries but not their rEFInd binaries.) Thus, rEFInd will normally be signed by a MOK. Beginning with version 0.5.0, rEFInd binaries that I provide are signed by me. Beginning with version 0.5.1, the installation script provides an option to sign the rEFInd binary with your own key, provided the necessary support software is installed.Your boot loaders and kernels—Your OS boot loaders, and usually your Linux kernels, must be signed. They can be signed with any of the three key types. Indeed, your system may have a mix of all three types—a Windows 8 or later boot loader will most likely be signed with Microsoft's Secure Boot key, GRUB and kernels provided by most distributions will be signed with their own Shim keys, and if you use your own locally-compiled kernel or a boot loader from an unusual source you may need to sign it with a MOK. Aside from signing, these files can be installed in exactly the same way as if your computer were not using Secure Boot.If you've installed a distribution that provides Shim and can boot it with Secure Boot active, and if you then install rEFInd using the RPM file or Debian package that I provide or by running refind-install, chances are you'll end up with a working rEFInd that will start up the first time, with one caveat: You'll have to use MokManager to add rEFInd's MOK to your MOK list, as described shortly. If you don't already have a working copy of Shim on your ESP, your task is more complex. Broadly speaking, the procedure should be something like this:Boot the computer. This can be a challenge in and of itself. You may need to use a Secure Boot–enabled Linux emergency disc, temporarily disable Secure Boot, or do the work from Windows.Download rEFInd in binary form (the binary zip or CD-R image file). If you download the binary zip file, unzip it; if you get the CD-R image file, burn it to a CD-R and mount it.Download Shim from your distribution. (Don't use an early 0.1 version, though; as noted earlier, it's inadequate for use with rEFInd.)Copy the shimx64.efi and MokManager.efi (or

The rEFInd Boot Manager: Keeping rEFInd Booting

Los drivers innecesarios retardan el inicio del sistema, yo recomiendo dejarlos todos ya que el retraso es mínimo e imperceptible. Pero si aún desean eliminar los drivers que no usarán pueden revisar la siguiente página: Ahora debes renombrar el archivo refind.conf-sample a refind.conf esto lo puedes hacer con el siguiente comandorename refind.conf-sample refind.conf> Y finalmente para setear Refind como tu programa de booteo por defecto:bcdedit /set {bootmgr} path \EFI\refind\refind_x64.efi(Este comando es válido si tu sistema es de 64bits si es 32bits debes cambiar refind_x64.efi a refind_ia32.efi)Ahora cuando reinicies debería aparecer el menú de refind para seleccionar el OS que desees.Recomendaciones para los nuevos OS linux que instalas para tener solamente Refind como boot manager Cuando instalas tu sistema es recomendable que tengas una partición de booteo (/boot) y esta puede estar formateada en EXT2 o en FAT Refind busca automáticamente los archivos vmlinuz en tus particiones de booteo No instales GRUB u otro Boot Manager. Cuando instales tu sistema linux crea un archivo refind.conf en /Boot y en él, agrega todas las opciones necesarias para que inicie tu sistema. La más básica (y necesaria) es aquellas en donde indicas cual es tu partición root. Mi archivo refind.conf tiene las siguiente linea: "Boot with standard options" "root=/dev/sda7 ro initrd=\initramfs-linux.img"Donde /dev/sda7 es mi partición root. Si olvidaste crear el archivo refind.conf, no hay problema, en Refind selecciona tu OS y presiona 2 veces la tecla F2 para editar (momentáneamente) las opciones de booteo y ahí puedes agregar la linea “root=/partición/root ro” y una vez ingresado a tu sistema puedes crear el archivo refind.conf con las opciones necesarias de booteo. Si se le olvido insertar el CD o el pendrive antes de que inicie refind, ¡¡¡no importa!!! simplemente inserte el dispositivo mientras Refind esta en pantalla presione la tecla ESC y automáticamente aparecerá su nuevo dispositivo de booteo. Si por alguna razón instalaste GRUB y este se posiciono sobre Refind, ingresa a la BIOS y selecciona como dispositivo de booteo superior a Windows, Refind volvera a aparecer en el próximo reinicio. Finalmente para que tengas el logo de tu OS y no a Tux, simplemente agrega una imagen de 128x128p en formato PNG a tu partición /Boot y nombrarla con el mismo nombre de tu imagen del sistema, en mi caso es vmlinuz-linux.png Para más información de como agregar opciones a refind.conf pueden visitar: personalizadosSi no te gusta el diseño de rEFInd y

