[GUIDE] ScanPolicy: choose device types and operating systems to be scanned by OpenCore

[miliuco]

@149113

Set 2687747 as @antuneddu says, in this way OpenCore will not show autodetected Windows and Linux systems but it will show the custom entries.

[Guest 5T33Z0]

On 4/13/2021 at 11:53 PM, eSaF said:

@miliuco - Here is my config.plist minus personal data depicting my setup to give the desired Boot Menu.

  Reveal hidden contents

config.plist 19.75 kB · 8 downloads

 

As you can see from the post before, I do not see EFI Partitions at the Boot Menu, I don't know if that is a fluke on my part or the way my system is configured.

 

Well, there are specific conditions which have to be met: EFI partitions ARE displayed in the BootPicker when using ScanPolicy 0, ONLY IF other EFI partitions on other disks with bootloaders exist!

Edited January 20, 2022 by 5T33Z0

[makk]

On 1/12/2021 at 4:31 PM, miliuco said:

ScanPolicy key (integer) goes within Misc / Security in config.plist.

It defines device type and operating system detection policy. In accordance with this value, we can define different file systems and devices that OC scans and can boot. It is calculated by adding hexadecimal values of systems and devices, chosen in the list of the OC configuration PDF, and converting the total sum to their decimal value, which must be noted in config.plist.

 

From OC configuration PDF, failsafe value is 0x10F0103 corresponding to:

OC_SCAN_FILE_SYSTEM_LOCK - 1
OC_SCAN_DEVICE_LOCK - 2
OC_SCAN_ALLOW_FS_APFS - 100
OC_SCAN_ALLOW_DEVICE_SATA - 10000
OC_SCAN_ALLOW_DEVICE_SASEX - 20000
OC_SCAN_ALLOW_DEVICE_SCSI - 40000
OC_SCAN_ALLOW_DEVICE_NVME - 80000
OC_SCAN_ALLOW_DEVICE_PCI - 1000000

1 + 2 + 100 + 1000 + 2000 + 4000 + 8000 + 1000000 = 0x10F0103 (17760515 in decimal).

 

Setting to 0 will allow all sources present to be bootable.

 

But we may want to customize this. For example, I want to select this items:

0x00000001 — OC_SCAN_FILE_SYSTEM_LOCK, restricts scanning to only known file systems defined as a part of this policy.
0x00000002 — OC_SCAN_DEVICE_LOCK, restricts scanning to only known device types defined as a part of this policy.
0x00000100 — OC_SCAN_ALLOW_FS_APFS, allows scanning of APFS file system.
0x00000200 — OC_SCAN_ALLOW_FS_HFS, allows scanning of HFS file system.
0x00000800 — OC_SCAN_ALLOW_FS_NTFS, allows scanning of NTFS (Msft Basic Data) file system.
0x00010000 — OC_SCAN_ALLOW_DEVICE_SATA, allow scanning SATA devices.
0x00080000 — OC_SCAN_ALLOW_DEVICE_NVME, allow scanning NVMe devices.
0x00200000 — OC_SCAN_ALLOW_DEVICE_USB, allow scanning USB devices

Corresponding to 0x290B03, that's 2689795 in decimal. This is the value I write in config.plist.

 

Note: if you check 0x00000400 — OC_SCAN_ALLOW_FS_ESP, allows scanning of EFI System Partition file system all EFI partitions will be visible which may not be desirable.

 

As always, in Dortania there is an excellent text about this.

 

@miliuco great detail.

 

But to find all EFI"s present once is good and then set it back.

The OC will then be smarter in telling you which EFI"s you need to Custom Entry.

 

Good tips!  Amazing math teacher.

 

Peace out

[makk]

On 4/18/2021 at 5:05 PM, miliuco said:

It depends of LauncherOption:

• LauncherOption=Disabled (equivalent to BootProtect=None in OC 0.6.5): computer's boot menu shows connected disks but OC does not write its own entry into BIOS (OpenCore not seen in BIOS)
• LauncherOption=Full (equivalent to BootProtect=Bootstrap in OC 0.6.5): OC writes an entry into BIOS pointing directly to OpenCore.efi and the computer's boot menu shows OC and connected disks (OpenCore as default boot device in BIOS).

@eSaF

From 0.6.6 I work well with LauncherOption=Disabled, I deleted OpenCore from BIOS boot menu and I have there only connected disk names, with macOS disk in the first place.

@miliuco this is true and if some change occurs somewhere in oz land, the bios entry gets whacked, no longer present.  Then have to resort to USB boot of OC to get an entry.
I've had this problem on this laptop quite often.   The entry in bios does not remain. But on my Desktop it remains.  

So for these stubborn older bios models which is probably secured even though you disabled the security and tpm is still present as enabled yet shows disabled.  robocop

 

The bios plays a major role in booting.  Thus all bios are not equal in creation and then running mode.

