-
Notifications
You must be signed in to change notification settings - Fork 65
/
config.conf-sample-Dev
1470 lines (1367 loc) · 68.9 KB
/
config.conf-sample-Dev
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# config.conf
# Configuration file for the RefindPlus boot manager
##--------------------------------------------------------------##
## Section 1 of 4 ##
## ADDITIONAL CONFIGURATION ITEMS ##
## New Functionality Provided by RefindPlus ##
##--------------------------------------------------------------##
#
#
# Proceed automatically when on-screen notices
# are shown. When this option is active, RefindPlus
# will pause for nine (9) seconds when on-screen notices
# are shown, and then proceed as if a key has been pressed.
#
# Inactive when commented out (Does not proceed automatically)
#
#continue_on_warning
# Allow actively enabling/disabling the System Integrity Protection (SIP) and
# Sealed System Volume (SSV) settings defined under the "csr_values" option.
# When active, RefindPlus will actively set the CSR Policy as defined. This
# is done when RefindPlus is loaded but users can manually toggle the set
# values "ON" or "OFF" by using the "Rotate CSR" tool on the main menu.
# The following options are available:
# 1 - Always Enable SIP/SSV
# 0 - Take no Action
# -1 - Always Disable SIP/SSV
#
# NOTES:
# 1. This rotates the values defined under the 'csr_values' configuration token.
# 2. Thus, the first matching value defined under the 'csr_values' token is used.
# 3. That token must therefore contain values to both 'Enable' and 'Disable' CSR.
# 4. This token is essentially disabled whenever 'csr_values' is not active/set.
#
# Inactive when commented out (Takes no action on SIP and/or SSV)
#
#csr_dynamic 1
# As of macOS v11.x (Big Sur), the previous default SIP/SSV settings, which had all included
# the CSR_ALLOW_APPLE_INTERNAL bit, may leave Macs not able to receive "Over The Air" (OTA)
# updates from Apple. macOS v11.x (and later) remove this bit on boot if detected but the
# attempted removal may fail when booting into macOS via non-standard approaches such as
# RefindPlus. It is also possible that Apple will remove this remediation feature once
# Mac models supporting macOS v10.15 (Catalina) are deemed to be obsolete by Apple.
# When this token is set, RefindPlus will remove this bit from the saved CSR bits
# when booting into macOS, similar to the process done by macOS v11.x and later.
#
# Inactive when commented out (Takes no action on SIP/SSV settings)
#
#csr_normalise
# The "HelpIcon" feature prefers loading default/generic loader icons over custom
# ones and searches for custom loader icons only executed if a generic loader icon
# is not found. This can result in significantly faster loading speeds on some units
# and make no difference at worst. The default/generic loader icons loaded will be
# those for the current active theme. That is, the current theme's default icons.
# Generic "os_linux" icons are used for most flavours when "HelpIcon" is active.
# Icons placed in bootloader directories are skipped when "HelpIcon" is active;
# except ".VolumeXYZ" images when the "hidden_icons_prefer" setting is active.
#
# The "HelpIcon" feature is active when commented out
#
#decline_help_icon
# The "HelpSize" feature always adds additional UI scaling whenever screens
# with 'ExDPI' resolutions are detected for which the 2x scaling applied for
# the 'HiDPI' resolutions may not be sufficient. The 'ExDPI' resolutions are
# currently 6400 x 4000. Separately, the feature allows forcing non-standard
# or otherwise unsupported screen resolutions; which can help overcome issues
# where the RefindPlus screen is not displayed (Typically due to EDID issues).
# NB: The forced screen resolution feature typically requires an ultimate boot
# into operating systems that support the graphics setup for proper operation.
#
# The "HelpSize" feature is active when commented out
#
#decline_help_size
# The "HelpText" feature uses complementary colours (of the title banner) for text
# to improve legibility. With custom banners however, the base colour is based on the
# colour of first pixel in the pixel array (top left pixel). This may not always embody
# all pixels in banners with multiple colours. Thus, the selected complementary colour
# for the text may not be suitable for all portions of the title banner in such cases.
# In such cases, users may wish to disable the "HelpText" feature by activating this
# token, which will make the text either white or black, based on the brightness of
# colour of the first pixel in the pixel array instead. NB: Only applies to custom
# title banners and complementary colours are always used for text when using the
# default RefindPlus title banner, as this always has a single solid colour.
#
# The "HelpText" feature is active when commented out
#
#decline_help_text
# RefindPlus defaults to mapping both 'F10' and '\' (forward slash) to
# the inbuilt screenshot feature. When this option is active, the F10
# key is unlinked whilst the '\' key stays linked to screenshots. It
# allows using third-party alternatives which may also map the key.
# As installed as drivers, such tools typically allow screenshots
# from external screens that the inbuilt feature does not cover.
#
# Inactive when commented out (Does not decouple the F10 key)
#
#decouple_key_f10
# Offer APFS filesystem capability. By default, RefindPlus is set up to jump start
# macOS APFS filesystem drivers, apfs.efi, which are available in system folders of
# macOS 10.13 (High Sierra) and later. The drivers are loaded to match each specific
# macOS version which ensures that any changes made to APFS drivers for each specific
# macOS version are accommodated, compared to using one driver no matter what specific
# macOS version is being loaded. This default is deactivated whenever this token is set.
# NB: This functionality is only available on TianoCore builds.
#
# APFS filesystem capability is provided (if required) via "SupplyAPFS" when commented out
#
#disable_apfs_load