The rEFInd Boot Manager: rEFInd Features - rodsbooks.com

So chances are you'll be able to enroll them as MOKs, if necessary.Using rEFInd with ShimBecause several major distributions support Shim, I describe it first. You may need to adjust the rEFInd installation process to get it working with Shim, especially if you're not using a distribution that uses this software. In addition to installing Shim, you should know how to manage your MOKs, so I describe this topic, too. If you don't want to use Shim, you can skip ahead to the section on PreLoader; however, in 2021 PreLoader offers few advantages and many disadvantages compared to Shim, so I strongly recommend using Shim rather than PreLoader. Note also that you can use Shim with hashes to identify individual binaries rather than with keys. This usage of Shim is much more like the PreLoader procedure, although a few details differ.Installing Shim and rEFIndA working Secure Boot installation of rEFInd involves at least three programs, and probably four or more, each of which must be installed in a specific way:Shim—You can use any version of Shim you like, except for version 0.1, which doesn't support MOKs. In many cases, Shim will already be installed on your computer from your distribution, called shim.efi or shimx64.efi in the distribution's directory on the ESP. If so, it's probably best to use that version, since its built-in key will handle your distribution's kernels. If you don't currently have a Shim installed, you can copy one from another computer or copy the file from a distribution installation disc. No matter what version of Shim you use, you must enroll rEFInd's MOK. You should install Shim just as you would install other EFI boot loaders, as described here. For use in launching rEFInd, you should install shimx64.efi in EFI/refind (or wherever rEFInd is installed) on your ESP.MokManager—This program is included with Shim 0.2 and later. It presents a user interface for managing MOKs, and it's launched by Shim if Shim can't find its default boot loader (generally grubx64.efi) or if that program isn't properly signed. In principle, this program could be signed with a Secure Boot key or a MOK, but such binaries are usually signed by Shim keys. This program should reside in the same directory as shimx64.efi, under the name MokManager.efi, mmx64.efi, or another architecture-specific variant of that. Although you could theoretically do without MokManager, in practice you'll need it at least temporarily to install the MOK with which rEFInd is signed.rEFInd—Naturally, you need rEFInd. Because Shim is hard-coded to launch a program called grubx64.efi, you must install rEFInd using that name and to the same directory in which shimx64.efi resides. In theory, rEFInd could be signed with a Secure Boot key, a Shim

