Refind is a beautiful and customisable boot manager. It can be installed easily on NixOS by a simple command.
Run the following commands to get a shell with required components.
nix-shell -p refind efibootmgr sbsigntool
Now you can run refind-install
to install the boot manager on to your EFI.
The script needs to be run as root. You can start a root shell using sudo -i
or prepend sudo
itself.
If you have a secureboot setup on NixOS using Lanzaboote, you are not likely using Shim and you'd need a shimx64.efi
for this to work.
You can extract it from Ubuntu's shim-signed deb file, which you can download from here.
- Extract the deb file, if you are having trouble, you can simply rename it to .zip.
- The files we need are in
data.tar.xz
. Extract the file or browse, you'll find them in/./usr/lib/shim/
. - We need
shimx64.efi.signed.latest
andmmx64.efi
. Copy both to a folder you can access easily. Renameshimx64.efi.signed.latest
toshimx64.efi
. - Run
refind-install --shim /your/shimx64efi/location --localkeys
- The
--localkeys
option is needed unless you want to create the keys yourself, or already generated keys. - You might want to pass
--encryptkeys
, it'll encrypt your keys by asking you for a paraphrase. - Congrats! Refind is now installed into your efi, usually in
/boot/EFI/refind
or/efi/EFI/refind
.
- Copy the MOK utility (
mmx64.efi
too), to refind installation folder in your EFI partition, if not already. - You can run something like
sudo cp /your/mmx64.efi/location /boot/EFI/refind/
- Then reboot
- After rebooting, you'll show a blue shim screen where you can configure your user defined secure boot keys.
- Choose
Enroll keys from disk
- Then choose the efi key .cer file and enroll it. The key should be in your EFI partition and in directory
/EFI/refind/keys
. - Then reboot.
- Congrats, refind has been installed on your system. You've done a great job.
- You can edit
refind.conf
in your refind installation folder on your EFI partition, to customise your refind experience. Things like custom banner, fonts can be easily configured.