From cc453ffb73a1d593f87ce5169180e8aff3b8f430 Mon Sep 17 00:00:00 2001 From: dakanji Date: Tue, 4 Jun 2024 08:18:31 +0300 Subject: [PATCH] Update for v0.14.1.AA Release --- .github/ISSUE_TEMPLATE/bug_report.yml | 2 +- NEWS.txt | 2 +- README-Dev.md | 4 +- README.md | 101 ++++++----- config.conf-sample | 248 ++++++++++++++++---------- include/version.h | 2 +- 6 files changed, 218 insertions(+), 141 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index ff7512b3..ad1f6179 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -12,7 +12,7 @@ body: label: RefindPlus Version description: Which version of RefindPlus is affected? options: - - 'v0.14.0.AC Release' + - 'v0.14.1.AA Release' - 'Older Released Version' - 'Pre-Release Code Build' validations: diff --git a/NEWS.txt b/NEWS.txt index 67121277..eb0a6c25 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,4 +1,4 @@ -0.14.1.AA (PRE-RELEASE): +0.14.1.AA (04 Jun 2024): ----------------------- - Synced with Upstream v0.14.1 - Adds `SyncTrust` Feature diff --git a/README-Dev.md b/README-Dev.md index b5a4c40b..4307f611 100644 --- a/README-Dev.md +++ b/README-Dev.md @@ -1,7 +1,7 @@ -#
The RefindPlus Boot Manager
-
+# The RefindPlus Boot Manager + [![Release Version](https://img.shields.io/github/v/release/dakanji/RefindPlus?style=for-the-badge)](https://github.com/dakanji/RefindPlus/releases)[![Release Date](https://img.shields.io/github/release-date/dakanji/RefindPlus.svg?display_date=published_at&style=for-the-badge&color=informational&label=)](https://github.com/dakanji/RefindPlus/releases) [![Coverity Scan](https://img.shields.io/coverity/scan/22695?style=for-the-badge)](https://scan.coverity.com/projects/22695)   [![Codacy Grade](https://img.shields.io/codacy/grade/d2955171e96246579279c1a28c4b11cf?style=for-the-badge&label=Codacy)](https://app.codacy.com/gh/dakanji/RefindPlus/dashboard) diff --git a/README.md b/README.md index 2becc514..f3b901f7 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,15 @@ -[![Latest Release](https://img.shields.io/github/release/dakanji/RefindPlus.svg?flat=1&label=current)](https://github.com/dakanji/RefindPlus/releases) [![Release date](https://img.shields.io/github/release-date/dakanji/RefindPlus.svg?flat=1&color=informational&label=when)](https://github.com/dakanji/RefindPlus/releases) [![Scan Status](https://scan.coverity.com/projects/22695/badge.svg?flat=1)](https://scan.coverity.com/projects/22695) +
+ +# The RefindPlus Boot Manager + +[![Release Version](https://img.shields.io/github/v/release/dakanji/RefindPlus?style=for-the-badge)](https://github.com/dakanji/RefindPlus/releases)[![Release Date](https://img.shields.io/github/release-date/dakanji/RefindPlus.svg?display_date=published_at&style=for-the-badge&color=informational&label=)](https://github.com/dakanji/RefindPlus/releases) + +[![Coverity Scan](https://img.shields.io/coverity/scan/22695?style=for-the-badge)](https://scan.coverity.com/projects/22695)   [![Codacy Grade](https://img.shields.io/codacy/grade/d2955171e96246579279c1a28c4b11cf?style=for-the-badge&label=Codacy)](https://app.codacy.com/gh/dakanji/RefindPlus/dashboard) + +
-# RefindPlus ## Overview -RefindPlus is a boot manager for Mac and PC. -It is a fork of [rEFInd](https://www.rodsbooks.com/refind) that incorporates several fixes and additional features. +RefindPlus is a boot manager for Mac and PC that builds on the venerable [rEFInd Boot Manager](https://www.rodsbooks.com/refind) with enhancements and fixes. The main development focus is on the following units: - **MacPro3,1**: Early 2008 Mac Pro @@ -12,38 +18,40 @@ The main development focus is on the following units: - **Xserve2,1**: Early 2008 Xserve - **Xserve3,1**: Early 2009 Xserve -However, the enhancements and fixes provided by RefindPlus are not limited in scope to those units and include several other Apple Mac as well as multiple UEFI-PC related items that may be of interest to anyone requiring a capable and flexible boot manager. +The scope of the enhancements and fixes provided by RefindPlus are not limited to those units however, and include several other Apple Mac as well as multiple UEFI-PC related items that may be of interest to anyone requiring a capable and flexible boot manager on Mac and PC. + +RefindPlus offers these enhancements and fixes while maintaining the core functionality within rEFInd along with full forward configuration compatibility from rEFInd. It is particularly useful for users with additional configuration needs as well as those that require advanced or non-standard options for running operating systems and uEFI utilities on Mac and PC. ## Headline Features - Maintains feature and configuration parity with the base upstream version. -- Protects against damage to Mac nvRAM when booting UEFI Windows. +- Provides protection against damage to Mac nvRAM when booting UEFI Windows. +- Provides option to avoid boot failures and associated freezes on T2/TPM chipped units. - Provides Pre-Boot Configuration Screen on units running GPUs without native EFI on Macs. -- Provides UGADraw on modern GOP based GPUs to permit booting legacy EFI Boot operating systems. -- Provides improved support for languages that use unicode text. -- Emulates UEFI 2.x on EFI 1.x units to permit running UEFI 2.x utilities on such units. - Extensive memory management improvements with associated speed and stability gains. +- Emulates UEFI 2.x on EFI 1.x units to permit running UEFI 2.x utilities on such units. +- Provides improved support for languages that use unicode text. - Adds a debug (DBG) binary that provides extensive logging. - * The release (REL) binary is an optimised build for day to day use. -- Fixes