The rEFInd Boot Manager: Using rEFInd - rodsbooks.com

Location on the ESP for rEFInd to locate it. Be sure to include any support files that it needs, too.Check your refind.conf file to ensure that the showtools option is either commented out or includes mok_tool among its options.Reboot. You can try launching the boot loader you just installed, but chances are it will generate an Access Denied message. For it to work, you must launch MokManager using the tool that rEFInd presents on its second row. You can then enroll your refind_local.cer key just as you enrolled the refind.cer key.At this point you should be able to launch the binaries you've signed. Unfortunately, there can still be problems; see the upcoming section, Secure Boot Caveats, for information on them. Alternatively, you can try using PreLoader rather than Shim.Using rEFInd with PreLoaderIf you want to use Secure Boot with a distribution that doesn't come with Shim but the preceding description exhausts you, take heart: PreLoader is easier to set up and use for your situation! (Alternatively, you can use recent versions of Shim with hashes instead of with keys, in which case the PreLoader instructions apply to Shim, albeit with some user interface differences.) Unfortunately, PreLoader is still not as easy to use as not using Secure Boot at all, and it's got some drawbacks, but it may represent an acceptable middle ground. To get started, proceed as follows:Boot the computer. As with Shim, this can be a challenge; you may need to boot with Secure Boot disabled, use a Secure Boot–enabled live CD, or do the installation from Windows.Download rEFInd in binary form (the binary zip or CD-R image file). If you download the binary zip file, unzip it; if you get the CD-R image file, burn it to a CD-R and mount it.Download PreLoader from its release page or by clicking the following links. Be sure to get both the PreLoader.efi and HashTool.efi files.Copy the PreLoader.efi and HashTool.efi binaries to the directory you intend to use for rEFInd—for instance, EFI/refind on the ESP.Follow the installation instructions for rEFInd on the Installing rEFInd page; however, give rEFInd the filename loader.efi and register PreLoader.efi with the EFI by using efibootmgr in Linux or bcdedit in Windows. Be sure that rEFInd (as loader.efi), PreLoader.efi, and HashTool.efi all reside in the same directory. (If you want to use Shim with hashes, name rEFInd grubx64.efi.)Reboot. With any luck, you'll see HashTool appear with a warning message stating that it was unable to launch loader.efi and declaring that it will launch HashTool.efi. Press the Enter key to continue.HashTool should now appear. It should give you three or four options, including Enroll Hash, as shown here. Select this option You can now select the binary. Create a directory called REFIND in the EFI volume at /EFI/REFIND; Copy the right files. All paths are from the root of the rEFInd directory that you downloaded and all the files go into the directory you just created. refind/drivers_x64/ refind/icons/ refind/refind_x64.efi; refind/tools_x64/

The rEFInd Boot Manager: Installing and Uninstalling rEFInd

To contain bugs that could be exploited to create security problems.PreLoader and recent versions of Shim are easier to set up on a distribution that doesn't support Secure Boot because these tools don't require the use of keys; instead, you can tell them which binaries you trust and they will let you launch them. This works well on a system with boot managers, boot loaders, and kernels that seldom change. It's not a good solution for distribution maintainers, though, because it requires that users manually add binaries to the MOK's list of approved binaries when the OS is installed and every time those binaries change. Also, PreLoader relies on a helper program, HashTool, to enroll hashes. ("Hash" is Geek for "tell the computer that a binary is OK.") Unfortunately, the initial (and, as far as I know, only signed) HashTool can enroll hashes only from the partition from which it was launched, so if you want to use rEFInd to launch Linux kernels directly, it's easiest if you mount your EFI System Partition (ESP) at /boot in Linux or copy your kernels to the ESP. Another approach is to copy HashTool.efi to the partition that holds your kernel and rename it to almost anything else. rEFInd will then treat it like an OS boot loader and create a menu entry for it, enabling you to launch it as needed. Recent versions of Shim's key- and hash-management tool, MokManager, support reading keys and binaries from any partition that the EFI can read.rEFInd can communicate with the Shim system to authenticate boot loaders. If a boot loader has been signed by a valid UEFI Secure Boot key, a valid Shim key, or a valid MOK, rEFInd will launch it. rEFInd will also launch unsigned boot loaders or those with invalid signatures if Secure Boot is disabled in or unsupported by the firmware. (If that's your situation, you needn't bother reading this page.) PreLoader is designed in such a way that it requires no explicit support in rEFInd to work.My binary builds of rEFInd version 0.5.0 and later ship signed with my own keys, and I provide the public version of this key with the rEFInd package. This can help simplify setup, since you needn't generate your own keys to get rEFInd working. The rEFInd PPA for Ubuntu ships unsigned binaries, but the installation script that runs automatically when the package is installed signs the binaries with a local key as it installs them. In either case, if you lack public keys for the boot loaders that rEFInd launches, you'll need to sign your boot loaders, as described in the Managing Your MOKs section. Public keys matching most signed binaries are available, though,