# Apple has partially enforced the use of the "PreBoot" Loader stored in the "PreBoot" partition
# of APFS volumes by requiring this to run the Mac Boot Loader, starting with macOS v11.0, when
# SIP is enabled. Attempts to run such macOS Boot Loaders directly when SIP is enabled result
# in kernel panics. The default setting in RefindPlus is to always map APFS volumes to their
# respective "PreBoot" partitions, which will be used to boot such macOS instances and the
# associated "PreBoot" partitions will be hidden from view. This arrangement also permits
# booting into FileVault encrypted APFS volumes with their volume labels (not PreBoot).
# When this option is enabled however, the RefindPlus "SyncAPFS" feature is disabled.
#
# NB: Maintain the default naming pattern for APFS data volumes, "VolName - Data",
# to improve the reliability of "SyncAPFS" distinguishing between APFS volumes.
# Also, avoid the use of special characters in macOS volume names and limit
# names to alphanumeric characters. Dashes, underscores and/or spaces can
# be used in combination with alphanumeric characters without issue.
#
# APFS partition synchronisation is provided (if required) when commented out
#
#disable_apfs_sync
# Disable Apple Mobile File Integrity (AMFI) checks on booting macOS. Whenever
# this token is active, RefindPlus will add a "amfi_get_out_of_my_way=1" boot
# argument which, along with System Integrity Protection (SIP), restricts
# application access to OS entitlements. Note that this setting will
# create a macOS boot argument the first time it is triggered when
# "persist_boot_args" is also set, and that this boot argument
# will remain active until it is explicitly cleared, even
# if this setting is subsequently deactivated.
#
# Inactive when commented out (Does not stop AMFI checks)
#
#disable_check_amfi
# Disable version compatibility checks when booting macOS. Macs check whether
# the current macOS version is supported on the machine when booting, and halt
# if not. When this option is active, RefindPlus will add "-no_compat_check" to
# the boot arguments to disable this check, which allows macOS boot on otherwise
# unsupported Macs. Note that when "persist_boot_args" is also set, this setting
# will create a macOS boot argument the first time it is triggered and that the
# boot argument will remain active until it is explicitly cleared, even if
# this setting is subsequently deactivated.
#
# Inactive when commented out (Does not stop macOS compatibility checks)
#
#disable_check_compat
# RefindPlus previously assumed all Macs were capable of legacy BIOS boot.
# While this was accurate for some time, some later Macs are UEFI Class 3
# devices that do not support legacy BIOS boot. The "LegacySync" feature
# attempts to categorise Intel Macs to allow/disallow legacy BIOS boot.
#
# The "LegacySync" feature is active when commented out
#
#disable_legacy_sync
# Disable kernel panic logging to the nvRAM. macOS may save kernel panic logs in
# the nvRAM under certain conditions which can increase wear and tear on legacy
# Mac nvRAM. When this token is active, RefindPlus adds "nvram_paniclog=0" to
# the boot arguments which disables panic log writes to the nvRAM for writes
# to the filesystem instead. Note that when "persist_boot_args" is also
# set, this token will create a macOS boot argument the first time it
# is triggered which will remain active until explicitly cleared,
# even if this setting is subsequently deactivated.
#
# Inactive when commented out (Does not stop macOS panic log writes to nvRAM)
#
#disable_nvram_paniclog
# Allow/Prevent saving various potentially harmful variables to the nvRAM on Macs.
# By default, RefindPlus will prevent writes of certain items by processes such as
# UEFI Windows Secure Boot (certificates) to the nvRAM on Legacy Macs as these may
# result in an overrun that will damage the BootROM (also stored on the nvRAM) and
# results in an inability to boot. This token is only activated on Apple firmware.
# NB: Auto disabled whenever RefindPlus is loaded from OpenCore on Apple firmware.
#
# The "NvramProtect" feature is active when commented out
#
#disable_nvram_protect
# Disables adding the GOP protocol to UGA, done by default when absent, that
# allow some graphics displays on newer operating systems with legacy GPUs
# NB: This functionality is only available on TianoCore Builds.
#
# GOP is added to UGA (if required) when commented out
#
#disable_pass_gop_thru
# When GOP drivers, which are UEFI 2.x drivers, are implemented in compliance with
# UEFI 2.x requirements, they do not work on legacy devices as the specifications
# mandate that on installation, compliant GOP drivers should confirm devices are
# UEFI 2.x compliant and to fail if they are not. Hence, compliant GOP drivers
# do not activate on classic MacPros for instance, as these are not actually
# UEFI 2.x but EFI 1.x devices to which Apple has added a chunk of, but not
# all of, the UEFI 2.x capability. By default, RefindPlus is configured to
# amend a device's EFI Revision to v2.x, and then try to reinstall a copy
# of the GPU's Option ROM whenever it detects that GOP is not available.
# This permits running modern GPUs on some legacy units when they would
# otherwise fail to work. The change is reverted automatically once it
# is longer required to allow GPU activation except when the related
# "supply_uefi" setting is activate, as this overrides this revert.
#
# GPU OptionROMs are reinstalled (if required) when commented out
#
#disable_reload_gop
# Disable dispatching revealed DXE drivers during handle connection.
# The Controller/Handle connection exercise may sometimes reveal new
# DXE drivers on some firmware. RefindPlus versions before v0.13.2.AP
# automatically went into a loop to install such revealed DXE drivers
# until all such were installed. This installation loop *MAY* end with
# unwanted DXE drivers being installed, and also reduces loading speed
# while not being required on some types of firmware. Hence, an option
# to skip the process *MAY* be desirable on affected types of firmware.
#
# Inactive when commented out (Does not stop rescans for DXE drivers)
#
#disable_rescan_dxe