upstream inability to print to screen on some Macs. - * This prevented receiving program messages as well as leveraging advanced features such as uEFI shell. -- Provides NVMe capability, if required, via an inbuilt NvmExpress driver. - * Removes the need to add NVMe drivers on units without NVMe support. - * Basically allows working as if NVMe is natively supported by the firmware. - - Removes the need for a risky `firmware flash` operation on units such as the MacPro3,1. -- Provides APFS filesystem capability, if required, via an inbuilt APFS JumpStart driver. - * Removes the need to add APFS drivers to run recent macOS releases on units without APFS support. - * Additionally, this ensures that matching APFS drivers for specific macOS releases are used. - * Basically allows working as if APFS is natively supported by the firmware. - - Removes the need for a risky `firmware flash` operation on units such as the MacPro3,1. + - The release (REL) binary is an optimised build for day to day use. +- Fixes inability to print to screen on some Macs. + - This prevented receiving program messages or using utilities such as uEFI shell. +- Provides NVMe capability, if required, via an inbuilt `NvmExpress` driver. + - Removes the need to load external drivers on units without native NVMe support. + - Basically allows working as if NVMe is natively supported by the firmware. + - Removes the need for a risky `firmware flash` on units such as the MacPro3,1. +- Provides APFS filesystem capability, if required, via an inbuilt `APFS JumpStart` driver. + - Removes the need to load external drivers on units without native APFS support. + - Additionally ensures matching APFS drivers for specific macOS versions are used. + - Basically allows working as if APFS is natively supported by the firmware. + - Removes the need for a risky `firmware flash` on units such as the MacPro3,1. - Fully supports APFS filesystem requirements. - * This allows booting macOS 11.x (Big Sur) or later from single named volumes on the main screen. + - This allows booting recent macOS versions from single named volumes. - As opposed to generic and difficult to distinguish `PreBoot` volumes. - - Avoids potentially compromising system integrity by otherwise requiring SIP to be disabled. - * This also allows booting FileVault encrypted volumes from single named volumes on the main screen. + - Avoids compromising system integrity by otherwise requiring SIP to be disabled. + - This also allows booting `FileVault` encrypted volumes from single named volumes. - As opposed to generic and difficult to distinguish `PreBoot` volumes. ## Installation -[MyBootMgr](https://www.dakanji.com/creations/index.html) is recommended to automate installing RefindPlus on macOS. Alternatively, as the RefindPlus efi file can function as a drop-in replacement for the upstream efi file, the [rEFInd package](https://www.rodsbooks.com/refind/installing.html) can be installed first and its efi file replaced with the RefindPlus efi file. (Ensure the RefindPlus efi file is renamed to match). This manual process allows installing RefindPlus on other operating systems supported upstream. On macOS, MyBootMgr can optionally be used to set a RefindPlus|OpenCore chain-loading arrangement up on MacPro3,1 to MacPro5,1 as well as on Xserve2,1 and Xserve3,1. +[MyBootMgr](https://www.dakanji.com/creations/index.html) is recommended to automate installing RefindPlus on macOS. Alternatively, as the RefindPlus efi file can function as a drop-in replacement for the upstream efi file, the [rEFInd package](https://www.rodsbooks.com/refind/installing.html) can be installed first and its efi file replaced with the RefindPlus efi file. (Ensure the RefindPlus efi file is renamed to match). This manual process allows installing RefindPlus on other operating systems supported upstream. On macOS, MyBootMgr can optionally be used to set a RefindPlus|OpenCore chain-loading arrangement up for MacPro3,1 to MacPro5,1 as well as on Xserve2,1 and Xserve3,1. Users may also want to replace upstream filesystem drivers with those packaged with RefindPlus as these are always either exactly the same as upstream versions or have had fixes applied. @@ -62,13 +70,15 @@ csr_dynamic |Actively enables or disables the SIP Policy on Macs csr_normalise |Removes the `APPLE_INTERNAL` bit, when present, to permit OTA updates decline_help_icon |Disables feature that may improve loading speed by preferring generic icons decline_help_scan |Disables feature that skips showing misc typically unwanted loaders +decline_help_size |Disables feature that sets additional UI scaling for very high DPI screens decline_help_text |Disables complementary text colours if not required decouple_key_f10 |Unmaps the `F10` key from native screenshots (the `\` key remains mapped) -disable_amfi |Disables AMFI Checks on macOS if required disable_apfs_load |Disables inbuilt provision of APFS filesystem capability disable_apfs_sync |Disables feature allowing direct APFS/FileVault boot (Without "PreBoot") -disable_compat_check |Disables Mac version compatibility checks if required +disable_check_amfi |Disables AMFI Checks on macOS if required +disable_check_compat |Disables Mac version compatibility checks if required disable_pass_gop_thru |Disables feature that provides GOP instance on UGA for some loading screens +disable_legacy_sync |Disables detailed indentification of Mac Legacy BIOS Boot capability disable_nvram_paniclog|Disables logging macOS kernel panics to nvRAM disable_nvram_protect |Disables blocking of potentially harmful write attempts to Legacy Mac nvRAM disable_reload_gop |Disables reinstallation of UEFI 2.x GOP drivers