Re: UEFI firmware and getting FreeBSD recognized by default: who to talk to?

From: Karl Denninger <>
Date: Sat, 22 Jun 2019 21:56:08 -0500
On 6/22/2019 20:16, Thomas Mueller wrote:
> from Karl Denninger:
>> On 6/22/2019 14:05, Rebecca Cran wrote:
>>> On 2019-06-22 12:59, Karl Denninger wrote:
>>>> I use Refind for this sort of thing and it has (thus far!) survived
>>>> upgrades.  The only "gotcha" is that I had a Windows 10 "Feature"
>>>> upgrade that reset the default boot in the firmware to Windows; it
>>>> didn't damage anything but did require that I go reset the UEFI default
>>>> to boot the Refind EFI loader instead of the Windows one.
>>> I do like that rEFInd knows about FreeBSD, and it's one of the "UEFI OS"
>>> entries that remains. But I'd prefer it if a "FreeBSD" entry was
>>> automatically created!
>> It is.  
>> All I had to do was put the EFI loader in a directory under the UEFI
>> partition and Refind found it.  I didn't have to specifically tell it
>> that it was there.
>> The explicit "set" command (which I issued under Windows) is to tell the
>> firmware what the default is; you do it once on original installation of
>> Refind.  The Windows 10 feature update set it back to default to
>> Windows, which was quite annoying but not really a big deal.  One  
>> command, once, from the Windows command line (same as the one to set it
>> in the first place) was all that was required.
>> The danger with tampering with where Windows 10 puts its EFI loader
>> (e.g. copying Refind there after moving it somewhere else) is that
>> Bitlocker may throw up on you if you do that.  In fact you do have to do
>> things in the right order or Bitlocker's default configuration (at least
>> on a TPM equipped machine) will have a hissy fit -- you cannot change
>> anything in the EFI partition after initializing Bitlocker, including
>> the Refind configuration file (this most-specifically applies to the
>> "wait for boot time"; I find the default obnoxiously long) so you have
>> to make that edit and put the other stuff in the UEFI partition (e.g.
>> FreeBSD's EFI loader and Refind) BEFORE turning Bitlocker on.
>> I've been running this way since 12.x showed up since 12.x can boot a
>> geli-encrypted system directly on my laptop.  Works nicely.
> This is scary (Bitlocker), sent me to Wikipedia to look up Bitlocker.
> Can you turn Bitlocker off after turning it on and get your system back?
You SHOULD (better have!) kept the recovery key.  If you have it, you
can boot with it.  Then turn it off and back on, and it will generate a
new key.
> Now I am even more scared to ever get a computer with MS-Windows!
> One think on my mind is if I need a new motherboard, would it have the undesired Secure Boot?  I guess I'd have to ask the seller and look on the motherboard manufacturer's website (MSI, ASRock, Asus, Gigabyte, or other).
> I have no Secure Boot now.
Probably.  But you can shut THAT off (and should) provided you wish to
dual boot.  The exception is ARM-based systems, many of which are
secure-boot ONLY.  For Intel machines I've never run into one that can't
have it turned off (and I'd return it immediately if I found one.)
> I am trying to set up UEFI to boot my FreeBSD and NetBSD installations, and later, Linux.
> Tom

Easy.  Refind should do that and allow selection from a menu.

Karl Denninger <>
/The Market Ticker/
/[S/MIME encrypted email preferred]/

Received on Sun Jun 23 2019 - 00:56:13 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:21 UTC