Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

OSX 10.7 (Lion) with WDE enabled ... ?

2012-04-18
2014-01-31
  • fws_seattle
    fws_seattle
    2012-04-18

    Rod-

    First, thanks for initiating this project. A number of us have been wondering what happened to rEFIt as it seems to have died on the vine some time ago.

    My company builds/manages several custom "live CD" distros that we try to (1) port to Mac, using (2) flash media rather than a painfully slow CD-Rom. We've had some success with rEFIt, but are encountering some issues that we currently have no workaround for.

    One of the big ones is, getting a boot-loader like this to work when the new FileVault Whole Disk Encryption available in OSX 10.7 (Lion), and presumably the new 10.8 Mountain Lion. There seems to be some discussion of this already here and again here (see post #11) but not sure if you have looked at this specific issue. Any thoughts would be appreciated.

    FWS_Seattle

     
    • I'm afraid that my own Mac is too old to run OS X 10.7 (it's a 32-bit model), so I have no way to experiment with this to figure out what's going on or how to work around the problem. The firmware itself obviously has a way around it, though, so if I knew what that was, I might be able to use the same technique. For instance, perhaps there's a new boot loader file on the ESP (maybe in an unusual location or with an unusual name?). If you could post or e-mail the complete contents of the ESP, that might at least be a start to diagnosing the problem. (Mounting the ESP and then typing "ls -R /mount/point", where "/mount/point" is where you mounted it, is what I'm after.)

       
      • jimpryor
        jimpryor
        2012-04-24

        There is a way to use rEFInd on a Lion with WDE enabled. Just put rEFInd into the efi partition and bless. Here is a good link on how to do it. http://0x2a.im/blog/2012/03/11/howto-install-refit-on-encrypted-lion/. It is for rEFIt but it works for rEFInd. Just make sure to install it on the efi partition on the encrypted drive, not any other internal drives. One caveat, in order to use the Recovery HD you need to edit the rEFInd config file. Edit "also_scan_dirs" and add "com.apple.recovery.boot" because pressing "command R" causes rEFInd to restart. Using rEFInd on the efi partition does add about 25 seconds to the boot time. If your using a hybrid MBR and you need to sync partition tables look here http://www.insanelymac.com/forum/index.php?showtopic=264528 and good luck.

         
        • masterer
          masterer
          2012-04-25

          Thanks for the helpful info jimpryor. I tried the steps, but could you possibly elaborate a little? I found the last link to not be very helpful, perhaps beyond my tech level. When I boot from rEFInd, after about 20 seconds it gives me a failure message, press any key. I press spacebar and my Windows partition is not visible. The only Mac partition that is visible APPEARS to be the Apple recovery partition, but when I click it it's actually my normal OS X partition. Then I followed your steps about changing the conf file, it showed a different recovery partition (so 2 items on the boot screen) and when I clicked that it loaded perpetually until I cut the power.

          Edit: the error I am receiving is:

          rEFInd - Initializing...

          Error: Unsupported while scanning the root directory

          • press any key *

          Any insight would be appreciated! Thanks.

           
          Last edit: masterer 2012-04-26
          • jimpryor
            jimpryor
            2012-04-27

