Can RefindPlus Work with Secure Boot? #190
Replies: 6 comments 6 replies
-
|
I don't use this myself but seems you basically treat it like an upstream file that needs to be self-signed. You should be able to get it going by following the guidance here: https://www.rodsbooks.com/refind/secureboot.html#mok. EDIT
The preloader option on the upstream doc page might work without sbat. Don't really know as haven't really looked into this subject. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! After rebooting and enrolling my key through MOK, ReFindPlus boot with secure boot option enabled. |
Beta Was this translation helpful? Give feedback.
-
|
Great. What was the content of the CSV file? |
Beta Was this translation helpful? Give feedback.
-
|
DA-EDIT: RefindPlus v0.14.2.AD already contains SBAT section and just needs to be signed. Script to Install Signed RefindPlus on Debian via rEFInd Installersudo apt install wget unzip sbsigntool -y
mkdir -p refindplus && cd ./refindplus
wget https://sourceforge.net/projects/refind/files/0.14.2/refind_0.14.2-1_amd64.deb/download -O refind_0.14.2-1_amd64.deb
sudo dpkg -i refind_0.14.2-1_amd64.deb
wget https://github.com/dakanji/RefindPlus/releases/download/v0.14.2.AD/x64-RefindPlus_001402-AD.zip
unzip x64-RefindPlus_001402-AD.zip
sudo mv -f ./x64-RefindPlus_001402-AD/x64_RefindPlus_REL.efi /usr/share/refind-0.14.2/refind/refind_x64.efi
sudo mv -f ./x64-RefindPlus_001402-AD/OtherBinaries/Drivers/* /usr/share/refind-0.14.2/refind/drivers_x64
sudo /usr/share/refind-0.14.2/refind-install --shim /boot/efi/EFI/debian/shimx64.efi --localkeys
sudo chown root: ./x64-RefindPlus_001402-AD/config.conf && sudo mv ./x64-RefindPlus_001402-AD/config.conf /boot/efi/EFI/refind/
sudo rm /boot/efi/EFI/refind/shimx64.efi~ && sudo rm /boot/efi/EFI/refind/mmx64.efi~ && sudo rm -rf /boot/efi/EFI/refind/icons-backupThen reboot and enroll key from EFI/refind/keys/refind_local.cer if asked Proof
|
Beta Was this translation helpful? Give feedback.
-
|
Nice. Thanks. You might want to consider changing this ...
to this ...
SBAT Metadata for RefindPlus:
|
Beta Was this translation helpful? Give feedback.
-
|
Are you mean to add one more line? Total 3 lines in csv like this sudo echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md">refind_x64.csv
sudo echo "refind,1,Roderick W. Smith,refind,0.14.1,https://www.rodsbooks.com/refind">>refind_x64.csv
sudo echo "refind.plus,1,Dayo Akanji,RefindPlus,1.0,https://github.com/dakanji/RefindPlus">>refind_x64.csv |
Beta Was this translation helpful? Give feedback.
-
|
Yes. Based on this from Upstream: https://raw.githubusercontent.com/dakanji/rEFInd/master/refind-sbat-local.csv. |
Beta Was this translation helpful? Give feedback.
-
|
Done. I have edited my comment with the code. |
Beta Was this translation helpful? Give feedback.
-
|
Excellent. As you are on a roll, Can you try leveraging this python script, confirmed to work on OpenCore Project without issue, instead: The calling command is apparently: |
Beta Was this translation helpful? Give feedback.
-
|
Confirm, it is work. Again edited my comment with the code. |
Beta Was this translation helpful? Give feedback.
-
|
Nice. Thanks. |
Beta Was this translation helpful? Give feedback.
-
|
@chevcheli0s ... RefindPlus now includes SBAT section as from v0.14.2.AD. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi!
Is there any way to boot with Secure Boot enabled?
I tried to install RefindPlus with refind-install from original refind.
Also tried to add hash /boot/efi/EFI/refind/grub64.efi from MOK.
Always receive error "Verification failed: (0x1A) Security Violation"
With original refind all work fine.
Beta Was this translation helpful? Give feedback.
All reactions