on EFI 1.x units @@ -98,44 +108,49 @@ set_boot_args |Allows setting arbitrary macOS boot arguments supply_nvme |Enables an inbuilt NvmExpress driver supply_uefi |Enables feature that emulates UEFI 2.x support on EFI 1.x units sync_nvram |Resets nvRAM settings, such as BlueTooth, on some boot types if required -transient_boot |Disables selection of the last booted loader if not required +sync_trust |Works around some `Boot Chain of Trust` problems on T2/TPM chipped units +transient_boot |Disables feature that highlights the last booted loader by default unicode_collation |Provides fine tuned support for languages that use unicode text ## Modified Functionality In addition to the new functionality listed above, the following upstream tokens have been modified: -- **"use_graphics_for" Token:** OpenCore and Clover added as options that can be set to boot in graphics mode. -- **"showtools" Token:** Additional tool added: +- **"timeout":** The default is no timeout unless explicitly set. +- **"use_nvram":** RefindPlus variables are written to the file system, not the motherboard's nvRAM chip, unless explicitly set to do so by activating this configuration token. +- **"use_graphics_for":** Additional options added: + - `none` option to disable graphics mode loading for everything. + - `everything` option to enable graphics mode loading for everything. + - `OpenCore` and `Clover` can be specifically set to load in graphics mode. +- **"showtools":** Additional tool added: - `clean_nvram` : Allows resetting nvram directly from RefindPlus. - - When run on Mac Firmware, RefindPlus will additionally trigger nvRAM garbage collection -- **"csr_values" Token:** A value of `0` can be set as the `Enabled` value to ensure `Over The Air` (OTA) updates when running macOS 11.x (Big Sur), or later, with SIP enabled. + - When run on Apple firmware, RefindPlus will additionally trigger nvRAM garbage collection +- **"csr_values":** A value of `0` can be set as the `Enabled` value to ensure `Over The Air` (OTA) updates when running macOS 11.x (Big Sur), or later, with SIP enabled. - This is equivalent to activating the `csr_normalise` token. -- **"timeout" Token:** The default is no timeout unless explicitly set. -- **"screensaver" Token:** The RefindPlus screensaver cycles through a set of colours as opposed to a single grey colour. -- **"use_nvram" Token:** RefindPlus variables are written to the file system and not the motherboard's nvRAM unless explicitly set to do so by activating this configuration token. -- **"log_level" Token:** Controls the native log format and an implementation of the upstream format. - * Only active on `DEBUG` and `NOOPT` builds while `RELEASE` builds remain optimised for day-to-day use. - * Level 0 does not switch logging off but activates the native summary format. - * Levels 1 and 2 output logs similar to the detailed upstream format. +- **"log_level":** Controls the native log format and an implementation of the upstream format. + - Only active on `DEBUG` and `NOOPT` builds while `RELEASE` builds remain optimised for day-to-day use. + - Level 0 does not switch logging off but activates the native summary format. + - Levels 1 and 2 output logs similar to the detailed upstream format. - Level 1 is broadly equivalent to upstream Level 4 (upstream Levels 1 to 3 were dispensed with) - Level 2 is only exposed on `NOOPT` builds and outputs logs at a very detailed level - * Create `NOOPT` builds by passing `ALL` as a second parameter to the RefindPlus build script - * The first parameter is the build branch, which also needs to be specified in such instances + - Create `NOOPT` builds by passing `ALL` as a second parameter to the RefindPlus build script + - The first parameter is the build branch, which also needs to be specified in such instances - When Level 2 is not exposed, selected levels above `1` will be capped at Level 1 - When exposed, selected levels above `2` will be capped at Level 2 -- **"resolution" Token:** The `max` setting is redundant in RefindPlus which always defaults to the maximum available resolution whenever the resolution is not set or is otherwise not available. +- **"resolution":** The `max` setting is redundant in RefindPlus which always defaults to the maximum available resolution whenever the resolution is not set or is otherwise not available. +- **"screensaver":** The screensaver cycles through a set of colours as opposed to a single grey colour. ## Divergence Significant visible implementation differences vis-a-vis the upstream base are: - **GZipped Loaders:** RefindPlus only provides stub support for handling GZipped loaders as this is largely only relevant for units on the ARM architecture. This stub support is only used for debug logging in RefindPlus and can be activated using the same `support_gzipped_loaders` configuration token as upstream. - **Screenshots:** These are saved in the PNG format with a significantly smaller file size. Additionally, the file naming is slightly different and the files are always saved to the same ESP as the RefindPlus efi file. - **UI Flags:** RefindPlus requires that any desired previously set `hideui` configuration token options are explicitly defined in supplementary/theme configuration files; as whenever the token is found in such files, the token setting is reset by RefindPlus to the specified option(s). This is consistent with how other configuration tokens in such files are handled. The upstream implementation effectively adds new settings to any previously existing ones for this configuration token instead. -- **UI Scaling:** WQHD monitors are correctly determined not to be HiDPI monitors and UI elements