Re: UEFI firmware and getting FreeBSD recognized by default: who to talk to?

From: Thomas Mueller <>
Date: Sun, 23 Jun 2019 01:16:12 +0000
from Karl Denninger:

> On 6/22/2019 14:05, Rebecca Cran wrote:
> > On 2019-06-22 12:59, Karl Denninger wrote:
> >> I use Refind for this sort of thing and it has (thus far!) survived
> >> upgrades.  The only "gotcha" is that I had a Windows 10 "Feature"
> >> upgrade that reset the default boot in the firmware to Windows; it
> >> didn't damage anything but did require that I go reset the UEFI default
> >> to boot the Refind EFI loader instead of the Windows one.

> > I do like that rEFInd knows about FreeBSD, and it's one of the "UEFI OS"
> > entries that remains. But I'd prefer it if a "FreeBSD" entry was
> > automatically created!
> It is.  

> All I had to do was put the EFI loader in a directory under the UEFI
> partition and Refind found it.  I didn't have to specifically tell it
> that it was there.

> The explicit "set" command (which I issued under Windows) is to tell the
> firmware what the default is; you do it once on original installation of
> Refind.  The Windows 10 feature update set it back to default to
> Windows, which was quite annoying but not really a big deal.  One  
> command, once, from the Windows command line (same as the one to set it
> in the first place) was all that was required.

> The danger with tampering with where Windows 10 puts its EFI loader
> (e.g. copying Refind there after moving it somewhere else) is that
> Bitlocker may throw up on you if you do that.  In fact you do have to do
> things in the right order or Bitlocker's default configuration (at least
> on a TPM equipped machine) will have a hissy fit -- you cannot change
> anything in the EFI partition after initializing Bitlocker, including
> the Refind configuration file (this most-specifically applies to the
> "wait for boot time"; I find the default obnoxiously long) so you have
> to make that edit and put the other stuff in the UEFI partition (e.g.
> FreeBSD's EFI loader and Refind) BEFORE turning Bitlocker on.
> I've been running this way since 12.x showed up since 12.x can boot a
> geli-encrypted system directly on my laptop.  Works nicely.

This is scary (Bitlocker), sent me to Wikipedia to look up Bitlocker.

Can you turn Bitlocker off after turning it on and get your system back?

Now I am even more scared to ever get a computer with MS-Windows!

One think on my mind is if I need a new motherboard, would it have the undesired Secure Boot?  I guess I'd have to ask the seller and look on the motherboard manufacturer's website (MSI, ASRock, Asus, Gigabyte, or other).

I have no Secure Boot now.

I am trying to set up UEFI to boot my FreeBSD and NetBSD installations, and later, Linux.

Received on Sat Jun 22 2019 - 23:19:23 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:21 UTC