Главная » Linux

Refind ��� mac os

Содержание
  1. Search
  2. Install the rEFInd boot manager on a computer running macOS
  3. Introduction
  4. Table of Contents
  5. Download rEFInd
  6. Disable System Integrity Protection
  7. Automatic rEFInd Installer
  8. Re-enable System Integrity Protection
  9. That’s it
  10. Manual installation
  11. Identify Your System
  12. Mount your EFI System Partition.
  13. Move the rEFInd files
  14. Remove Unnecessary rEFInd Files
  15. Rename rEFInd Config File
  16. Bless rEFInd
  17. Unmount the rEFInd directory
  18. Re-enable System Integrity Protection
  19. That’s it
  20. The rEFInd Boot Manager: rEFInd and System Integrity Protection
  21. Contents
  22. What Is SIP?
  23. Installing rEFInd with SIP Enabled
  24. Using Recovery Mode
  25. Disabling SIP
  26. Disabling SIP with Recovery HD
  27. Disabling SIP with rEFInd
  28. Using Another OS
  29. Using rEFInd to Manage SIP
  30. Conclusion

Install the rEFInd boot manager on a computer running macOS

Introduction

rEFInd is a boot manager which allows you to boot multiple operating systems from internal or external hard drives. rEFInd automatically detects EFI bootloaders and shows a graphical interface allowing the user to select which operating system they want to start.

These instructions will show you how to use the automatic rEFInd installer or to manually install rEFInd on a computer running macOS.

Table of Contents

Download rEFInd

Download the latest version of rEFInd from SourceForge.

Disable System Integrity Protection

System Integrity Protection (SIP) prevents certain folders from being modified even by the root user or by a user with root privileges. Mac OS 10.11 (El Capitan) and later have SIP turned on by default. SIP must be disabled in order to install rEFInd.

Check if System Integrity Protection is enabled:

If it returns System Integrity Protection status: enabled. , follow these steps to disable SIP before installing rEFInd:

  1. Restart your computer.
  2. While your computer is restarting hold down Command-R (⌘R). This will start your computer in Recovery mode.
  3. After your computer restarted, click on the Utilities menu and select Terminal.
  4. Enter csrutil disable .
  5. Restart your computer normally.

Automatic rEFInd Installer

  1. Uncompress the rEFInd zip file that you downloaded from SourceForge.
  2. Open Terminal and navigate into the uncompressed rEFInd folder.
  3. Then enter:

An automatic installer will install rEFInd into your EFI partition.

Re-enable System Integrity Protection

After you finish installing rEFInd, you should re-enable System Integrity Protection (SIP). The process of re-enabling SIP is almost identical to disabling it:

  1. Restart you computer.
  2. While it’s restarting hold down Command-R (⌘R). This will start it in Recovery mode.
  3. Click on the Utilities menu and select Terminal.
  4. Enter csrutil enable .
  5. Restart your computer normally.

That’s it

After restart, your computer will load the rEFInd boot manager automatically. You will see a screen like the one below. Use the left and right arrows to select an operating system.

Manual installation

These instructions will show you how to install rEFInd manually by copying specific files from the rEFInd zip file to a folder on your computer.

Identify Your System

First you need to identify if you have a 32-bit or 64-bit system.

Open Terminal and enter:

Terminal will return either EFI32 or EFI64 .

Mount your EFI System Partition.

The EFI System Partition (ESP) contains files that tell your computer which operating system to load while it is starting up.

To modify your computer’s ESP, create an empty folder and then mount the ESP to that folder.

Create a folder in Terminal: sudo mkdir Volumes/esp

Mount the ESP to that folder: sudo mount -t msdos /dev/disk0s1 Volumes/esp

Move the rEFInd files

Now move the files from the unzipped rEFInd folder to the ESP folder.

Create an empty folder in the ESP folder for the rEFInd files: sudo mkdir -p /Volumes/esp/efi/refind

In Terminal, navigate into the unzipped folder you downloaded from SourceForge and copy the rEFInd files to the new rEFInd folder you just created: sudo cp -r refind/* /Volumes/esp/efi/refind/

Remove Unnecessary rEFInd Files

There are several versions of rEFInd that were copied from the unzipped folder to the ESP folder, but you only need the one version that will work with your computer.

This step will show you how to remove the unnecessary versions of rEFInd from /Volumes/esp/efi/refind/ .