# Replace the Apple FramebufferInfo protocol with a builtin version. By default,
# RefindPlus is configured to always install the Apple FramebufferInfo protocol
# when missing on Macs. This feature can be disabled by activating this token.
# NB: This functionality is only available on TianoCore builds.
#
# Apple FramebufferInfo protocol is provided (if required) when commented out
#
#disable_set_applefb
# Some computers, such as some classic MacPros, may have multiple GOP instances:
# - One installed on the Console Out handle
# - Others installed on GPU handles.
# GOP on the Console Out Handle is what everything uses and is provided by
# the system firmware and others by GPU Option ROMs. The system firmware
# should typically forward calls from the Console Out Handle GOP to the
# others transparently. On such models, it only works in this way with
# GPUs with system firmware support. This option replaces GOP on the
# Console Out Handle with one from a GFX Handle on such models when
# running capable GPUs that are not supported by system firmware.
# NB: This functionality is only available on TianoCore builds.
#
# The "SetConsoleGOP" feature is active when commented out
#
#disable_set_consolegop
# Allow scans of multiple ESPs. When this option is active, RefindPlus
# will make other ESPs, separate from that containing RefindPlus,
# available to be scanned for kernels and loaders.
#
# Scans of other ESPs are prevented when commented out
#
#enable_esp_filter
# Force "TRIM" on non-Apple SSDs. TRIM, which may improve SSD health,
# is inactive by default for non-Apple SSDs in macOS. When this option
# is active however, RefindPlus will enforce macOS "TRIM" for all types
# of SSDs, including non-Apple SSDs. This setting only applies to macOS.
#
# Note that the setting will create a macOS nvRAM entry the first time it
# is triggered and that it will stay active until explicitly cleared even
# if the setting is subsequently disabled. Also, note that forcing TRIM
# on may significantly increase boot times and that enabling TRIM on
# non-Apple SSDs may affect the integrity of data on such SSDs.
#
# Inactive when commented out (Does not forcefully set TRIM)
#
#force_trim
# RefindPlus defaults to only scanning for ".VolumeIcon" icons on "internal"
# volumes. However, when this token is active (and the "hidden_icons_ignore"
# token is not) RefindPlus will also scan "external" volumes for these icons.
#
#hidden_icons_external
# RefindPlus defaults to scanning volumes for .VolumeIcon image icons and if
# found, these may be used as display icons for some volumes. However, most
# RefindPlus setups do not include these files and most of those that may
# do, typically Apple Macs, do not require the files as their icons in
# Refindplus. Hence, scanning for the files typically just slows the
# RefindPlus boot process down. When active, this speeds booting
# RefindPlus up by skipping scanning volumes for these files.
#
# NOTES:
# 1. This token overrides the "hidden_icons_external" and
# the "hidden_icons_prefer" tokens when it is active.
#
# Scans for ".VolumeIcon" icons when commented out
#
#hidden_icons_ignore
# RefindPlus always defaults to scanning volumes for .VolumeIcon image icons but
# any such are only used as a last ditch option when other bootloader directory
# display icon options fail. When this option is set, RefindPlus will instead
# first try to display ".VolumeIcon" image files before attempting to load
# other image icon files. This permits flexibility in theming loaders by
# positioning such files for loading by RefindPlus. Note however, that
# the "hidden_icons_ignore" option takes priority over this setting.
#
# NB: ".VolumeIcon" icon files can be in any supported format ...
# ICNS (*.icns), BMP (*.bmp), PNG (*.png), or JPG (*.jpg/jpeg).
#
# Does not prioritise ".VolumeIcon" images when commented out
#
#hidden_icons_prefer
# Offset the OS icon row position on the main screen vertically from the default.
# This token accepts positive/negative indicative flags that indicate the offset
# position of OS icons on the main RefindPlus screen. Such offsets may be useful
# when the default position of the icon row clashes with parts of custom banners.
# The indicative flags are:
# 1 - Move icon rows to the upper third of the screen
# 0 - Maintain default icon row position (mid screen)
# -1 - Move icon rows to the lower third of the screen
#
# Defaults to zero when commented out (Does not move the icon rows)
#
#icon_row_move -1
# Finetune the OS icon row position set by the 'icon_row_move' setting. This
# token accepts positive/negative pixel values which are used to adjust the
# position of icon rows on the main RefindPlus screen. This adjustment may
# be needed to finetune the 'icon_row_move' outcome upwards or downwards.
#
# Defaults to zero when commented out (Does not adjust the icon rows)
#
#icon_row_tune 5
# When this option is activate, RefindPlus will prevent attempts to run loaders
# that are detected below a time interval after loading the screen to counteract
# spontaneous booting apparently resulting from keystroke buffers that appear to
# have been primed before RefindPlus is loaded. This appears to primarily affect
# UEFI-PC when RefindPlus is loaded done after first accessing the BIOS via keys
# such as "F12". The issue appears to be worse when external drives are present.
# A level of intervention is always active but this is typically not noticeable.
# The base threshold is increased on RefindPlus DBG build files as well as when
# external drives, including USB sticks, are detected on starting RefindPlus up.
# This token increases this derived base time threshold to a new time threshold
# below which attempts to run loaders will not be permitted in order to avoid
# RefindPlus spontaneously starting up default selections when it is loaded.
# NB: This feature does not operate on Apple firmware even when set here.
#
# Inactive when commented out (Does not increase base threshold interval)
#
#mitigate_primed_buffer
# When this option is activate, the RefindPlus "NvramProtect" feature will be
# extended, if set, to cover booting into macOS and "unknown" UEFI files.
# NB: This feature is disabled when RefindPlus is loaded from OpenCore.
# This setting is only active, if set, on Apple firmware.
#
# Inactive when commented out (Does not extend NvramProtect)
#
#nvram_protect_ex
