rEFInd on Dell xps 15 2in1 (9575) black screen upon boot, I can't get rEFInd...
An EFI boot manager utility
Status: Beta
Brought to you by:
srs5694
Menu
▾
▴
Hi I was wandering if anyone can help me, as I have spent far too long trying to get rEFInd to work.
I am running a Dell XPS 15 2 in 1, 9575 with UEFI secure boot. When booting my machine I get a black screen before rEFInd starts and I am unable to select an operating system or proceed. I don't believe it is my backlight, as the screen is glowing on.
Searching around I believe that this is something to do with having dual graphics, but I would appreciate confirmation or a solution!
I am thinking that perhaps reEFInd is trying to boot from the rx vega m graphics, rather than the intel 630 graphics, which may be causing the issues. (I believe the linux drivers for the RX vega M are still being written as of writing this post, which may be the issue. I have upgraded my kernel to 4.18.5 ahead of release in ubuntu. )
I believe that I have successfully installed rEFInd by using the refind-install --shim FILEPATH/shimx64.efi. I have registered refind with the UEFI secure bootloader, and it no longer comes up with the blue screen asking for .cer files, which I used from the keys folder.
GRUB works fine.
Here is the relevant output of efibootmgr :
This is the simplified tree contents of my refind folder:
/boot/efi/EFI/refind
My refind.conf file is default, as far as I have read I did't need to change this. However, having tried the default, I have then removed the 'disabled' comments from the file, which also didn't work. As simplified below:
Does anyone know why refind does not work on my machine?
Many thanks in advance,
James
As an update I tried booting rEFInd from a USB and encountered the same issue. If I am doing something wrong or if you have any thoughs please let me know!!! thanks again
Further to my last message, I have also added NvmExpressDxe-64.efi to the efi/EFI/refind/drivers_x64 folder to account for the M2.NVMe that the laptop uses. Still no change in behaviour!
It's not a linux driver issue, as no operating system is running.
Taking a stab in the dark with your dual-graphics theory, have you tried connecting an external display? If your system does in fact boot using the graphics card, it may be possible that the "default" display is not the built-in panel.
If this is your issue, I think it might be possible to add a monitor selection feature, but I would need to re-read the UEFI spec to be sure.
I suggest trying to adjust two features in the
refind.conffile for your installation:textonly-- Uncomment this line to enable text-only mode. This might fix the problem, but I'm skeptical of that. If it does work, rEFInd will work only in text mode, so you won't see the icons, background images, etc.; but it might at least work.resolution-- This option sets the display's resolution. I recommend trying the single-number resolution codes, starting from0, until something works. The idea here is that, as CJ Vaughter suggests, your system may be defaulting to use the external display; but by setting theresolutionvalue, you may be able to coax it into using the internal display. Ordinarily, if you select an invalid option, rEFInd displays a list of valid options; but this most likely will not work for you, so you'll have to try things blind. (OTOH, you might see that message on an external monitor, so you could try as CJ Vaughter suggests, at least for debugging purposes.)In addition, you can check your firmware's settings to see if there are any display-related options, like something that defines what video hardware to use by default. You might also check with Dell to see if a firmware update is available. If so, try installing it.
CJ, Roderick, thank you for your responses. Since sending my last message, I have identified that the issue is something to do with secure boot. I feel a little bit foolish for not disabling secure boot sooner, I was convinced that this was not the issue because the blue screen no longer came up to choose a .cer file after I had selected one.
Now that things are working I don’t believe I have an issue with rEFInd working, but with secure boot. So, I am going to have a play around with the shim files to find out if I should be using a different one to get it to work with secure booting. Thanks again for your help!
Last edit: J Og 2018-09-13
I am now at a loss. I have had a play around with the shim files and I have tried to use the following stored in ubuntu:
boot/efi/EFI/ubuntu/shimx64.efi --> using this file results in a blue screen demanding a certificate, passing the certificate on has no effect and the computer reboots asking for a certificate .cer file once again.
usr/lib/shim/shimx64.efi --> using this file results in no certificate being demanded from MOK, instead a black screen occurs when booting from F12, alternatively it results in just the Dell logo when booting normally, as it was before. (this was the file I used previously)
Interestingy if I enable secure boot with audit mode within the BIOS settings, rEFInd boots ok.
"Audit mode - Performs a signature check but does not block execution of all UEFI drivers and bootloaders. Use this mode when making modifications to Secure Boot Keys." - I guess this disables secure boot? - Refind does not detect secure boot during its installation with the --shim option selected with 'audit mode' enabled.
I have also tried starting the MOK manager from rEFInd with 'Audit mode' enabled and selecting a certificate this way. However, setting secure boot back on with audit mode disabled results in a black screen once more.
Thanks again, and I would welcome any further assistance.
I recommend you start by reading the following two pages:
Ubuntu distributes two Shim binaries.
/usr/lib/shim/shimx64.efiis unsigned, whereas/usr/lib/shim/shimx64.efi.signedis signed. Chances are the latter file has been copied to/boot/efi/EFI/ubuntu/shimx64.efion your system. An unsigned binary won't launch when Secure Boot is active. Normally there's an error message and an option to boot the next item in the boot list, but it sounds like your computer is hanging instead. This action is annoying, but a few computers "work" that way.You say that you've loaded certificates in MokManager, but it's not clear precisely what file(s) you've loaded. You'd need to load either
EFI\refind\keys\refind.cerorEFI\refind\keys\refind_local.cer, depending on what version of rEFInd you've installed and how you've installed it. In fact, it's possible that your rEFInd binary isn't signed, in which case a certificate won't help; you'll need to either sign the binary or enroll a hash rather than a certificate. The two above pages describe all this in more detail.After taking a long hiatus, I decided to take another look at this and have managed to get it to work with secure boot! So I decided to share in case others are having similar issue also.
After having a struggle around with signing my own binaries and creating my own certificates, using openssl, sbsign and also pesign, and having also tried registering the hashes. In the end I simply copied over
/usr/lib/shim/shimx64.efi.signedto the ESP, I decided to rename it to justshimx64.efito see if this changed anything (I don't think it is important) and ran:I had already loaded the refind.cer and refind_local.cer certificates, so this seemed to resolve things.
I noticed that the boot no longer hangs to a black screen like before, but instead passes to the next boot loader, so I assume this was a bios update and not my own doing. Interestingly, using the signed version of shimx64, would result in a screen with a security violation message, which pressing ok would then force it to the next boot item in efibootmgr. However, when I tried loading my own signed binaries, it would just skip them without this message screen.
I am curious to know why things did not work before, and am also cuious to know why it would not work when I tried to sign my own binaries, but I am glad I can now use Refind with secure boot! Thanks again!
Last edit: J Og 2020-01-18