Apple computers don’t use an ARM CPU, so you can delete this file:

If you have a 64-bit computer, remove this file:

If you have a 32-bit computer, remove this file:

Rename rEFInd Config File

If this is your first installation of rEFInd, rename the refind.conf-sample file to refind.conf :

Bless rEFInd

The bless command makes a volume bootable. To bless this installation of rEFInd, enter:

Unmount the rEFInd directory

You can restart your computer now and it will automatically unmount the ESP and run rEFInd after it restarts. If you want to unmount the ESP folder before you restart your computer, enter the following command:

Re-enable System Integrity Protection

If you disabled System Integrity Protection (SIP), you should re-enable it after you’ve finished installing rEFInd. Re-enabling System Integrity Protection is almost identical to disabling it:

  1. Restart your computer.
  2. While it’s restarting hold down Command-R (⌘R). This will start your computer in Recovery mode.
  3. Click on the Utilities menu and select Terminal.
  4. Enter csrutil enable .
  5. Restart your computer normally.

That’s it

After restarting, your computer will load the rEFInd boot manager automatically. You will see a screen like the one below. Use the left and right arrows to select an operating system.

Ian Maddaus
Technical Writer

My primary interests are automating, processing, writing, and deploying software documentation.

Источник

The rEFInd Boot Manager:
rEFInd and System Integrity Protection

Originally written: 11/8/2015; last Web page update: 3/13/2021, referencing rEFInd 0.13.2

This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!

Donate $1.00 Donate $2.50 Donate $5.00 Donate $10.00 Donate $20.00 Donate another value

This page is part of the documentation for the rEFInd boot manager. If a Web search has brought you here, you may want to start at the main page.

Contents

Apple’s macOS 10.11 (aka El Capitan) added a new feature, known as System Integrity Protection (SIP), aka «rootless» mode. This feature causes some consternation for advanced users, because it restricts what you can do with your computer, even as root. This page is dedicated to this feature, including basic information on why SIP exists, how to install rEFInd on a computer with SIP enabled, and how to use rEFInd to manage SIP. Note that if you’ve come here for help installing rEFInd on a Mac with SIP enabled, you can click to one of the methods in the «Contents» box to the left of this paragraph. I recommend trying Recovery mode first; but if you have reason to try another method, you can do so.

Читайте также:  Драйвер для irda usb windows 10

What Is SIP?

To understand SIP, you should first know that Unix-like systems, including macOS, have traditionally provided a model of security in which ordinary users can read and write their own files (word processor documents, digital photos, etc.), but cannot write to system files (programs, system configuration files, etc.)—and users cannot even read some system files. This system security model has worked well for decades on traditional Unix systems, which have been administered by computer professionals and used by individuals with less experience. For administrative tasks, the root account is used. On Macs, this access is generally granted by the sudo command or by various GUI tools. Most Macs, in contrast to traditional Unix mainframes and minicomputers from the 20th century, are single-user computers that are administered by their users. Such people often lack the knowledge of the professional system administrators who have traditionally managed Unix systems; but they must still perform system administration tasks such as installing new software and configuring network settings. MacOS has always provided some measure of security by requiring users to enter their passwords before performing these dangerous tasks, and by providing GUI tools to help guide users through these tasks in a way that minimizes the risk of damage.

Apple has apparently decided that these safeguards are no longer sufficient, at least for certain tasks, such as writing files to certain system directories and installing boot loaders. I won’t try to speak for Apple or explain their motivations, but the result of Apple’s decisions is SIP. With SIP active, as is the default, macOS 10.11 and later limits your ability to perform some of these administrative tasks. You can still install and remove most third-party programs, configure your network, and so on; but some critical directories can no longer be written, even as root, and some utilities cannot be used in certain ways, even as root. These restrictions impact rEFInd because one of the affected tools, a command called bless, is required to tell the Mac to boot rEFInd rather than to boot macOS directly.

Installing rEFInd with SIP Enabled

The end result of SIP is that rEFInd cannot be installed under macOS 10.11 and later in the way described on the Installing rEFInd page—at least, not without first booting into Recovery mode, in which SIP restrictions are ignored; or disabling SIP (either temporarily or permanently). This page covers these two options in more detail, as well as a third: Using another OS to install rEFInd.