# Allow/Prevent saving nvRAM variables based on an allowable variable size limit.
# nvRAM variables larger than the specified limit will be discard. This setting
# should only be used on Legacy Apple Macs where the built in feature for this
# may not be operational and should be set to match the specific allowed size
# for such units. Given the difficulty involved in finding the allowed size,
# this setting should not be set by most users. Note that this setting is
# only active on Apple firmware, requires the "NvramProtect" feature and
# that it is disabled when it is set to a value lower than 1024 bytes.
# Additionally, this option is only activated on direct macOS boots.
#
# Inactive when commented out (Does not filter nvRAM writes by size)
#
#nvram_variable_limit 2048
# Adds a UGA Protocol to GOP, when absent, to allow RefindPlus graphics
# display when using modern GPUs on units with only EFIBoot capability
# or with "EFIBoot-Only" operating systems like MacOS v10.4 (Tiger).
# NB: This functionality is only available on TianoCore Builds.
#
# Inactive when commented out (Does not add UGA to GOP)
#
#pass_uga_through
# To minimise nvRAM wear and tear, RefindPlus
# defaults to saving the outputs of these macOS
# boot argument related settings to vRAM instead:
# - disable_check_amfi
# - disable_check_compat
# - disable_nvram_paniclog
# - set_boot_args
# This token can be activated in cases where writing
# such to the nvRAM flash chip is preferred instead.
# NB: This is only relevant when booting into macOS.
#
# macOS boot argument items are not persisted when commented out
#
#persist_boot_args
# RefindPlus defaults to using the Graphics Output Protocol (GOP)
# to render displays and only falls backs on the Universal Graphics Adapter
# (UGA) when this is available and GOP is not. When this setting is active,
# it will instead always use UGA when available and will not consider GOP.
# This may also improve RefindPlus loading speed on legacy UGA-only GPUs.
#
# Inactive when commented out (Does not prefer UGA over GOP for graphics)
#
#prefer_uga
# Some types of firmware, typically supplied by HP, may effectively lock partitions
# as their "DiskIo" protocols are opened "BY_DRIVER", or a "partition driver", but
# no filesystem is generated from the DiskIo. This stops other filesystem drivers
# from connecting to the handles to actually generate filesystems when attempts
# are made to install alternative drivers, making such partitions inaccessible
# or hang in RefindPlus (as firmware supplied drivers may not be compatible).
# When this token is active, RefindPlus disconnects such firmware supplied
# drivers to accommodate otherwise disabled user supplied alternatives.
# NB: This token is always disabled when Apple firmware is detected.
# This functionality is only available on TianoCore builds.
#
# Inactive when commented out (Does not handle such partitions)
#
#ransom_drives
# Use a built-in GOP renderer which may provide enhanced performance
# and fix rendering issues on certain specific GPU models including
# the Radeon VII and some versions of the Radeon 5700 XT. However,
# this should only be used when there is an obvious benefit as it
# may result in glitches in the pre-boot configuration screen or
# slow scrolling response on booting into the operating system.
# NB: This functionality is only available on TianoCore builds.
#
# Inactive when commented out (Does not use the built-in GOP)
#
#renderer_direct_gop
# The SimpleText protocol on the ConsoleOut handle is usually used for
# text output. On Macs and some other firmware, this is complicated by
# the ConsoleControl protocol which determines whether to output text,
# graphics, or both, and this often results in an inability to display
# text or use tools needing text output (such as uEFI Shell). A custom
# text renderer is added on top of GOP by this option as a workaround.
# Note that this option is forced on whenever text output is required,
# such as when running uEFI Shell or whenever RefindPlus is changed to
# text mode as part of its operations (mainly to show error messages).
# NB: This functionality is only available on TianoCore builds.
#
# Inactive when commented out (Does not use a custom text renderer)
#
#renderer_text
# RefindPlus will automatically scale icons and text when certain resolutions
# are detected. The detection is basic and based on detecting a minimum 1601px
# resolution on the longest edge for HiDPI. Screens are considered to be LoRez
# based on detecting a resolution lower than 1025px on the longest edge.
#
# This token allows overriding the detection as follows:
# 99 - Never scale UI elements
# 1 - Always scale UI elements up
# 0 - Scale UI elements, or not, based on screen resolution
# -1 - Always scale UI elements down
#
# Scales UI elements based on screen resolution when commented out
#
#scale_ui 1
# Set the screen's background colour. RefindPlus defaults to using the
# RGB value of the first pixel (top left pixel) in the pixel array of
# the title banner image as set with the "banner" token in this file
# or an Apple LightGrey colour when that token is not set. This can
# be overridden by providing three (3) values, between 0 and 255,
# representing the desired RGB value for the background colour.
#
# Uses the default colour selection process when commented out
#
#screen_rgb 250 150 50
# Set arbitrary boot arguments on macOS boot. When this option is active,
# RefindPlus will change the macOS boot arguments to the specified string.
# This setting only applies to macOS and it accounts for arguments injected
# by the "disable_check_amfi" and "disable_check_compat" settings. Note that
# when "persist_boot_args" is also set, this setting will create a macOS
# boot argument the first time it is triggered and that the argument
# will remain active until it is explicitly cleared, even if this
# setting is subsequently deactivated.
#
# Inactive when commented out or set to "-none" (Does not change boot arguments)
#
#set_boot_args "-v"
