rEFInd, and automatic codegen boot stanzas

DevilFish303 · July 23, 2023, 11:00pm

I’ve been lurking around the forums looking for advice on converting an existing systemd-boot EOS install to use rEFInd, and I think i got it: create a script that runs when kernels are installed that generates manual boot stanzas for me.

This solution will work for me because i only dual boot both Windows and Linux, Windows is setup with Bitlocker, so I need to set up a manual boot stanza for it anyway so that rEFInd can reboot my machine straight into Windows to avoid that annoying Bitlocker recovery key prompt.

The only question though is: what would be the best way to go about this?

I’ve identified two key locations where I can do this: pacman hook or kernel install hook. I noticed that sbctl automatically signs new kernels whenever reinstall-kernels is executed, so I think I want to go that route for this reason, the script that sbctl installs under install.d gets fed the path to the kernel. By using that path i can extrapolate the kernel options from /efi/loader/<kernel option>.conf

The pacman hook i was thinking this is something that should happen whenever any linux kernel is installed (mainline, lts, hardened, zen, and so on)

The end result is I have EOS with both rEFInd and systemd-boot as a fallback just in case something in rEFInd borks.

I started work on the script, but wanted to get feedback on this plan of mine.

DevilFish303 · July 23, 2023, 11:04pm

For those who are curious here is what my refind.conf looks like:

$ cat /efi/EFI/refind/refind.conf 
#
# refind.conf
# Configuration file for the rEFInd boot menu
#

timeout 20

use_nvram false

use_graphics_for osx,linux,windows

# I don't want systemd boot options showing up in rEFInd
# I can always boot into systemd-boot from UEFI options
dont_scan_dirs +,/EFI/systemd,/EFI/BOOT

menuentry "Arch Linux" {
    icon     /EFI/refind/icons/os_arch.png
    volume   "Arch Linux"
    loader   /c5df509dff6c4b75b6ad6ed4f201ab6f/6.4.4-arch1-1/linux
    initrd   /c5df509dff6c4b75b6ad6ed4f201ab6f/6.4.4-arch1-1/initrd
    options  "nvme_load=YES nowatchdog rw rootflags=subvol=/@ rd.luks.uuid=d2315f6c-c6d4-405e-8964-25dbf8a5baed root=/dev/mapper/luks-d2315f6c-c6d4-405e-8964-25dbf8a5baed systemd.machine_id=c5df509dff6c4b75b6ad6ed4f201ab6f"
    submenuentry "Boot using fallback initramfs" {
        initrd /c5df509dff6c4b75b6ad6ed4f201ab6f/6.4.4-arch1-1/initrd-fallback
    }
    submenuentry "Boot to terminal" {
        add_options "systemd.unit=multi-user.target"
    }
    graphics "on"
}

dalto · July 23, 2023, 11:22pm

Between those two options, I would choose kernel-install for sure. That is what it is for.

Another option would be to replace kernel-install-for-dracut with eos-dracut. If you do that, the images will be in /boot with consistent names and you won’t need to generate different stanzas.

Either option is good.

DevilFish303 · July 23, 2023, 11:43pm

ah yea forgot to mention, my drive is encrypted, this includes /boot, only /efi is unencrypted, i don’t think eos-dracut would work in that case, is that right?

dalto · July 23, 2023, 11:45pm

With refind? I don’t think refind can read an encrypted partition by default.