Using Recovery Mode

Unless you’ve deleted it, the Recovery HD partition should be present on your Mac as a way to perform emergency recovery operations. The nature of this tool means that SIP cannot be enabled when using it, so you can install rEFInd from a boot to this partition. The trouble is that this installation is not a full-fledged macOS system, so you may have trouble using it if you’re not comfortable with such a bare-bones environment. Nonetheless, it is a good way to install rEFInd on a Mac that runs macOS 10.11 or later. To do so, follow these steps:

  1. Download the rEFInd binary .zip file and unpack it. You can unpack it on your regular hard disk or on a USB flash drive. Pay attention to where it’s located, though; you’ll need to find it later. Pay attention to both the name of the volume and the complete path to the directory in which it’s stored. (Your home directory is normally /Users/ yourname, where yourname is your username. Your Desktop is normally /Users/ yourname/Desktop.
  2. Reboot the computer.
  3. At the startup chime, hold down the Command+R key combination. The computer should launch into the Recovery system. This is a very bare system, with only a window providing a way to launch a handful of utilities and a menu bar. You must use the latter.

Note: If you see no option to launch the Terminal, disabling FileVault may help. I’ve received some reports of the Terminal being missing from the Recovery boot, one of which indicates that FileVault is the cause.

  • Select Utilities -> Terminal from the menu bar. A Terminal window should open.
  • If you unpacked rEFInd on a USB flash drive, insert it and wait for its access light (if it has one) to stop blinking.
  • Increase the size of the Terminal a bit. (This just makes its output more legible, since the next step produces long lines.)
  • Type df -h in the Terminal. This produces a list of partitions that are mounted. Locate the one on which you unpacked the rEFInd files. It will normally be /Volumes/ Somename, where Somename is the volume’s name.
  • In the Terminal, use cd to change to the directory where the rEFInd files you unpacked earlier are stored. For instance, on my MacBook, I would type cd /Volumes/Macintosh\ HD/Users/rodsmith/Desktop/refind-0.11.5. Note that if any element of this path includes a space, you must either enclose the entire path in quotes or precede the space with a backslash (\), as in this example’s Macintosh\ HD volume name.
  • Type ls to verify that refind-install is present in this directory.
  • Type ./refind-install to run the installation script. It should run normally, as described on the Installing rEFInd page. You can add options, if you like, as described on that page. Alternatively, you can perform a manual installation, also as described on that page.
  • Reboot.

    • At this point, rEFInd should come up and enable you to boot into macOS and any other OS(es) that are already installed. You should not need to perform these steps again unless macOS re-installs its own boot loader or a subsequent OS installation overrides the default boot option. You can install an updated rEFInd from within your regular macOS system and it should install correctly, provided you’re installing it to the EFI System Partition (ESP). The refind-install script may complain about a failure, but because you’re overwriting one rEFInd binary with another one, it should continue to boot. (If you installed rEFInd to an HFS+ partition, though, replacing the original file will require using bless to tell the firmware about the change, so updating such an installation probably won’t work with SIP active.)

    Читайте также:  Linux different from windows

    Disabling SIP

    Another option is to disable SIP for your regular boot. This is a viable option if you’re an expert who needs regular access to tools with which SIP interferes, such as low-level disk utilities. Regular users should probably avoid this option unless the preceding procedure does not work—and in that case, you should disable SIP temporarily and then re-enable it when you’ve finished installing rEFInd. On this page, I describe two methods of disabling SIP: using macOS’s Recovery HD system and using rEFInd on CD-R or USB flash drive.

    Disabling SIP with Recovery HD

    You can use the Recovery HD, as in the previous procedure, to disable SIP. To do so, boot it and launch a Terminal window, as described in the previous section. Instead of locating and running the refind-install script, though, you should type:

    This command will disable SIP for all OSes that honor this setting. (In theory, multiple versions of macOS might be installed on a single computer, and all of them that support SIP should honor the SIP settings. To the best of my knowledge, no non-Apple OS honors SIP settings, although that could change.)

    Once you’ve typed this command, you can reboot the computer. When you return to your regular macOS installation, SIP should be disabled and rEFInd should install normally, as described on the Installing rEFInd page. You will also be able to use disk partitioning tools like my GPT fdisk, write to directories that are normally off-limits, and so on. Note that disabling SIP does not disable normal Unix-style protections—you’ll still need to use sudo (or enter your password in a GUI dialog box) to acquire root privileges to perform these system-administration tasks. You’ll be no less safe with SIP disabled under macOS 10.11 or later than you would be with macOS 10.10 or earlier; you simply won’t have its added protections against user error or malicious software.

    If you want to re-enable SIP, you can do so in exactly the way you disabled it, except that you should type csrutil enable rather than csrutil disable in the Recovery environment.