            Glad to help. Lets cover a few things.
            In rEFInd 0.3.0 there is a bug that causes rEFInd to display an error message, "Unsupported while scanning the root directory" at startup, as you know. That is just a bug in rEFInd and has nothing to do with File Vault. Try using rEFInd 0.2.9 until it is fixed. You can help by submitting a bug report to the author.
            File Vault encrypted Lion boots from an boot.efi file located on the "Recovery HD" partition at /Recovery HD/System/Library/CoreServices/boot.efi. rEFInd looks for the Mac boot loader in a default place (YOUR DRIVE NAME/System/Library/CoreServices/boot.efi) which is the similar for encrypted/non-encrypted drives. Thats why rEFInd says "Boot YOUR_SYSTEM from Recovery HD". When you added the "com.apple.recovery.boot" to the "also_scan_dirs" line in the rEFInd config file, rEfInd will also find a boot.efi file (Recovery HD/com.apple.recovery.boot /boot.efi) which is for the actual recovery partition. The Mac system should show the Apple icon whereas the Recovery system should show the unknown_os icon. The Recovery boot.efi mounts a hidden "BaseSystem.dmg" that contains the whole Recovery system including Install Mac OS X Lion.app, Safari, and 8 utilities like Terminal and Disk Utility. Along with another system boot.efi file. It's a little confusing. A standard Mac install boots from the system partition and a File Vault system starts the boot process from the Recovery HD partition and then loads the main system partition like a regular Mac system.
            I'm not sure what is causing freeze while loading the recovery hd partition. I do get it to load on a non encrypted system but not on a File Vault system. I think the whole problem is that the Recovery boot.efi on a File Vault system is somehow different than the standard Recovery boot.efi and the standard Mac boot.efi and may need some special dependency files, maybe a kernalcache, plist file, and/or some system permission (keychain) to unlock it at load time. I'll look into it.
            As for syncing the partition tables did you enable File Vault before or after installing Windows? I enabled File Vault then used Boot Camp Assistant to install Windows and that worked after couple failed attempts. Try replacing the gptsync that came wit rEFInd with the one from here (http://www.insanelymac.com/forum/index.php?showtopic=264528) and post if that works for you. My partition table are already in sync so I don't know if works but it does load and say that that are in sync.
            On a separate system I used an Ubuntu live USB to sync the partition tables. I used UNetbootin (http://unetbootin.sourceforge.net/) to make the live USB. Restarted into Ubuntu (test/trial mode) and installed the most up to date version of gptsync (google for it). And that worked also. On a multi boot system Windows is the only that still uses a MBR, except for Windows 7 and 8 on a UEFI mother board, on a Mac it will still use MBR. Newer Linux Distros can boot from a efi stub loader.
            A Lot of info I know, but give it a try and please post the results. What Hardware are you using? Good luck.

             
  • Thanks for sharing that, jimpryor! Although I don't have OS X 10.7 or WDE on my older Mac Mini, I tried the procedure and it worked fine. (I surmise that there's something finicky about the order of the options to bless, since I'd tried those same options repeatedly, but in a different order, with no luck in the past.)

    FWIW, I suspect that the 25-second delay you mention is a result of the hybrid MBR and activating the BIOS compatibility mode. I've seen that on my own system when using this mode, but I do not see such a delay when booting my Mac from the ESP. OTOH, it could be a boot-from-ESP/WDE interaction that's causing the delay.

     
  • I've fixed the "Unsupported while scanning..." bug in 0.3.1 (I think -- I used an optical disc, not an encrypted volume, to re-create it).

    I'd appreciate clarification of some points, jimpryor. You say that with encryption in place, OS X uses "/Recovery HD/System/Library/CoreServices/boot.efi" to boot from the encrypted volume. If this is so, then rEFInd ought to detect that file and provide a boot option for it without any modifications. Later, you refer to "/Recovery HD/com.apple.recovery.boot/boot.efi". If I'm reading you correctly, then this boot loader launches a special recovery system, not the regular OS X installation, and you'll need to add "also_scan_dirs comp.apple.recovery.boot" to get rEFInd to detect it. Am I interpreting this correctly? If so, I can add "com.apple.recovery.boot" as a standard scan location, and perhaps give the boot.efi loader found there a special icon. Do you have thoughts on this possibility? Thanks.

     
    • jimpryor
      jimpryor
      2012-05-04

      Sorry for the slow reply time.
      Thanx for the bug fix also.

      The following assumes that "com.apple.recovery.boot" has been added to "also_scan_dirs" for boot.efi scanning on "Recovery HD" partitions.

      rEFInd does indeed detect and load the boot.efi for the FileVault system on the Recovery partition (Recovery HD/System/Library/CoreServices/boot.efi) which Mac OS Lion uses to boot a FileVault encrypted disk, no problem there. The problem I have come across is rEFInd will find and load the Recovery system boot.efi (Recovery HD/com.apple.recovery.boot/boot.efi) on a FileVault disk and the system will boot then get part way and fail. The grey Apple pops up and looks well until a few seconds later a grey "prohibited" symbol replaces the grey Apple. Must force a shutdown. I still feel that this has something to do with the "command+R" startup keyboard command and which boot.efi is blessed. The only way load the Recovery system on a FileVault disk is to set the FileVault Mac system as the startup disk, either by "bless" or "Startup Disk" in System Preferences then reboot and hold the "command+R" during startup. It doesn't show up when pressing "Option" to bring up the default Mac boot menu. Also might have something to do with Macs EFI firmware v1.10 "Internet Recovery" where no Recovery partition is present. Maybe someone can help with that, a lot more info needed.

