Jump to content

[GUIDE] ScanPolicy: choose device types and operating systems to be scanned by OpenCore


miliuco
 Share

72 posts in this topic

Recommended Posts

question @eSaF your EFI partitions drive, are they empty (except the drive who boot OC)
question @miliuco did you put one EFI fields in each EFI drive partition?


it's should be the reason why some of you have some EFI entries visible or not

Edited by odemolay
Link to comment
Share on other sites

33 minutes ago, odemolay said:

question @eSaF your EFI partitions drive, are they empty (except the drive who boot OC)
question @miliuco did you put one EFI fields in each EFI drive partition?


it's should be the reason why some of you have some EFI entries visible or not

My system is a dual boot, BS and Widows 10, the EFI Partition does not show at the Boot Menu as intended by the devs. I have a disk containing Catalina which I hotplug from time to time, this has no EFI Partition but is booted from the one that resides on BS my main Drive. The only time an EFI Partition (which is on the USB Drive it self) is visible at the Boot Menu is when I plug in my USB Installer drive. I did explain all this in a previous post. Hope this answers your query.

Link to comment
Share on other sites

2 hours ago, odemolay said:

question @eSaF your EFI partitions drive, are they empty (except the drive who boot OC)
question @miliuco did you put one EFI fields in each EFI drive partition?


it's should be the reason why some of you have some EFI entries visible or not

Each EFI partition (BS disk, BS backup disk, Windows disk) has its own EFI folder, in macOS each EFI folder has its own OpenCore and in Windows the EFI folder is the one created by Windows at installation. No EFI partition is empty. That is, each EFI partition has one (only one) EFI folder.

Link to comment
Share on other sites

11 minutes ago, miliuco said:

Each EFI partition (BS disk, BS backup disk, Windows disk) has its own EFI folder, in macOS each EFI folder has its own OpenCore and in Windows the EFI folder is the one created by Windows at installation. No EFI partition is empty. That is, each EFI partition has one (only one) EFI folder.

it's the reason why you see EFI, try to let empty the EFI partition, except the drive wiche  one you boot. You wont have anymore EFI at the boot picker.

Link to comment
Share on other sites

Yes, sure it´s true and it's probably what happens to @eSaF but remember there is an option in ScanPolicy that says

 OC_SCAN_ALLOW_FS_ESP, allows scanning of EFI System Partition file system

so in OpenCore there is an option to show or not the EFI partitions.

Link to comment
Share on other sites

1 hour ago, miliuco said:

Yes, sure it´s true and it's probably what happens to @eSaF but remember there is an option in ScanPolicy that says

 OC_SCAN_ALLOW_FS_ESP, allows scanning of EFI System Partition file system

so in OpenCore there is an option to show or not the EFI partitions.

Guys something may be off on my system but then again Download Fritz said that function Show/Hide option was removed from OC some releases ago. I just this option OC_SCAN_ALLOW_FS_ESP and it threw up this error - OC: Invalid ScanPolicy 400 Halting on critical error -

Spoiler

153651109_Screenshot2021-04-18at19_02_58.thumb.png.6a7c1021404a72920ec95ef8ed4f6640.png958335184_Screenshot2021-04-18at19_12_58.thumb.png.d2421036b1870593238f1bbbaac759a3.png

and I couldn't reach the Boot Menu. As I said previously, I prefer the cleaner look of my Boot Menu where I don't have to contend with an EFI Partition that won't be used or called upon on a day to day basis. See the attached hopefully explaining what I am saying.

Link to comment
Share on other sites

1 hour ago, eSaF said:

Guys something may be off on my system but then again Download Fritz said that function Show/Hide option was removed from OC some releases ago. I just this option OC_SCAN_ALLOW_FS_ESP and it threw up this error - OC: Invalid ScanPolicy 400 Halting on critical error...

and I couldn't reach the Boot Menu. As I said previously, I prefer the cleaner look of my Boot Menu where I don't have to contend with an EFI Partition that won't be used or called upon on a day to day basis. See the attached hopefully explaining what I am saying.

 

Download Fritz has commented about removing the OC_SCAN_ALLOW_FS_ESP option? I do not know if I understood you correctly.
In the Dortania documentation for the current beta version of OpenCore, when talking about ScanPolicy, this option is still there. With the value 1024 as in your example. And I also get ocvalidate error if ScanPolicy=1024.


Here's something that doesn't seem logical to me. The first option on the list is
OC_SCAN_FILE_SYSTEM_LOCK, restricts scanning to only known file systems defined as a part of this policy
For me this means that, if this option is NOT selected, OpenCore does not restrict the scan to file systems defined in ScanPolicy but will scan any file systems present.


But, as you have said, when checking OC_SCAN_ALLOW_FS_ESP, leaving OC_SCAN_FILE_SYSTEM_LOCK blank, ocvalidate warns of the error:
Misc-> Security-> ScanPolicy requests scanning filesystem, but OC_SCAN_FILE_SYSTEM_LOCK (bit 0) is not set!


I have selecting another file system (APFS, NTFS, HFS ...) leaving blank the first option OC_SCAN_FILE_SYSTEM_LOCK and ocvalidate warns of the same error.
The error is not for selecting only EFI partitions but for selecting any file system when the first option is unchecked.
The only way that ocvalidate passes ok with the first option unchecked is when ScanPolicy=0, which is equal to not selecting any option.

 

I can say the same about the second option
OC_SCAN_DEVICE_LOCK, restricts scanning to only known device types defined as a part of this policy
Any device type checked when this second option is unchecked > ocvalidate gives also error.

 

It seems that it's mandatory to check options 1 and 2 except when none is checked (ScanPolicy=0).