# Supply NVME driver. When this token is set, RefindPlus will
# use its 'SupplyNVME' feature to load a built in NvmExpressDxe
# driver to supply support when this is possible but unavailable.
# NB: This functionality is only available on TianoCore builds.
#
# Inactive when commented out (Does not supply NVMe support)
#
#supply_nvme
# Emulate UEFI 2.x support. The RefindPlus "SupplyUEFI" feature can
# emulate the "CreateEventEx" feature, introduced in UEFI 2.0, when not
# available. It additionally modifies the EFI Revision value to UEFI 2.3.
# This may allow running UEFI 2.x tools and drivers on EFI 1.x units such
# as Legacy Macs as several such tools only require CreateEventEx to work.
# NB: This functionality is only available on TianoCore builds.
#
# Inactive when commented out (Does not emulate UEFI 2.x)
#
#supply_uefi
# Booting into different generations of macOS may result in BlueTooth related
# nvRAM settings being out of sync. When this token is used, RefindPlus unsets
# nvRAM settings as defined below on boots into macOS, OpenCore or Clover since
# booting into these indicate a potential generation change on various settings:
# - bluetoothInternalControllerinfo
# - bluetoothActiveControllerInfo
# - bluetoothExternalDongleFailed
#
# This token accepts these options:
# 0 - Sync is never attempted (Default/Base Option:- Y)
# 1 - Sync when current boot not as previous boot (Confirm Before Sync:- N)
# 2 - Sync when current boot not as previous boot (Confirm Before Sync:- Y)
# 3 - Sync before every boot (Confirm Before Sync:- Y)
# 4 - Sync before every boot (Confirm Before Sync:- N)
#
# NOTES:
# 1. Some options require user confirmation before action
# 2. Option '1' is as '4' when 'transient_boot' is active
# 3. Option '2' is as '3' when 'transient_boot' is active
# 4. Qualifying boots are macOS, OpenCore or Clover boots
#
# Inactive when commented out (Does not sync nvRAM)
#
#sync_nvram 1
# The boot 'Chain of Trust' may be broken on booting with 3rd-party tools but
# RefindPlus can trigger a native reboot into a selected boot target to avoid
# this issue. The 'SyncTrust' feature is useful on computers running enhanced
# boot security setups, particularly in conjunction with T2/TPM chipped units.
#
# macos - macOS Loader
# windows - Windows Loader
# linux - Linux Stub Loader
# clover - Clover Boot Loader
# opencore - OpenCore Boot Loader
# similar - Any Other uEFI Loader
# verify - Always Check First
# every - All of the Above
# none - None of the Above (Default)
#
# NOTES:
# 1. The 'every' option takes precedence over others apart from 'none'
# 2. The 'none' option takes precedence over every other setting
# 3. The 'DirectBoot' feature is disabled by this token
#
# Inactive when commented out or set to 'none' (Does not trigger reboots)
#
#sync_trust macos verify
# RefindPlus defaults to storing the name of the last booted loader in
# the "PreviousBoot" variable in the nvRAM under the RefindPlus GUID. This
# provides a default option to be selected on the main screen when RefindPlus
# is loaded. This can however increase wear and tear on the nvRAM and disabling
# the "use_nvram" token writes variables to the filesystem instead, limiting this.
# On some setups however, such as when the "default_selection" token is set, such
# writes are not required to start with. When the "transient_boot" setting is
# active, RefindPlus will not store the "PreviousBoot" variable anywhere.
#
# Always saves the "PreviousBoot" variable when commented out
#
#transient_boot
# RefindPlus previously simply picked and used the first Unicode Collation
# Protocol instance it finds. This resulted in a lottery where such instances
# sometimes worked and sometimes did not. The proper implementation process
# however is to first locate every instance and select one that supports
# the English language. This has now been implemented.
# NB: This functionality is only fully available on TianoCore builds.
#
# Inactive when commented out (Does not look for Unicode English support)
#
#unicode_collation
##--------------------------------------------------------------##
## Section 2 of 4 ##
## AMENDED CONFIGURATION ITEMS ##
## Existing Features Modified in RefindPlus ##
##--------------------------------------------------------------##
#
#
# Set the CSR values for Apple's System Integrity Protection (SIP) and
# Sealed System Volume (SSV) features that define access levels on macOS.
# Values are hexadecimal numbers that define which specific security features
# are enabled. Below are the codes for what the values mean. Add them up (in hex)
# to set new values. Apple's "csrutil enable" and "csrutil disable" commands usually
# set values of 10 (ON) and 77 (OFF) respectively. Note that 77 is just a default OFF
# setting and that users can go beyond this, to values such as 87F, 97F - up to FFF.
# The "csrutil authenticated-root enable" and "csrutil authenticated-root disable"
# commands, added in macOS v11.x (Big Sur), set values of 10 (ON) and 87F (OFF)
# respectively, when run along with the "csrutil enable / disable" commands.
#
# As of macOS v11.x (Big Sur), the previous default setting of "10" (ON)
# may leave Macs not able to receive "Over The Air" (OTA) updates from
# Apple with the reliable setting being enabling SIP/SSV by clearing
# the stored CSR value in the nvRAM. RefindPlus will clear the CSR
# setting when "0" is used in place of "10" for the "OFF" value.
# This setting is also valid on earlier versions of macOS. It
# is recommended however, to keep the default "OFF" setting
# of "10" in place, and to use the "csr_normalise" token
# instead to better achieve the same end (both values).
# CSR_ALLOW_UNTRUSTED_KEXTS 0x0001
# CSR_ALLOW_UNRESTRICTED_FS 0x0002
# CSR_ALLOW_TASK_FOR_PID 0x0004
# CSR_ALLOW_KERNEL_DEBUGGER 0x0008
# CSR_ALLOW_APPLE_INTERNAL 0x0010
# CSR_ALLOW_UNRESTRICTED_DTRACE 0x0020
# CSR_ALLOW_UNRESTRICTED_NVRAM 0x0040
# CSR_ALLOW_DEVICE_CONFIGURATION 0x0080
# CSR_ALLOW_ANY_RECOVERY_OS 0x0100
# CSR_ALLOW_UNAPPROVED_KEXTS 0x0200
# CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE 0x0400
# CSR_ALLOW_UNAUTHENTICATED_ROOT 0x0800
# The "CSR Rotate" tool actually rotates defined values
# and does not just implement a binary toggle of two (2)
# values. Hence, three (3) or more values can be defined
# which will be rotated in turn in a loop by CSR Rotate.
#
# Inactive when commented out (CSR values cannot be set)
#
#csr_values 10,77
# Enable mouse support. If active, this option enables the use
# of the computer's mouse. Note however, that not all computers
# provide the necessary underlying support, so this feature may
# not always work. If it does work, an OS or tool can be launched
# by clicking it with the computer's mouse. Note that this feature
# is mutually exclusive with the "enable_touch" feature and if both
# settings are active, the "enable_touch" token will take precedence.
#
# Inactive when commented out (Does not enable mouse support)
#
#enable_mouse
