rEFInd boots with secure boot, but can't boot anything
An EFI boot manager utility
Status: Beta
Brought to you by:
srs5694
Menu
▾
▴
I installed refind 0.8.4 from the Fedora rpm on my Lenovo T440s with secure boot enabled. I can successfully boot Fedora 21 directly with shim/grub2, but not via refind.
The first time it started, it launched the Mokmanager, and I enrolled refind.cer. After this I can boot into the main refind UI, but I can't launch anything except Windows. If I start Fedora grub, Mokmanager, etc, it fails with a secure boot message.
rEFInd's "about" screen shows that it is in secure boot mode.
What's this failure mode? How do I recover from it? How is it supposed to work?
I've had problems with some versions of Shim, but I haven't had a chance to track down the cause. I recommend you try another version of Shim. It's old, but this version has always worked for me. You could also try a more up-to-date version from another distribution. In either case, you'll likely have to enroll the Fedora key in your MOK list. Also, be sure to swap out MokManager when you swap out Shim; MokManager is typically signed with the same key built into Shim, so if you won't swap MokManager, you won't be able to launch it unless its key is already entered in your MOK list.
Shouldn't it be using the shim from the rEFInd rpm? Or are you saying that it can have bad interactions with some EFI implementations and the older one is better?
There is no Shim in the RPM that I distribute; upon installation, that RPM's setup script looks for an existing Shim program and, if it finds one, copies and uses it. It's possible that somebody else has packaged rEFInd with their own Shim, and that's fine, but I'd need to know where this RPM came from so I could review it and comment on it.