 

Clover Bootloader on the other hand places the boot on the drive where it is secured and only the user has knowledge to remove them. Whereas in the bios, if you update the bios sometimes the new bios erases the data present. Re-refresh mode.  Cleans out the data. 
I've seen this happen quite often.  Also if running WIndows it interacts with the bios in such a way to check TPM and the secure boot measures.  Handshaking and micromanaging.

 

I've thought this through for some time.  If one can place a small 1GB hdd or ssd or smaller ---I don't know if they make anything that size any longer--- on the drive then place OC there it can then be at the top of the data food chain.

 

1 OC dedicated drive singular not present on another drive -- Boot Manager (then it can habitate without interruptions and keeps its own.) No intrusions but you the user.

2 Windows - dedicated drive singular has its efi

3 Linux flavor -- same

4 MacOS -- ditto

etc, etc.,. ditto ditto

 

OC can run on fat32 labeled as OpenCore doesn't require an EFI partition to be cut out. But since MacOS and Windows on straight up installs creates an EFI partition

it is common practice to install OpenCore or Clover into the EFI. 

On my Windows Desktop I have a volume as local and it has OpenCore habitating there.  Not an EFI partition.

 

There was a site that had a dedicated Scanpolicy configurator on the web haven't found it. Is it still up?

Edited November 18, 2022 by makk

[makk]

As for the issue with NO NAME for EFI, which is labeled NO NAME it has to be set to some label other than NO NAME  

Make it a local Fat32 and give it a letter like X. 

From the NO NAME EFI. which was probably created later on, you might encounter a not boot situation for Custom Entry. 

I have NO Name on this laptop for the Windows dedicated EFI which I did label it EFI but later who knows what? it became NO NAME.. crazy data stuff, must be high.

 

Anyway the NO NAME  does affect OpenCore from having a bootable Windows in Custom Entry to boot. It won't boot from that.

Must have a labeled and working EFI folder at least with the boot.efi. or boot.dat.

 

Heres the layout

| NO NAME in first partition has EFI\Microsoft\Boot\all the files\ ..\..\..\Recovery 100MB or 200MB | Microsoft Reserved MSR 16MB | WIndows ------------------- |  Recovery | 

 

Here's the layout for MacOS

| EFI OpenCore|Clover 200MB | MacOS Your Flavor |

 

Then you go and stat OpenShell and find that WIndows partition is not designated as FS( ) but as  BLK14 or something like this

But it boots regardless because OpenCore has miraculously found it and placed it in the Boot Lineup. (then you try to Custom Entry and no boot if found or no entry appears)

 

While stat 'ing OpenShell you find a few EFI's one is OpenCore and it may have the Microsoft Boot info there which it might have been manually placed there instead of OpenShell-- OpenCore creating it.

Along with the MacOS which has a FSx and then you find BLK1 or BLK11 or such these are not attached to FSx and no Custom Entry will work. Nill.

 

So one has to boot with OpenCore and install with OpenCore or use the EFI partition at the first position delete Microsoft created one for OpenCore and have it 's space.
Then manually insert Microsoft Boot info and hopefully OpenCore finds all the partitions including the WIndows Data and has it's own FS(X) --X = number designated by OpenShell such as FS5 for the Data Drive portion.

Can't have a Windows or similar in the BLCK designation as you won't mostly likely be able to create Custom Entry. 

OpenCore will boot the WIndows partition as long as it is in the database but not from the Custom Entry created as this will most likely be futile exercise.

 

So to conclude need an AI Bootloader that sees all and makes the necessary preps.

Thus having a Bootloader dedicated in it's own untouched spaced carved out to sit in,  no other data present like perhaps a Flash firmware on the board or something could be anything actually,

it then immediately gets the events and makes the necessary adjustments to run your flavor of OS. Any flavor OC can handle, most common is MacOS and Windows and Linux.

Because everything regarding OS boot is handled exclusively by OpenCore and it does what it is intended.

 

Peace Out have a great weekend!

Wonderful and stimulating to read. Thank you

[miliuco]

@makk

 

https://oc-scanpolicy.vercel.app

[Anto65]

It is already integrated in OCAT 🙂

 

[makk]

10 hours ago, antuneddu said:

It is already integrated in OCAT 🙂

 

@miliuco @antuneddu great thanks.

 

My final question regarding OCAT is how to integrete  BTWISE NDK Mod? Where in this app and where to point it to?