# Enable touch screen support. If active, this option enables the use
# of touch screen controls (as on tablets). Note however, that not all
# tablet EFIs provide the necessary underlying support, so this feature
# may not always work. If it does work, an OS or tool can be launched by
# touching it. In a submenu, touching anywhere launches the current item
# selected. There is currently no way to select a specific submenu item.
# This option is mutually exclusive with the "enable_mouse" feature and
# the "enable_touch" option will take precedence when both are active.
#
# Inactive when commented out (Does not enable touch screen support)
#
#enable_touch
# Hide user interface elements for personal preference or for security:
# banner - RefindPlus title banner (built-in or loaded via "banner")
# label - Boot option text label in the menu
# singleuser - Remove the submenu options to boot macOS in single-user
# or verbose modes (macOS only)
# safemode - Remove the submenu option to boot macOS in "safe mode"
# hwtest - Submenu option to run Apple's hardware test
# arrows - Sroll arrows on the OS selection tag line
# hints - Brief command summary in the menu
# editor - Options editor (+, F2, or Insert on boot options menu)
# badges - Device-type badges for boot options
# all - All of the above
# none - None of the above (default)
#
# NOTES:
# 1. The 'all' option takes precedence over others apart from 'none'
# 2. The 'none' option takes precedence over every other setting
#
# Inactive when commented out or set to 'none' (Does not hide UI elements)
#
#hideui label badges
# Set the logging level. When set to "0", a log file in the native RefindPlus format
# is produced in the RefindPlus home directory on the ESP, logging information about
# what RefindPlus is doing. When set to "1" or above, the logging is in the upstream
# format instead (a variant of). The maximum log level is Level 2, but this level is
# only available when exposed at compilation time for forensic debugging. This means
# that Levels 0 and 1 are the available log levels for typical users. This option is
# only active when running DEBUG builds and the logging process, particularly higher
# levels, can noticeably slow RefindPlus operation and time must be given as needed.
#
# The native format is used when commented out (DEBUG and NOOPT builds only)
# Logging *IS NOT* active on RELEASE builds
#
#log_level 1
# Set the screen display resolution. Pass this option either:
# * One Value (corresponding to one UEFI GOP video mode)
# * Two Values (corresponding to the X and Y resolutions)
# Note that not all resolutions are supported. On UEFI 2.x systems,
# passing an incorrect value results in a message being shown on the
# screen to that effect, along with a list of supported modes. With
# EFI 1.x systems, such as legacy Macs, setting an incorrect mode
# silently fails. On both types of systems, setting an invalid
# resolution results in the default resolution being used.
#
# Uses the maximum screen resolution when commented out
#
#resolution 1024 768
#resolution 1440 900
#resolution 3
# Which types of boot loaders to search, and in what order to display them:
# external - External EFI disk based boot loaders ... USB/eSATA etc.
# internal - Internal EFI disk based boot loaders ... HDD/SSD etc.
# optical - EFI optical discs ... CD/DVD etc.
# netboot - EFI network (IPXE) boot options
# biosexternal - BIOS external boot loaders
# hdbios - BIOS disk based boot loaders
# cdbios - BIOS optical disc boot loaders
# firmware - Boot EFI programs set in the firmware nvRAM
# manual - Use the stanzas lower in this configuration file
#
# NOTES:
# 1. The legacy BIOS options require firmware support.
# This support is not present on all computers.
# 2. The netboot option is experimental.
# It requires the "ipxe.efi" and "ipxe_discover.efi" files.
#
# On UEFI PC, the default setting is internal,external,optical,manual
# On Mac, the default is internal,hdbios,external,biosexternal,optical,cdbios,manual
#
#scanfor internal,external,optical,manual
# Blank screen and show different solid colours after the specified
# number of seconds without input. Screen is restored on keypresses
# (Excluding keys such as "Shift", "Control", "Alt", and "Option").
# "-1" causes RefindPlus to start up with the screensaver active.
#
# Inactive when commented out (screensaver is disabled)
#
#screensaver 300
# Non-bootloader tools to show on the "tools" line
# of the main menu and their display order:
# shell - uEFI Shell.
# NB: Requires external program
# See documentation for details
# memtest - Memory Testing Utility.
# NB: Requires external program
# gptsync - The (Dangerous) 'GPTsync' Utility.
# NB: Requires external program
# See documentation for details
# gdisk - Disk Partitioning Utility.
# NB: Requires external program
# See documentation for details
# clean_nvram - Enables nvRAM Reset from RefindPlus.
# NB: Requires external program
# Only the first valid instance found is presented
# apple_recovery - Loads Apple Mac Recovery partitions, if present
# windows_recovery - Boots an OEM Windows recovery tool, if present.
# NB: Also refer to the "windows_recovery_files" option
# mok_tool - Enables the Machine Owner Key (MOK) maintenance tool,
# MokManager.efi, used on Secure Boot systems
# csr_rotate - Adjusts Apple's System Integrity Protection (SIP) policy.
# NB: Requires "csr_values" to be set.
# install - Enables option to install RefindPlus from the current
# location to another ESP
# bootorder - Adjust firmware boot order variables
# about - An "About This Program" option
# hidden_tags - Manage hidden tags
# exit - A tag to exit RefindPlus
# shutdown - Shuts the computer down.
# NB: A bug causes this to reboot many UEFI systems
# reboot - A tag to reboot the computer normally
# firmware - A tag to reboot the computer into the firmware's user interface.
# NB: Ignored on older computers.
# fwupdate - A tag to update the firmware; launches the fwupx64.efi (or similar) program
# netboot - Launch the ipxe.efi tool for network (PXE) booting
#
# The default options are: shell,memtest,gdisk,apple_recovery,windows_recovery,mok_tool,about,hidden_tags,shutdown,reboot,firmware,fwupdate
#
# The default options are scanned for when commented out
# NB: Setting "showtools" alone, without any options, disables scanning for tools
#
#showtools shell,bootorder,gdisk,memtest,mok_tool,apple_recovery,windows_recovery,about,hidden_tags,reboot,exit
