Craig Felix - 2021-09-11

If the --usedefault option is used to designate an alternate EFI device for the script, does the script remember that device if it is run automatically by Ubuntu PPA update? Or do I need keep the "install to the ESP" option turned off in the script? Also, if rEFInd is updated, would the existing MOK work for a new binary?

Why I'm asking:
TL:DR I've been using refind to boot (L)ubuntu on a dual-boot (WIn10/Linux) laptop, secure boot enabled, for several years. I wanted to have the laptop boot to Win10 unless I had inserted a USB drive before booting to bring up Linux instead. I've had no problems with this until recently when some gremlin snuck in and kept booting WIn10 whether the USB drive was in place or not. It seemed to be a MOK rejection of the enrolled key for refind. Eventually, I got it working again with a clean reinstall of refind after removing refind traces, cleaning out MOK refind entries and formatting a new USB drive. I noticed that the script did generate new keys for refind binaries and I got a secure boot to rEFInd after MOK enrolled its key on the first try.