 

Edited November 19, 2022 by makk

[Anto65]

https://www.insanelymac.com/forum/topic/354675-solved-opencore-086-crash-dual-boot-with-windows-works-with-no-acpi-version-bt-wise/?do=findComment&comment=2796666

 

[makk]

28 minutes ago, antuneddu said:

https://www.insanelymac.com/forum/topic/354675-solved-opencore-086-crash-dual-boot-with-windows-works-with-no-acpi-version-bt-wise/?do=findComment&comment=2796666

 

1 this is link in BTWISE's OCAT on github pointer.

https://gitee.com/btwise/OpenCore_NO_ACPI

 

2 this one is the githbub one.

https://github.com/wjz304/OpenCore_NO_ACPI_Build/releases/tag/0.8.6_4319b15 < Latest

 

3 This one shows the link address to use. But since he also has a github, there should be a repository database to hookup OCAT to and download all updates like wth OC no mod version.

I think from the looks of it and it is sort of vague on instructions, should be able to connect to this mod repository to work like with Non mod version.

https://github.com/wjz304/OpenCore_NO_ACPI_Build/ < Repository

 

I let you know if I have success.

 

Thank you

 

 

Edited November 19, 2022 by makk

[makk]

@antuneddu 

 

Here's the way to link OCAT to OpenCore Mod.

Received email from ING and he has posted the steps.

Take a look at the screenshots to do this.

Pardon the Eastern Language -- 

 

Step 1 Gotto Edit> Click OpenCore DEV first it will popup a window

Step 2 The popup window says no go. Click Ok.

Step 3  Gotto Edit > Click Upgrade OpenCore and Kexts > this brings up new dialog box

Step 4 In the dialog box insert new web address: > https://github.com/wjz304/OpenCore_NO_ACPI_Build and click > Get OpenCore

Step 5 A new popup describing what is going to be downloaded.

Step 6 Another popup dialog after clicking OK to again click OK on the next box to confirm downloading the latest MOD Version

Step 7 Continue to next step click the UpgradeOpenCore & Kexts button brings up new menu and click start sync.

 

Latest will be downloaded to the Download Folder in a zip file. this seems to take some time.

The version should be reflected in the main window along with on the top left corner a status is present:  Sync OpenCore DEV 0.8.x

 

 

Edited November 20, 2022 by makk

[Anto65]

Off topic .... Post in the right section

[miliuco]

Yes @makk this is off topic but interesting enough to post it as standalone thread in the guides forum. How to no acpi OpenCore with OCAT. Even for me, I now know how to do it. 

[Anto65]

@miliuco I have posted several times how to with OCAT    "  Alternative method to update quickly and easily "

 

https://www.insanelymac.com/forum/topic/354675-solved-opencore-086-crash-dual-boot-with-windows-works-with-no-acpi-version-bt-wise/?do=findComment&comment=2796666

 

However it doesn't work pasting the link  https://github.com/wjz304/OpenCore_NO_ACPI_Build ...  It will download the DEV official  version. (0.8.7) not the Mod 😉

 

[miliuco]

@antuneddu

 

You are right, I have forgotten it 😕

 

I am not able to download the mod from OCAT either, it downloads the official version.

[makk]

13 hours ago, antuneddu said:

@miliuco I have posted several times how to with OCAT    "  Alternative method to update quickly and easily "

 

https://www.insanelymac.com/forum/topic/354675-solved-opencore-086-crash-dual-boot-with-windows-works-with-no-acpi-version-bt-wise/?do=findComment&comment=2796666

 

However it doesn't work pasting the link  https://github.com/wjz304/OpenCore_NO_ACPI_Build ...  It will download the DEV official  version. (0.8.7) not the Mod 😉

 

@antuneddu It don't work period. hahha

 

anyway ING has success. He must have edited some files in OCAT if so he hasn't posted it.

13 hours ago, miliuco said:

Yes @makk this is off topic but interesting enough to post it as standalone thread in the guides forum. How to no acpi OpenCore with OCAT. Even for me, I now know how to do it. 

Well you've gotta to be kiddin'  haha

 

have a nice Sunday  

[Max.1974]

Hi all, im have good experience with OC NO ACPI MOD. But im need notice that to me is a good experience too use only necessary SSDTS, because im learn that OC or CLover read and insert DSDT on System (like you create one from boot), avoid any issues like dual boot with Windows.

 

I so glad for all help coming from Maldon and all people from this site, and after many many years without "learn" something , im dedicate time and effort to read  many posts from Dortania and others, like "out of box" about Opencore, for exemple. Im use now normal Opencore like 0.8.7 with dual boot and works like a charm!

 

I respect all learning about DSDT (im was "born" listen all about it) and im know that was very necessary to work Laptops more complicated, like mine Lenovo E470, and some motherboards.

 

Maldon always help me inject thinks on DSDT was huge necessary, like my Keyboard layout (a friend my advanced programmer with Python make lines to inject Thanks Armenio) and Maldon compile to me.

 

In desktop im have better experience only use SSDTs, follow many instructions from Dortania or OC Little (from GitHub users), Brazilian youtubers to facility translate step by step how to build a proper EFI.