# Stub support for gzipped loaders. Linux kernels are self-decompressing on x86
# and on x86-64 platforms while on ARM64, Linux kernel files, including the EFI
# stub loader are typically compressed with gzip. This prevents them from being
# loaded by tools such as RefindPlus unless the tool uncompresses them itself.
# This option was added upstream to do this but as it cannot be fully compiled
# into RefindPlus and is unnecessary on x86 and on x86-64 systems, only a stub
# implementation that logs the situation is currently provided by RefindPlus.
#
# Inactive when commented out (The "GZippedLoaders" Feature is disabled)
#
#support_gzipped_loaders
# Timeout in seconds for the main menu screen. Setting the timeout to "0"
# disables automatic booting (i.e., no timeout). Setting "-1" results in
# an immediate boot to the default OS (DirectBoot Feature) unless there
# is a keypress already present in the buffer. In this case, the value
# is interpreted as a shortcut key. When "ESC" / BackSpace / SpaceBar
# is pressed instead, the 'DirectBoot' feature is overridden and the
# main menu screen displayed as normal. If a shortcut key cannot be
# matched to a valid shortcut, the main menu is displayed instead.
#
# Inactive when commented out (timeout is disabled)
#
#timeout 20
# Launch specified loader in graphics mode. RefindPlus defaults to
# text mode and displays basic pre-launch information when launching
# operating systems (apart from macOS). Using graphics mode can provide
# a more seamless transition, but may not display any information, which
# can make it difficult to debug problems. However, using graphics mode
# may prevent crashes in some instances. Note that specifying an empty
# token will set RefindPlus up to boot all loader types in text mode.
# That is, 'use_graphics_for' alone works like setting 'everything'.
#
# Valid options:
# none - No Loader
# osx - macOS Loader
# windows - Windows Loader
# linux - Linux Stub Loader
# grub - The GRUB Boot Loader
# elilo - The ELILO Boot Loader
# clover - The Clover Boot Loader
# opencore - The OpenCore Boot Loader
# tools - 2nd Row Items:- All Tools
# everything - For All Loaders and Tools
#
# NOTES:
# 1. The 'everything' option takes precedence over others apart from 'none'
# 2. The 'none' option takes precedence over every other setting
#
# Defaults to 'osx' when commented out (Launches macOS in graphics mode)
#
#use_graphics_for osx linux
# While using the nvRAM works with most computers, this can increase wear
# and tear on the motherboard's nvRAM. Under conditions where the nvRAM is
# old and/or worn out, it may then fail and result in an inability to boot.
# Storing variables on disk is a viable alternative and RefindPlus can save
# its variables to a folder on the filesystem instead. This will however not
# work if RefindPlus is on a filesystem that is read-only to the EFI, such as
# HFS+ volumes. In such cases, an attempt to write to the first ESP RefindPlus
# can identify will be made. If the attempt is not successful, the variable will
# not be saved and this fact will be logged if running the debug version. NB: This
# option only applies to RefindPlus variables such as the PreviousBoot, HiddenTags,
# HiddenTools, and HiddenLegacy variables and does not apply to any variables from
# other processes/libraries (These are always written to the motherboard's nvRAM).
#
# Stores RefindPlus-Specific variables on the filesystem when commented out
#
#use_nvram
##--------------------------------------------------------------##
## Section 3 of 4 ##
## STANDARD CONFIGURATION ITEMS ##
## Unchanged Functionality ##
##--------------------------------------------------------------##
#
#
# When scanning volumes for EFI bootloaders, RefindPlus always looks for
# the macOS and Microsoft Windows bootloaders in their normal locations
# and scans the root directory as well as sub folders under the "EFI"
# folder for more bootloaders (Does not recurse into sub folders).
#
# The "also_scan_dirs" option adds more directories to the scan list and
# directories are specified relative to the volume's root directory. This
# option applies to ALL the volumes that RefindPlus scans UNLESS a volume
# name and a colon are included before the directory name (myvol:/somedir)
# to scan the "somedir" directory only on the filesystem named "myvol". If
# a specified directory does not exist, it is ignored (no error message).
#
# Scans "boot" and "@/boot" when commented out
#
#also_scan_dirs ESP2:EFI/linux/kernels
#also_scan_dirs @/kernels,@/root/boot
# Additional directories to scan for tools. You may specify a directory
# alone or a volume identifier plus pathname. The default is to scan no
# extra directories, beyond EFI/tools, EFI/BOOT/tools and any directory
# in which a uEFI loader is found.
#
#also_scan_tool_dirs EFI/memtest,ESP2:/EFI/tools/memtest86