are not scaled up on such monitors when the RefindPlus-specific `scale_ui` configuration token is set to automatically detect the screen resolution. RefindPlus also takes vertically orientated screens into account and additionally scales UI elements down when low resolution screens (less than 1025px on the longest edge) are detected. +- **UI Scaling:** WQHD monitors are correctly determined not to be HiDPI monitors and UI elements are not scaled up on such monitors when the RefindPlus-specific `scale_ui` configuration token is set to automatically detect the screen resolution. RefindPlus also takes vertically orientated screens into account and additionally scales UI elements down when low resolution screens (less than 1025px on the longest edge) are detected. Additionally, UI elements on extremely high resultion screens (greater than 5999px on the longest edge) receive a `4X scaling` as opposed to the `2X scaling` applied for standard HiDPI screens. - **Loader Icons:** RefindPlus defaults to preferring generic icons for loaders ahead of the slower to load custom icons where possible. The upstream icon search implementation involves only loading such icons after a search for custom icons has not turned anything up. Users can activate the RefindPlus-specific `decline_help_icon` configuration token to use the upstream icon search implementation instead of the RefindPlus default. - **GOP Driver Provision:** RefindPlus attempts to ensure that UEFI 2.x GOP drivers are available on EFI 1.x units by attempting to reload such drivers when it detects an absence of GOP on such units to permit the use of modern GPUs on legacy units. Users that wish to disable this feature can activate the RefindPlus-specific `disable_reload_gop` configuration token to switch it off. - **Apple Framebuffer Provision:** RefindPlus defaults to always providing Apple framebuffers on Macs, when not available under certain circumstances. This is done using an inbuilt `SetAppleFB` feature. Users that wish to disable this feature can activate the RefindPlus-specific `disable_set_applefb` configuration token to switch it off. - **APFS Filesystem Provision:** RefindPlus defaults to always providing APFS Filesystem capability, when not available but is required, without a need to load an APFS driver. This is done using an inbuilt `SupplyAPFS` feature. Users that wish to disable this feature can activate the RefindPlus-specific `disable_apfs_load` configuration token to switch it off. - **APFS PreBoot Volumes:** RefindPlus always synchronises APFS System and PreBoot partitions transparently such that the Preboot partitions of APFS volumes are always used to boot APFS formatted macOS. Hence, a single option for booting macOS on APFS volumes is presented in RefindPlus to provide maximum APFS compatibility. Users that wish to disable this feature can activate the RefindPlus-specific `disable_apfs_sync` configuration token to switch it off. - **Mac nvRAM Protection:** RefindPlus always prevents UEFI Windows Secure Boot from saving certificates to Mac nvRAM as this can result in damage and an inability to boot. Blocking these certificates does not impact the operation of UEFI Windows on Macs. This filtering only happens when Mac firmware is detected and is not applied to other types of firmware. Users that wish to disable this feature can activate the RefindPlus-specific `disable_nvram_protect` configuration token to switch it off. +- **Mac Legacy BIOS Boot:** RefindPlus originally assumed all Macs were capable of legacy BIOS boot based on code that went in upstream back in 2012 when this was a reasonable default. However, some later Intel Macs do not support legacy BIOS boot and RefindPlus now attempts to categorise Macs to enable/disable legacy boot accordingly. Users can activate the RefindPlus-specific `disable_legacy_sync` configuration token to base legacy BIOS boot availability on the old assumption. - **Secondary Configuration Files:** While the upstream documentation prohibits including tertiary configuration files from secondary configuration files, there is no mechanism enforcing this prohibition. Hence, tertiary, quaternary, quinary, and more, configuration files can in fact be included. RefindPlus enforces a limitation to secondary configuration files. - **Disabled Manual Stanzas:** The processing of a user configured boot stanza is halted, and the `Entry` object immediately discarded, once a `Disabled` setting is encountered. The outcome is the same as upstream, which always continues to create and return a fully built object in such cases to be discarded later. The approach adopted in RefindPlus allows for an optimised loading process particularly when such `Disabled` tokens are placed immediately after the `menuentry` line (see examples near the bottom of the `config.conf-sample` file). This also applies to `submenuentry` items which can be enabled or disabled separately. - **Pointer Device Priority:** The upstream implementation of pointer device priority is based on how the `enable_mouse` and `enable_touch` pointer device control tokens appear in the configuration file(s) when both are active. The last pointer device control token read in the main configuration file and/or any supplementary/override configuration file will be used and the other disregarded. In RefindPlus however, `enable_touch` always takes priority when both tokens are active without regard to the order of appearance in the configuration file(s). This means that to use a mouse in RefindPlus, `enable_touch` must be disabled (default) in addition to enabling `enable_mouse`. diff --git a/config.conf-sample b/config.conf-sample index 