 

Thats it. Im just wish share with you guys, because is very important use DSDT when we have a complicate hardware. For me is more easy now to understand desktops, ProperTree, SSDTTime, Iasl exctract DSDT tools, Hackintool, and almost all needed to put our Hackintosh working.

 

Its amazing.

 

 

Edited November 30, 2022 by Max.1974

[makk]

14 hours ago, Max.1974 said:

Hi all, im have good experience with OC NO ACPI MOD. But im need notice that to me is a good experience too use only necessary SSDTS, because im learn that OC or CLover read and insert DSDT on System (like you create one from boot), avoid any issues like dual boot with Windows.

 

I so glad for all help coming from Maldon and all people from this site, and after many many years without "learn" something , im dedicate time and effort to read  many posts from Dortania and others, like "out of box" about Opencore, for exemple. Im use now normal Opencore like 0.8.7 with dual boot and works like a charm!

 

I respect all learning about DSDT (im was "born" listen all about it) and im know that was very necessary to work Laptops more complicated, like mine Lenovo E470, and some motherboards.

 

Maldon always help me inject thinks on DSDT was huge necessary, like my Keyboard layout (a friend my advanced programmer with Python make lines to inject Thanks Armenio) and Maldon compile to me.

 

In desktop im have better experience only use SSDTs, follow many instructions from Dortania or OC Little (from GitHub users), Brazilian youtubers to facility translate step by step how to build a proper EFI.

 

Thats it. Im just wish share with you guys, because is very important use DSDT when we have a complicate hardware. For me is more easy now to understand desktops, ProperTree, SSDTTime, Iasl exctract DSDT tools, Hackintool, and almost all needed to put our Hackintosh working.

 

Its amazing.

 

 

@Max.1974

 

Nice

 

On my previous laptop 1 each, had DSDT.  Sandybridge HD3000. <--good for El Captain --Sierra. 

 

On 2 laptops including current Acer Nitro 5 no dsdt strictly ssdt's and NO ACPI Mod. <--Good up to Big Sur somewhat sluggish due to older version of hardware ; Monterey runs slow; don't like slow.
Dual boot MacOS and Windows 10 Pro 22H2 no problems-- NO ACPI MOD --no worries to have to check SSDT's.

Kaby Lake, Broadwell chipsets hardware build

 

On Desktop running three flavors of Windows only, OC MOD 0.8.5 no MacOS. Runs fast.

When prices come down for AMD RX 6800 XT will install latest MacOS Ventura on Alder Lake Chipset. Prolly next summer, switch to Core i5 13600KF Cpu, Z790 MB, then upgrade to RTX 3080Ti.

 

I image the drives rather than fresh install every time.  when doing it this way saves time and OpenCore does boot every time.

 

I prefer simplicity rather than writing tons of statements in SSDT's to boot Windows. 

The way Clover implements OSI is rather unique and boots Windows no problems.

With OpenCore the need to have statements for OSI in every SSDT one creates or finds.  Kind of old fashioned.  

 

NO ACPI does make it simpler to dual boot.  less scrounging around and asking questions, hunting for the resources.  Simplicity

 

[Max.1974]

It's true my friend. I'm wait my order coming to my next hack. Seven years old my mobo z170 XP. I'm waiting before Christmas (depends from Amazon 😆😆😆) 

Today everething is to much expensive. For now I'm use a Vega RX 64 with my future Hack. 13th Gen i9 with GA Z790. I'm will see new AMD RX 7900 XTX series and pray to be compatible with Hackintosh. 

God bless you! 

Using SSDT with normal OC no issues with Windows boot. At the same disk or dual disks. 

God bless you all 

Best regards 

[makk]

On 11/30/2022 at 5:19 PM, Max.1974 said:

It's true my friend. I'm wait my order coming to my next hack. Seven years old my mobo z170 XP. I'm waiting before Christmas (depends from Amazon 😆😆😆) 

Today everething is to much expensive. For now I'm use a Vega RX 64 with my future Hack. 13th Gen i9 with GA Z790. I'm will see new AMD RX 7900 XTX series and pray to be compatible with Hackintosh. 

God bless you! 

Using SSDT with normal OC no issues with Windows boot. At the same disk or dual disks. 

God bless you all 

Best regards 

@Max.1974 God bless you too!

 

That is good.  

[oldman20]

 

I set ScanPolicy like this but EFI partition in USB not show in GUI. (I can see EFI USB Part if check all of it!) and OC log record like this, but actually I don't check Linux Root or Linux Data, right?

00:000 00:000 LNX: AutodetectLinux not root fs - Not Found
02:123 02:123 LNX: AutodetectLinux not root fs - Not Found

 

Edited January 11, 2023 by oldman20
add captures

[oldman20]

Finally found! Working as expect