      As for rEFInd loading the Recovery boot.efi (Recovery HD/com.apple.recovery.boot/boot.efi) on a non FileVault disk, rEFInd does find it and it does load the Recovery system just fine, again, no problem there. On a standard non encrypted Lion "Time Machine" backup disk, there is a bootable "Recovery HD" system also. Same as a standard non encrypted Lion Recovery system but it differs in that the boot.efi (tmbootpicker.efi) is in a different location (root) and the "BaseSystem.dmg" is in a varying location. rEFInd does find and load it without any errors. It's also available in the Mac boot menu. This Recovery system is useful for those don't have a "Recovery HD" partition on their Lion system disk for various reasons (new purchases, Net Recovery, odd partition scheme, ect) and need disk repair, system restore or other utilities.

      I think adding the Recovery HD system as a default location (com.apple.recovery.boot) is a great idea as long as it can be commented out. Maybe inactive by default. Some school and lab environments might not want direct/unauthorized access to it. Maybe add it to"scanfor". Also not yet being able to use it on a FileVault disk is bit of a let down. Maybe it can be labeled as "alpha" until more info known. A good "Recovery HD" icon would be nice also.

      To reiterate:
      Mac OS Lion: /YOUR_DRIVE_NAME/System/Library/CoreServices/boot.efi -always bootable
      Mac OS Lion Recovery: /Recovery HD/com.apple.recovery.boot/boot.efi -bootable with "com.apple.recovery.boot" added to "also_scan_dirs" or "Option" at startup
      Mac OS Lion with FileVault encryption: /Recovery HD/System/Library/CoreServices/boot.efi -always bootable
      Mac OS Lion with FileVault encryption Recovery: /Recovery HD/com.apple.recovery.boot/boot.efi -bootable with "command+R" at startup with Mac OS Lion as startup disk
      Mac OS Lion Time Machine Recovery: /YOUR_DRIVE_NAME/tmbootpicker.efi -always bootable
      Mac OS Lion Time Machine encrypted Recovery: Same as a non encrypted Time Machine disk (EFI, backup, Recovery partitions), but not bootable due to whole disk encryption

      A lot of info I know.

       
      Last edit: jimpryor 2012-05-04
  • rjmackay
    rjmackay
    2013-08-20

    Just to simplify this for anyone else trying to figure this out in future. Here's what I've done to make this work.

    I'm running OS X 10.7.5 with FileVault full drive encryption.
    I had to add the following to refind.conf before I could boot back into OS X


    menuentry "Mac OS X - WDE" {
    icon \EFI\refind\icons\os_mac.icns
    volume "Recovery HD"
    loader \System\Library\CoreServices\boot.efi
    # disabled
    }

    Step by step:

    • I installed refind with install.sh --esp
    • Rebooted.
    • Refind loaded but I could only boot into my old linux partition or OSX recovery.
    • Booted into OS X recovery
    • Used terminal to mount ESP and edit refind.conf
    • Added this to refind.conf


    menuentry "Mac OS X - WDE" {
    icon \EFI\refind\icons\os_mac.icns
    volume "Recovery HD"
    loader \System\Library\CoreServices\boot.efi
    # disabled
    }

    • Rebooted and now I have an option to boot back into OS X
     
    Last edit: rjmackay 2013-08-20
    • Kevin Waters
      Kevin Waters
      2014-01-31

      Thank you SO much for this advice! I'm running rEFInd v0.0.7 on OS X Mavericks 10.9.1 with File Vault WDE and could not boot back into OS X until I followed your steps above.

      I did the install.sh --esp option and even did the uncommenting and changing of the line of "dont_scan_volumes" line mentioned by Rod before rebooting but I couldn't get back into my system.

      For anyone else who reads this, I did this to fix my MacBook Pro on OSX Mavericks:

      1) From the rEFInd boot loader, boot into OS X Recovery
      2) Open a terminal
      3) Mount the EFI partition with diskutil mount <disk id="">
      4) Edit the refind.conf file using vi
      5) Then edit the menuentry for"My Mac OS X" to look exactly like rjmackay's example above then save the file

      After a reboot, I could boot back into my OS X system I'm typing this post on right now.

      Thanks rjmackay!

       
  • Avi Romanoff
    Avi Romanoff
    2013-08-20

    The above solution worked perfectly for me as well. I can finally boot OS X from rEFInd. Thank you!

     
  • You should be able to get this to work without creating a manual boot stanza by uncommenting the dont_scan_volumes line in refind.conf and removing the "Recovery HD" option from that line. I've added a short section on this to the rEFInd installation documentation:

    http://www.rodsbooks.com/refind/installing.html#wde