8f2a64e5..00fe62e8 100644 --- a/config.conf-sample +++ b/config.conf-sample @@ -2,7 +2,7 @@ # Configuration file for the RefindPlus boot manager ##--------------------------------------------------------------## -## Section 1 of 3 ## +## Section 1 of 4 ## ## ADDITIONAL CONFIGURATION ITEMS ## ## New Functionality Provided by RefindPlus ## ##--------------------------------------------------------------## @@ -23,9 +23,9 @@ # is done when RefindPlus is loaded but users can manually toggle the set # values "ON" or "OFF" by using the "Rotate CSR" tool on the main menu. # The following options are available: -# 1 - Always Enable SIP (and SSV on macOS 11.x or later) +# 1 - Always Enable SIP/SSV # 0 - Take no Action -# -1 - Always Disable SIP (and SSV on macOS 11.x or later when configured in "csr_values") +# -1 - Always Disable SIP/SSV # # NOTES: # 1. This rotates the values defined under the 'csr_values' configuration token. @@ -73,6 +73,19 @@ # #decline_help_scan +# The "HelpSize" feature always adds additional UI scaling whenever screens +# with 'ExDPI' resolutions are detected for which the 2x scaling applied for +# the 'HiDPI' resolutions may not be sufficient. The 'ExDPI' resolutions are +# currently 6400 x 4000. Separately, the feature allows forcing non-standard +# or otherwise unsupported screen resolutions; which can help overcome issues +# where the RefindPlus screen is not displayed (Typically due to EDID issues). +# NB: The forced screen resolution feature typically requires an ultimate boot +# into operating systems that support the graphics setup for proper operation. +# +# The "HelpSize" feature is active when commented out +# +#decline_help_size + # The "HelpText" feature uses complementary colours (of the title banner) for text # to improve legibility. With custom banners however, the base colour is based on the # colour of first pixel in the pixel array (top left pixel). This may not always embody @@ -110,7 +123,20 @@ # # Inactive when commented out (Does not stop AMFI checks) # -#disable_amfi +#disable_check_amfi + +# Disable version compatibility checks when booting macOS. Macs check whether +# the current macOS version is supported on the machine when booting, and halt +# if not. When this option is active, RefindPlus will add "-no_compat_check" to +# the boot arguments to disable this check, which allows macOS boot on otherwise +# unsupported Macs. Note that when "persist_boot_args" is also set, this setting +# will create a macOS boot argument the first time it is triggered and that the +# boot argument will remain active until it is explicitly cleared, even if +# this setting is subsequently deactivated. +# +# Inactive when commented out (Does not stop macOS compatibility checks) +# +#disable_check_compat # Offer APFS filesystem capability. By default, RefindPlus is set up to jump start # macOS APFS filesystem drivers, apfs.efi, which are available in system folders of @@ -143,18 +169,14 @@ # #disable_apfs_sync -# Disable version compatibility checks when booting macOS. Macs check whether -# the current macOS version is supported on the machine when booting, and halt -# if not. When this option is active, RefindPlus will add "-no_compat_check" to -# the boot arguments to disable this check, which allows macOS boot on otherwise -# unsupported Macs. Note that when "persist_boot_args" is also set, this setting -# will create a macOS boot argument the first time it is triggered and that the -# boot argument will remain active until it is explicitly cleared, even if -# this setting is subsequently deactivated. +# RefindPlus previously assumed all Macs were capable of legacy BIOS boot. +# While this was accurate for some time, some later Macs are UEFI Class 3 +# devices that do not support legacy BIOS boot. The "LegacySync" feature +# attempts to categorise Intel Macs to allow/disallow legacy BIOS boot. # -# Inactive when commented out (Does not stop macOS compatibility checks) +# The "LegacySync" feature is active when commented out # -#disable_compat_check +#disable_legacy_sync # Disable kernel panic logging to the nvRAM. macOS may save kernel panic logs in # the nvRAM under certain conditions which can increase wear and tear on legacy @@ -174,7 +196,7 @@ # UEFI Windows Secure Boot (certificates) to the nvRAM on Legacy Macs as these may # result in an overrun that will damage the BootROM (also stored on the nvRAM) and # results in an inability to boot. This token is only activated on Apple firmware. -# NB: This feature is always disabled when RefindPlus is loaded via OpenCore. +# NB: Auto disabled whenever RefindPlus is loaded from OpenCore on Apple firmware. # # The "NvramProtect" feature is active when commented out # @@ -236,7 +258,7 @@ # should typically forward calls from the Console Out Handle GOP to the # others transparently. On such models, it only works in this way with # GPUs with system firmware support. This option replaces GOP on the -# Console Out Handle with one from a GPU Handle on such models when +# Console Out Handle with one from a GFX Handle on such models when # running capable GPUs that are not supported by system firmware. # NB: This functionality is only available on TianoCore builds. # @@ -356,8 +378,8 @@ # When this option is activate, the RefindPlus "NvramProtect" feature will be # extended, if set, to cover booting into macOS and "unknown" UEFI files. -# NB: This setting is only active, if set, on Apple firmware. -# This feature is always disabled when RefindPlus is loaded via OpenCore. +# NB: This feature is disabled when RefindPlus is loaded from OpenCore. +# This setting is only active, if set, on Apple firmware. # # Inactive when commented