    Disabling SIP with rEFInd

    As described later on this page, rEFInd 0.10.0 and later provide SIP control features, but they’re disabled by default—except on the USB flash drive and CD-R images available from the rEFInd downloads page. On these images, the SIP control features are enabled, and can toggle between the two main modes you can set via csrutil enable and csrutil disable in the Recovery HD system. Thus, to disable SIP to install rEFInd, you can:

    1. Download the USB flash drive or CD-R version of rEFInd, as suitable for your computer.
    2. Prepare a boot medium. With the CD-R image, you can use your favorite disc-burning software. With the USB flash drive image, you can use dd to copy the image to a blank disk, as in dd if=refind-flashdrive-0.11.5.img of=/dev/disk3 to write the image to /dev/disk3. Any existing data on the target disk will be destroyed! For this reason, it’s imperative that you specify the correct target (of=) disk; if you accidentally point this command to your regular hard disk, recovery will be difficult! (Note that one of the points of SIP is to prevent such accidental damage; SIP blocks low-level writes to internal hard disks, but not to USB flash drives. I don’t advise testing that this works, though!)
    3. Reboot and hold down the Option (or Alt) key to see the Mac’s built-in boot manager.
    4. Select your external boot medium to boot to rEFInd.
    5. Use the SIP «shield» icon on the second row to toggle between SIP settings, as described in more detail in Using rEFInd to Manage SIP.

    Once you install rEFInd, you can leave SIP enabled, enable your newly-installed rEFInd’s SIP features and use them to disable SIP, or boot again from your external rEFInd to disable SIP.

    This procedure has the advantage of being a bit quicker than using the Recovery HD—at least, if you’ve already got rEFInd 0.10.0 or later on an external medium. It will also work if your Recovery HD installation is missing or broken. On the other hand, it’s probably easier to boot to the Recovery HD once or twice than to download and prepare a rEFInd boot medium. Also, some Macs are a little flaky when it comes to booting from external media, so you may have trouble booting in this way. Finally, if you don’t already have rEFInd on an external medium and if you don’t have an optical drive, writing a USB flash drive with dd carries a small risk of accidentally trashing your hard disk, particularly if you’re unfamiliar with disk devices and dd.

    Using Another OS

    A final option for installing rEFInd on a Mac that runs with SIP enabled is to do the installation using another OS. This other OS could be an OS that’s already installed or an emergency boot disk, such as an Ubuntu installation/recovery system.

    If you follow this path, you’ll need to know something about how to boot and use your non-Apple OS. The options are quite varied, so I can’t provide every detail; however, I do have a few tips:

    • If you’ve already installed another OS but can’t boot it because of an upgrade to macOS 10.11 or later, you can use rEFInd on CD-R or USB flash drive to boot to your other OS. You can download images for both media from the rEFInd downloads page. Prepare a boot medium, insert it in your computer, reboot, and hold down the Option (or Alt) key. The Mac’s built-in boot menu should appear, enabling you to boot rEFInd from the removable disk. It should then let you boot your already-installed OS, whereupon you can follow the regular rEFInd installation instructions for that OS.
    • It’s imperative that your rEFInd installation occur in an EFI-mode boot! Many Windows installations on Macs, in particular, are done in BIOS/CSM/legacy mode, and so cannot be used for installing rEFInd. rEFInd can boot most Linux installations in EFI mode (as above), but if a BIOS-mode GRUB is installed, you might accidentally boot it. See the What’s Your Boot Mode? page for information on how to determine your boot mode.
    • You can use many Linux distributions’ installers to run a minimal Linux system that you can use for installing rEFInd. This can be a useful trick even if you don’t intend to run Linux normally. An Ubuntu image can be useful for this. You should insert the boot medium and hold down Option (or Alt) while booting to launch the installer, but be sure to pick the option to «try Ubuntu before installing» (or a similar option for other Linux distributions). You may need to install the efibootmgr package to install rEFInd. (Typing sudo apt-get install efibootmgr should do this in Ubuntu.)
    • For purposes of this discussion, rEFInd 0.12.0 and later count as «another OS.» As described on the Installing rEFInd page (and in particular its Installing rEFInd from Within rEFInd section), rEFInd can install itself from an external boot medium. There are some caveats described in that section, though. Most importantly, rEFInd may take longer to appear than with other installation methods. If you intend to dual-boot macOS and Linux, you might start with this method and then re-install rEFInd (or use efibootmgr to create a fresh boot definition) within Linux; the boot entries created by efibootmgr don’t seem to cause this problem, in my experience.
    Читайте также:  Система windows не может установить этот пакет обновления

    I’ve installed rEFInd from Linux and/or rEFInd itself on a 2017 iMac 18,2; on a 2014 MacBook Air 6,2; and on my first-generation 32-bit Mac Mini. I can’t promise it will work on all Macs, though—or even on a Mac that’s identical to one of mine but with a configuration that’s different from mine. This installation method has worked well for me, and reports I’ve seen recently suggest it works fine for many others, too. On the other hand, in the past (mid-2010s and earlier), this method was less reliable. I assume that improvements to Linux kernels and efibootmgr have rendered this method more reliable, so I recommend using the latest Linux (or other OS) version you can find if you want to use this method.