# Use a custom title banner and not the default (embedded) banner. The
# file path is relative to the directory where the RefindPlus binary is
# located. The colour of the top left corner of the image is used for the
# background colour for the menu screens. Currently, uncompressed BMP files
# with colour depths of 24, 8, 4 or 1 bits are supported, as well as PNG and
# JPEG files. ICNS files can also be used but have limitations that make them
# poor choices for this purpose. Some PNG and JPEG features are not supported
# and some file formats, such as "progressive" JPEG files, are not supported.
#
# Uses the default title banner when commented out
#
#banner hostname.bmp
#banner mybanner.jpg
#banner icons/snowy/banner-snowy.png
# How to handle banners that are not the same size as the screen size:
# noscale - Crop if too big or show with border if too small
# fillscreen - Fill the screen
#
# Uses "noscale" when commented out
#
#banner_scale fillscreen
# Set the default menu selection. The available arguments match the keyboard
# accelerators available within RefindPlus. Select the default loader using:
# - A digit between 1 and 9, in which case the Nth loader in the menu
# will be the default.
# - A "+" symbol at the start of the string, which refers to the most
# recently booted loader (Unless overriden by 'transient_boot').
# - Any substring that matches to a portion of the loader's title
# (usually name, boot loader path, or volume/filesystem title).
# Multiple selectors may be specified by separating them with commas
# and enclosing the list in quotes (The "+" option is only meaningful
# in this context). If the selector(s) has two times in 24-hour format,
# the default will apply only between those times. The times are in the
# motherboard's time standard, whether that is UTC or local time, so if
# on UTC, adjust this from local time manually. Times may span midnight
# as in "23:30 00:30", which applies to 11:30 PM to 12:30 AM. Multiple
# "default_selection" lines can be specified, in which case the last
# match takes precedence. Thus, a main option without a time can be
# set followed by one or more that include times to set different
# defaults for different times of day.
#
# Defaults to "+" when commented out (Selects the last run loader)
#
#default_selection 1
#default_selection Microsoft
#default_selection "bzImage,vmlinuz"
#default_selection Maintenance 23:30 2:00
#default_selection "Maintenance,macOS" 1:00 2:30
# Directories that should *NOT* be scanned for boot loaders. This token can be
# used to keep EFI/boot/bootx64.efi out of the menu if that is a duplicate of
# another boot loader, to exclude directories holding drivers or to exclude
# directories with non-bootloader utilities from a hardware manufacturer.
#
# This token takes precedence if a directory is listed both here and in
# "also_scan_dirs". Note that this applies to ALL the filesystems that
# RefindPlus scans, and not just the ESP, unless the directory name
# is preceded by a filesystem name or unique partition GUID, such
# as "myvol:EFI/somedir", to exclude the "EFI/somedir" path from
# being scanned on the "myvol" volume but not on other volumes.
#
# The default is the "SelfDir" path.
#
# Uses default setting when commented out
#
#dont_scan_dirs ESP:/EFI/boot,EFI/Dell,EFI/memtest86
# Files that should NOT be included as EFI boot loaders (on the
# first line of the display). To be used with boot loaders that
# rely on support programs or drivers that are installed along
# with the main binary or to block certain loaders by name and
# not by location. Note however, that this setting does *NOT*
# prevent certain binaries from showing up in the second-row
# set of tools. Notably, some Secure Boot and recovery tools
# are present in this list but may appear as second-row items.
# Files may be specified as a bare name (e.g., "notme.efi"), as
# a full pathname (e.g., "/EFI/somedir/notme.efi"), or as a full
# pathname with volume, such as "SOMEDISK:/EFI/somedir/notme.efi"
# or 2C17D5ED-850D-4F76-BA31-47A561740082:/EFI/somedir/notme.efi".
# OS tags hidden via the "Delete" or "-" key in the RefindPlus menu
# are added to this list, but stored in nvRAM (Hardware or Emulated).
#
# The default setting is L"shim-fedora.efi,shim-centos.efi,PreLoader.efi,
# TextMode.efi,ebounce.efi,GraphicsConsole.efi,bootmgr.efi,shim.efi,fb.efi,
# shim{arch}.efi,fb{arch}.efi" ("{arch}" is the architecture, such as "x64").
#
# Uses default setting when commented out
#
#dont_scan_files shim.efi,MokManager.efi
# "Boot####" variables that should NOT be offered as loaders
# when "firmware" is an option to "scanfor". The comma-separated
# list presented here contains strings that are matched against the
# description field. If a value here is a case-insensitive substring
# of the boot option description, it will be excluded from the boot
# list. Strings that includes spaces must be enclosed in quotes.
# Specifying "shell" will override the automatic inclusion of
# built-in uEFI shells.
#
# Has an empty list (nothing is excluded) when commented out
#
#dont_scan_firmware HARDDISK,shell,"Removable Device"
# Tool binaries to be excluded from the tools line, even when the
# general class is specified in showtools. This enables trimming an