out (Does not extend NvramProtect) # @@ -389,8 +411,8 @@ # To minimise nvRAM wear and tear, RefindPlus # defaults to saving the outputs of these macOS # boot argument related settings to vRAM instead: -# - disable_amfi -# - disable_compat_check +# - disable_check_amfi +# - disable_check_compat # - disable_nvram_paniclog # - set_boot_args # This token can be activated in cases where writing @@ -442,10 +464,10 @@ # text output. On Macs and some other firmware, this is complicated by # the ConsoleControl protocol which determines whether to output text, # graphics, or both, and this often results in an inability to display -# text, or use tools needing text output (such as EFI Shell). A custom +# text or use tools needing text output (such as uEFI Shell). A custom # text renderer is added on top of GOP by this option as a workaround. # Note that this option is forced on whenever text output is required, -# such as when running EFI Shell or, whenever RefindPlus is changed to +# such as when running uEFI Shell or whenever RefindPlus is changed to # text mode as part of its operations (mainly to show error messages). # NB: This functionality is only available on TianoCore builds. # @@ -482,9 +504,9 @@ # Set arbitrary boot arguments on macOS boot. When this option is active, # RefindPlus will change the macOS boot arguments to the specified string. # This setting only applies to macOS and it accounts for arguments injected -# by the "disable_amfi" and "disable_compat_check" settings. Note that when -# "persist_boot_args" is also set, this setting will create a macOS boot -# argument the first time it is triggered and that the boot argument +# by the "disable_check_amfi" and "disable_check_compat" settings. Note that +# when "persist_boot_args" is also set, this setting will create a macOS +# boot argument the first time it is triggered and that the argument # will remain active until it is explicitly cleared, even if this # setting is subsequently deactivated. # @@ -519,9 +541,10 @@ # - bluetoothInternalControllerinfo # - bluetoothActiveControllerInfo # - bluetoothExternalDongleFailed +# - opencore-version (macOS boots ... including installers) # # This token accepts these options: -# 0 - Sync is not attempted (Default/Base Option:- Y) +# 0 - Sync is never attempted (Default/Base Option:- Y) # 1 - Sync when current boot not as previous boot (Confirm Before Sync:- N) # 2 - Sync when current boot not as previous boot (Confirm Before Sync:- Y) # 3 - Sync before every boot (Confirm Before Sync:- Y) @@ -532,11 +555,36 @@ # 2. Option '1' is as '4' when 'transient_boot' is active # 3. Option '2' is as '3' when 'transient_boot' is active # 4. Qualifying boots are macOS, OpenCore or Clover boots +# 5. opencore-version when *NOT* chainloaded via OpenCore # # Inactive when commented out (Does not sync nvRAM) # #sync_nvram 1 +# The boot 'Chain of Trust' may be broken on booting with 3rd-party tools but +# RefindPlus can trigger a native reboot into a selected boot target to avoid +# this issue. The 'SyncTrust' feature is useful on computers running enhanced +# boot security setups, particularly in conjunction with TPM/T2 Chipped units. +# +# macos - macOS loader +# linux - Linux loaders +# windows - Windows loader +# clover - The Clover boot-loader +# opencore - The OpenCore boot-loader +# similar - Any other uEFI loader +# verify - Always verify first +# every - All of the above +# none - None of the above (default) +# +# NOTES: +# 1. The 'every' option takes precedence over others apart from 'none' +# 2. The 'none' option takes precedence over every other setting +# 3. The 'DirectBoot' feature is disabled by this token +# +# Inactive when commented out or set to 'none' (Does not trigger native reboots) +# +#sync_trust macos verify + # RefindPlus defaults to storing the name of the last booted loader in # the "PreviousBoot" variable in the nvRAM under the RefindPlus GUID. This # provides a default option to be selected on the main screen when RefindPlus @@ -563,7 +611,7 @@ ##--------------------------------------------------------------## -## Section 2 of 3 ## +## Section 2 of 4 ## ## AMENDED CONFIGURATION ITEMS ## ## Existing Features Modified in RefindPlus ## ##--------------------------------------------------------------## @@ -610,6 +658,31 @@ # #csr_values 10,77 +# Enable mouse support. If active, this option enables the use +# of the computer's mouse. Note however, that not all computers +# provide the necessary underlying support, so this feature may +# not always work. If it does work, an OS or tool can be launched +# by clicking it with the computer's mouse. Note that this feature +# is mutually exclusive with the "enable_touch" feature and if both +# settings are active, the "enable_touch" token will take precedence. +# +# Inactive when commented out (Does not enable mouse support) +# +#enable_mouse + +# Enable touch screen support. If active, this option enables the use +# of touch screen controls (as on tablets). Note however, that not all +# tablet EFIs provide the necessary underlying support, so this feature +# may not always work. If it does work, an OS or tool can be launched by +# touching it. In a submenu, touching anywhere launches the current item +# selected. There is currently no way to select a specific submenu item. +# This option is mutually exclusive with the "enable_mouse" feature and +# the "enable_touch" option will take precedence when both are active. +# +# Inactive when commented out (Does not enable touch screen support) +# +#enable_touch + # Hide user interface elements for personal preference or for security: # banner - RefindPlus title banner (built-in or loaded