    Using rEFInd to Manage SIP

    Once rEFInd is installed, you can use it to manage SIP features; however, the rEFInd features needed to do this are disabled by default. You must uncomment or add two lines to your refind.conf file:

    Note: Apple code samples and technical discussions are filled with the acronym «CSR.» A line in one Apple source code file suggests that this stands for Configurable Security Restrictions. As this acronym appears to be used in preference to «SIP» or «rootless» when referring to specific values, I used it in the refind.conf file’s token names.

    • showtools—This line specifies tools that appear on the second row of icons in rEFInd. The new tool for managing SIP is called csr_rotate, so you must uncomment showtools and add this option, or create a new showtools line.
    • csr_values—This line lists the hexadecimal values through which you can rotate once csr_rotate is active on the showtools line. The trick to this token is selecting appropriate options. Several sites, such as this one, describe the meanings of the various options, but often not in much detail. Initially, Apple’s own csrutil command sets values of 77 (disabled) or 10 (enabled); however, updates since the initial implementation have added more bits, as described in this Reddit thread, so now 877 (disabled) and 10 (enabled) are more common. Note also that you specify hexadecimal values on this line, but without a leading 0x or other hexadecimal-notation indicator. If you specify gibberish values, or hexadecimal values higher than those used by SIP, rEFInd ignores the bad entries. Thus, if some of your values are being ignored, you should check your csr_values line for typos.

    Note that both of these options must be set appropriately. If either of them is missing or misconfigured, rEFInd will not display the SIP tool. A typical configuration using these features might look like this:

    Once these options are set and you reboot into rEFInd, you should see a new shield icon on the second row, as shown at the right. When you select this tool, rEFInd identifies the next available CSR value from the list you specified and switches to that mode, rotating back to the start of the list once the end is reached. To confirm that the SIP mode has changed, rEFInd displays, for three seconds, a message identifying the new mode.

    Whether or not you’ve enabled these SIP features in refind.conf, rEFInd displays the current SIP status on its «About» page:

    Note the line that reads «System Integrity Protection is disabled (0x77)» (highlighted in this screen shot). This line will be updated whenever you use the CSR rotation tool, so if you’ve specified a large number of values and have forgotten where you are in your rotation, you can use the About screen to figure it out.

    If your Mac doesn’t yet run macOS 10.11, rEFInd claims that SIP is enabled in the «About» screen. If you set the showtools and csr_values options as described earlier, you can adjust the SIP settings on such a Mac, but this will have no effect because neither pre-10.11 version of macOS nor any other OS honors these settings. On UEFI-based PCs, rEFInd won’t display SIP status unless you store the csr-active-config NVRAM variable in some way. If you do, rEFInd will enable you to adjust it, but it won’t have any effect on the OSes most commonly found on UEFI-based PCs.

    I provide these features in rEFInd as a convenience for developers and other advanced users who have a need to adjust their SIP settings. Using rEFInd for this purpose is much faster than booting into the macOS Recovery system to make these adjustments. I discourage others from playing with these settings, since changing them inappropriately could cause problems; that’s why they’re not enabled in rEFInd by default.

    Conclusion

    Although the goal of increased security is a good one, SIP is causing problems for intermediate and advanced users. The good news is that the process to install rEFInd on a system that runs macOS 10.11 or later, although more complex than it used to be, is not an impossible one. Furthermore, once you’ve done it, you shouldn’t have to do it again for a while. (An update to macOS’s boot loader is entirely possible, though. If nothing else, the next major macOS update may require re-installing rEFInd.) For advanced users, rEFInd can adjust SIP settings, which can be helpful if you occasionally want to do something that require greater-than-typical privileges.

    copyright © 2015–2021 by Roderick W. Smith

    This document is licensed under the terms of the GNU Free Documentation License (FDL), version 1.3.

    Источник

    Оцените статью
    © 2024 Советы по настройке компьютера