rEFInd-zh_cn/README.md at main nixevol/rEFInd

Signals to find the most relevant ones, focusing on timeless pieces.Our community of active users gets the most relevant links every day, tailored to their interests. They provide feedback via implicit and explicit signals: open, read, listen, share, mark as read, read later, «More/less like this», etc.Our algorithm uses these internal signals to refine the selection.In addition, we have expert curators who manually curate niche topics.The result: lists of the best and most useful articles on hundreds of topics.How does Refind detect «timeless» pieces?We focus on pieces with long shelf-lives—not news. We determine «timelessness» via a number of metrics, for example, the consumption pattern of links over time.How many sources does Refind monitor?We monitor 10k+ content sources on hundreds of topics—publications, blogs, news sites, newsletters, Substack, Medium, Twitter, etc.Can I submit a link?Indirectly, by using Refind and saving links from outside (e.g., via our extensions).How can I report a problem?When you’re logged-in, you can flag any link via the «More» (...) menu. You can also report problems via email to hello@refind.comWho uses Refind?500k+ smart people start their day with Refind. To learn something new. To get inspired. To move forward. Our apps have a 4.9/5 rating.Is Refind free?Yes, it’s free!How can I sign up?Head over to our homepage and sign up by email or with your Twitter or Google account.The Guardian Appears In. Create a directory called REFIND in the EFI volume at /EFI/REFIND; Copy the right files. All paths are from the root of the rEFInd directory that you downloaded and all the files go into the directory you just created. refind/drivers_x64/ refind/icons/ refind/refind_x64.efi; refind/tools_x64/

The rEFInd Boot Manager: The Future of rEFInd - rodsbooks.com

By Roderick W. Smith, rodsmith@rodsbooks.comOriginally written: November 13, 2012; last Web page update:April 6, 2024, referencing rEFInd 0.14.2This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!Donate $1.00Donate $2.50Donate $5.00Donate $10.00Donate $20.00Donate another valueThis page is part of the documentation for the rEFInd boot manager. If a Web search has brought you here, you may want to start at the main page.ContentsBasic IssuesUsing rEFInd with Shim Installing Shim and rEFInd Managing Your MOKs Using rEFInd with PreLoaderPerforming Secure Boot MaintenanceSecure Boot CaveatsIf you're using a computer that supports Secure Boot, you may run into extra complications. This feature is intended to make it difficult for malware to insert itself early into the computer's boot process. Unfortunately, it also complicates multi-boot configurations such as those that rEFInd is intended to manage. This page describes some Secure Boot basics and two specific ways of using rEFInd with Secure Boot: Using the Shim program and using the PreLoader program. (My separate EFI Boot Loaders for Linux page on Secure Boot covers the additional topics of disabling Secure Boot and adding keys to the firmware's own set of keys.) This page concludes with a look at known bugs and limitations in rEFInd's Secure Boot features.As of version 10.11 ("El Capitan"), macOS uses its own new securityfeature, System Integrity Protection (SIP), which creates its own setof hoops through which rEFInd users must jump. See the rEFInd and System Integrity Protection page for details.Macs that include the T2security chip (introduced in 2018) support a feature that Apple callsSecure Boot, but it's unclear to me if this is the same as UEFI Secure Boot.See Apple's Secure Bootdocumentation for details. If it is the same, then this page shouldapply to the latest Macs, although you'll need to adjust Secure Boot throughApple's Startup Security Utility rather than through a PC-style firmwaresetup utility outside of the OS.Basic IssuesMicrosoft requires that non-server computers that display Windows 8 or later logos ship with Secure Boot enabled. As a practical matter, this also means that such computers ship with Microsoft's keys in their firmware. In the absence of an industry-standard body to manage the signing of Secure Boot keys, this means that Microsoft's key is the only one that's more-or-less guaranteed to be installed on the computer, thus blocking the ability to boot any OS that lacks a boot path through Microsoft's signing key. In other words, although it's not specified this way in the UEFI specification, Microsoft is effectively the Secure Boot