via "banner") # label - Boot option text label in the menu @@ -627,12 +700,10 @@ # NOTES: # 1. The 'all' option takes precedence over others apart from 'none' # 2. The 'none' option takes precedence over every other setting -# 3. The options need to be set one at a time on single lines # # Inactive when commented out or set to 'none' (Does not hide UI elements) # -#hideui label -#hideui badges +#hideui label badges # Set the logging level. When set to "0", a log file in the native RefindPlus format # is produced in the RefindPlus home directory on the ESP, logging information about @@ -663,7 +734,28 @@ #resolution 1024 768 #resolution 1440 900 #resolution 3 -#resolution max + +# Which types of boot loaders to search, and in what order to display them: +# external - External EFI disk based boot loaders ... USB/eSATA etc. +# internal - Internal EFI disk based boot loaders ... HDD/SSD etc. +# optical - EFI optical discs ... CD/DVD etc. +# netboot - EFI network (IPXE) boot options +# biosexternal - BIOS external boot loaders +# hdbios - BIOS disk based boot loaders +# cdbios - BIOS optical disc boot loaders +# firmware - Boot EFI programs set in the firmware nvRAM +# manual - Use the stanzas lower in this configuration file +# +# NOTES: +# 1. The legacy BIOS options require firmware support. +# This support is not present on all computers. +# 2. The netboot option is experimental. +# It requires the "ipxe.efi" and "ipxe_discover.efi" files. +# +# On UEFI PC, the default setting is internal,external,optical,manual +# On Mac, the default is internal,hdbios,external,biosexternal,optical,cdbios,manual +# +#scanfor internal,external,optical,manual # Blank screen and show different solid colours after the specified # number of seconds without input. Screen is restored on keypresses @@ -676,7 +768,7 @@ # Non-bootloader tools to show on the "tools" line # of the main menu and their display order: -# shell - UEFI/EFI Shell. +# shell - uEFI Shell. # NB: Requires external program # See documentation for details # memtest - Memory Testing Utility. @@ -733,9 +825,9 @@ # disables automatic booting (i.e., no timeout). Setting "-1" results in # an immediate boot to the default OS (DirectBoot Feature) unless there # is a keypress already present in the buffer. In this case, the value -# is interpreted as a shortcut key. When the "ESC" or SpaceBar key is -# pressed instead, the DirectBoot Feature is overridden and the main -# menu screen is displayed as normal. If the shortcut key cannot be +# is interpreted as a shortcut key. When "ESC" / BackSpace / SpaceBar +# is pressed instead, the 'DirectBoot' feature is overridden and the +# main menu screen displayed as normal. If a shortcut key cannot be # matched to a valid shortcut, the main menu is displayed instead. # # Inactive when commented out (timeout is disabled) @@ -748,9 +840,11 @@ # a more seamless transition, but may not display any information, which # can make it difficult to debug problems. However, using graphics mode # may prevent crashes in some instances. Note that specifying an empty -# list will set RefindPlus up to boot all loader types in text mode. +# token will set RefindPlus up to boot all loader types in text mode. +# That is, 'use_graphics_for' alone works like setting 'everything'. # # Valid options: +# none - No loader # osx - macOS loader # windows - Windows loader # linux - Linux stub loader @@ -758,10 +852,15 @@ # elilo - The ELILO boot loader # clover - The Clover boot loader # opencore - The OpenCore boot loader +# everything - Graphics for every loader +# +# NOTES: +# 1. The 'everything' option takes precedence over others apart from 'none' +# 2. The 'none' option takes precedence over every other setting # # Defaults to 'osx' when commented out (Launches macOS in graphics mode) # -#use_graphics_for osx,linux +#use_graphics_for osx linux # While using the nvRAM works with most computers, this can increase wear # and tear on the motherboard's nvRAM. Under conditions where the nvRAM is @@ -782,7 +881,7 @@ ##--------------------------------------------------------------## -## Section 3 of 3 ## +## Section 3 of 4 ## ## STANDARD CONFIGURATION ITEMS ## ## Unchanged Functionality ## ##--------------------------------------------------------------## @@ -835,7 +934,7 @@ # - A "+" symbol at the start of the string, which refers to the most # recently booted loader (Unless overriden by 'transient_boot'). # - Any substring that matches to a portion of the loader's title -# (usually OS name, boot loader path, or volume/filesystem title). +# (usually name, boot loader path, or volume/filesystem title). # Multiple selectors may be specified by separating them with commas # and enclosing the list in quotes (The "+" option is only meaningful # in this context). If the selector(s) has two times in 24-hour format, @@ -856,7 +955,7 @@ #default_selection Maintenance 23:30 2:00 #default_selection "Maintenance,macOS" 1:00 2:30 -# Directories that should *NOT* be scanned for boot loaders. This option can be +# Directories that should *NOT* be scanned for boot loaders. This token can be # used to keep EFI/boot/bootx64.efi out of the menu if that is a duplicate of # another boot loader, to exclude directories holding drivers or to exclude # directories with non-bootloader utilities from a hardware manufacturer. @@ -874,7 +973,7 @@ # EFI\BOOT\tools_{arch}\memtest86,EFI\BOOT\tools_{arch}\memtest, # EFI\BOOT\tools_{arch}\memtest86p,EFI\BOOT\tools\memtest86,EFI\BOOT\tools\memtest, # EFI\BOOT\tools\memtest86p,EFI\BOOT\memtest86,EFI\BOOT\memtest,EFI\BOOT\memtest86p, -# EFI\memtest86,EFI\memtest,EFI\memtest86p" ("{arch}" is the architecture, such as "x64"). +# EFI\memtest86,EFI\memtest,EFI\memtest86p" ("{arch}" is architecture, such as "x64"). # # Uses default setting when commented out # @@ -910,7 +1009,7 @@ # of the boot option description, it will be excluded from the boot # list. Strings that includes spaces must be enclosed in quotes. # Specifying "shell" will override the automatic inclusion of -# built-in EFI shells. +# built-in uEFI shells. # # Has an empty list (nothing is excluded) when commented out # @@ -930,8 +1029,8 @@ # Partitions (or whole disks, for legacy-mode boots) to omit from scans. # For "EFI-mode" scans, volumes are typically specified by their labels, -# which can be obtained in an EFI shell with "vol" from Linux by typing -# "blkid /dev/{devicename}", or by examining the disk label in various +# which can be obtained from uEFI shell with "vol" from Linux by typing +# "blkid /dev/{devicename}", or, by examining the disk label in various # operating system file browsers. Partitions can also be identified by # the unique GUIDs ("PARTUUID" in Linux parlance). (Note that this is # not the partition TYPE CODE GUID). The identifier can be obtained @@ -959,31 +1058,6 @@ # #enable_and_lock_vmx -# Enable mouse support. If active, this option enables the use -# of the computer's mouse. Note however, that not all computers -# provide the necessary underlying support, so this feature may -# not always work. If it does work, an OS or tool can be launched -# by clicking it with the computer's mouse. Note that this feature -# is mutually exclusive with the "enable_touch" feature and if both -# settings are active, the "enable_touch" token will take precedence. -# -# Inactive when commented out (Does not enable mouse support) -# -#enable_mouse - -# Enable touch screen support. If active, this option enables the use -# of touch screen controls (as on tablets). Note however, that not all -# tablet EFIs provide the necessary underlying support, so this feature -# may not always work. If it does work, an OS or tool can be launched by -# touching it. In a submenu, touching anywhere launches the current item -# selected. There is currently no way to select a specific submenu item. -# This option is mutually exclusive with the "enable_mouse" feature and -# the "enable_touch" option will take precedence when both are active. -# -# Inactive when commented out (Does not enable touch screen support) -# -#enable_touch - # Comma-delimited list of strings to treat as if they were numbers for the # purpose of kernel version number detection. These strings are matched on a # first-found basis; that is, to treat both "linux-lts" and "linux" as version @@ -1107,26 +1181,6 @@ # #textonly -# Which types of boot loaders to search, and in what order to display them: -# internal - internal EFI disk-based boot loaders -# external - external EFI disk-based boot loaders -# optical - EFI optical discs (CD, DVD, etc.) -# netboot - EFI network (PXE) boot options -# hdbios - BIOS disk-based boot loaders -# biosexternal - BIOS external boot loaders (USB, eSATA, etc.) -# cd - BIOS optical-disc boot loaders -# manual - use stanzas later in this configuration file -# firmware - boot EFI programs set in the firmware's nvRAM -# Note that the legacy BIOS options require firmware support, which is -# not present on all computers. -# The netboot option is experimental and relies on the ipxe.efi and -# ipxe_discover.efi program files. -# -# On UEFI PC, the default setting is internal,external,optical,manual -# On Mac, the default is internal,hdbios,external,biosexternal,optical,cd,manual -# -#scanfor internal,external,optical,manual - # Scan for Linux kernels that lack a ".efi" filename extension. This # is useful for better integration with Linux distributions that provide # kernels with EFI stub loaders but that do not give those kernels filenames @@ -1247,6 +1301,14 @@ # #write_systemd_vars + +##--------------------------------------------------------------## +## Section 4 of 4 ## +## 'END OF FILE' SETTINGS ## +## (Function Modified) ## +##--------------------------------------------------------------## +# +# # Include a secondary configuration file within this one. This secondary # file is loaded as if its tokens appeared at the point of the "include" # option. So, to override a setting in the main file, the secondary file @@ -1292,9 +1354,9 @@ # quotes if more than one option should be passed or # if any options use characters that might be changed # by RefindPlus' parsing procedures (=, /, #, or tab). -# add_options - As "options" above but only applicable when under a -# "submenuentry" keyword. It adds the options to those -# set for the main "menuentry" keyword. +# add_options - As "options" above, but only applies when set under +# a "submenuentry" keyword. It adds options to +# those set under the "menuentry" keyword. # # Note that you can use either DOS/Windows/EFI-style backslashes (\) # or Unix-style forward slashes (/) as directory separators. Either @@ -1383,7 +1445,7 @@ menuentry "Windows 7" { loader \EFI\Microsoft\Boot\bootmgfw.efi } -# EFI shells are programs just like boot loaders, and can be +# As with boot loaders, uEFI shells are programs that can be # launched in the same way. A shell can be passed the name of # a script that it is to run on the "options" line. The script # could initialise hardware and then launch an OS, or it could diff --git a/include/version.h b/include/version.h index 618bca01..bcf3a731 100644 --- a/include/version.h +++ b/include/version.h @@ -16,4 +16,4 @@ * Modifications distributed under the preceding terms. */ -#define REFINDPLUS_VERSION L"0.14.1.AA (PRE-RELEASE)" +#define REFINDPLUS_VERSION L"0.14.1.AA"