 

Edited by miliuco
Link to comment
Share on other sites

15 minutes ago, miliuco said:

 

Download Fritz has commented about removing the OC_SCAN_ALLOW_FS_ESP option? I do not know if I understood you correctly.
In the Dortania documentation for the current beta version of OpenCore, when talking about ScanPolicy, this option is still there. With the value 1024 as in your example. And I also get ocvalidate error if ScanPolicy=1024.


Here's something that doesn't seem logical to me. The first option on the list is
OC_SCAN_FILE_SYSTEM_LOCK, restricts scanning to only known file systems defined as a part of this policy
For me this means that, if this option is NOT selected, OpenCore does not restrict the scan to file systems defined in ScanPolicy but will scan any file systems present.


But, as you have said, when checking OC_SCAN_ALLOW_FS_ESP, leaving OC_SCAN_FILE_SYSTEM_LOCK blank, ocvalidate warns of the error:
Misc-> Security-> ScanPolicy requests scanning filesystem, but OC_SCAN_FILE_SYSTEM_LOCK (bit 0) is not set!


I have selecting another file system (APFS, NTFS, HFS ...) leaving blank the first option OC_SCAN_FILE_SYSTEM_LOCK and ocvalidate warns of the same error.
The error is not for selecting only EFI partitions but for selecting any file system when the first option is unchecked.
The only way that ocvalidate passes ok with the first option unchecked is when ScanPolicy=0, which is equal to not selecting any option.

 

I can say the same about the second option
OC_SCAN_DEVICE_LOCK, restricts scanning to only known device types defined as a part of this policy
Any device type checked when this second option is unchecked > ocvalidate gives also error.

 

Bro at this moment I don't know what to think, which is right or wrong so I am going to put the subject to bed for the time being. ;)

  • Haha 1
Link to comment
Share on other sites

33 minutes ago, eSaF said:

Bro at this moment I don't know what to think, which is right or wrong so I am going to put the subject to bed for the time being. ;)

:D

27 minutes ago, 5T33Z0 said:

Fun fact: When using scan policy 0, if you have more than one hdd with a macOS installation, BootPicker will show an extra entry for each additional EFIs on other drives. I for example have 3 macOS versions installed one on 3 separate disks, so I see 2 extra entries for EFI partitions in the Bootpicker.

Yes, it's the same to me with ScanPolicy 0. EFI partitions are shown. But @eSaF doesn't see EFI partitions with that value, except the one in the install USB.

Link to comment
Share on other sites

9 minutes ago, Andrey1970 said:

OpenCore automatically hides himself. But if you have second EFI with OpenCore, it will be shown. OpenCore who is loaded, will be hidden. Vasya who isn't loaded, will be shown.

 

Thanks for the info. I wasn't sure about this.

 

@eSaF I understand now why yo see only 1 EFI when yo have plugged the install USB.

@5T33Z0 it's as you say in your last post.

 

Edited by miliuco
Link to comment
Share on other sites

Can I ask this question - In the BIOS boot list of Disk what name is the BS Disk, is it the generic name or is it Opencore? I have stuck to the generic name don't know if that is correct or if it makes a difference or how much as long as it boots up. :P

Link to comment
Share on other sites

7 minutes ago, eSaF said:

Can I ask this question - In the BIOS boot list of Disk what name is the BS Disk, is it the generic name or is it Opencore? I have stuck to the generic name don't know if that is correct or if it makes a difference or how much as long as it boots up. :P

It depends of LauncherOption:

  • LauncherOption=Disabled (equivalent to BootProtect=None in OC 0.6.5): computer's boot menu shows connected disks but OC does not write its own entry into BIOS (OpenCore not seen in BIOS)
  • LauncherOption=Full (equivalent to BootProtect=Bootstrap in OC 0.6.5): OC writes an entry into BIOS pointing directly to OpenCore.efi and the computer's boot menu shows OC and connected disks (OpenCore as default boot device in BIOS).

@eSaF

From 0.6.6 I work well with LauncherOption=Disabled, I deleted OpenCore from BIOS boot menu and I have there only connected disk names, with macOS disk in the first place.

  • Thanks 1
Link to comment
Share on other sites

22 hours ago, odemolay said:

it's the reason why you see EFI, try to let empty the EFI partition, except the drive wiche  one you boot. You wont have anymore EFI at the boot picker.

You're right, if there is only one EFI folder and it's in the macOS boot disk it's hidden in the picker. I didn't know this.

  • Like 1
Link to comment
Share on other sites

13 minutes ago, miliuco said:

You're right, if there is only one EFI folder and it's in the macOS boot disk it's hidden in the picker. I didn't know this.

Bro that is what I was saying in my clumsy way a few posts back. The only time an EFI Partition shows up is if I plug in an installer USB which will be on the USB Drive it self. I only need an EFI Folder on the BS ( my main Drive) to launch Catalina or Mojave and these two boot without having an EFI Folder just using the one on BS only.

Link to comment
Share on other sites

10 minutes ago, eSaF said:

Bro that is what I was saying in my clumsy way a few posts back. The only time an EFI Partition shows up is if I plug in an installer USB which will be on the USB Drive it self. I only need an EFI Folder on the BS ( my main Drive) to launch Catalina or Mojave and these two boot without having an EFI Folder just using the one on BS only.

Yes, yes, I was wrong about this. Sorry. As I have more than 1 EFI folder, the picker shows the EFIs other than the booting disk. As you have only 1 EFI, you have to plug the install USB to see at less 1 EFI. Now I understood it. With the help of @Andrey1970 comment.

Sorry for my delay in understanding. Sometimes my brain gets stuck.

 

@odemolay @5T33Z0 this is also for you :(

 

Edited by miliuco
Link to comment
Share on other sites

  • 8 months later...
On 4/14/2021 at 2:41 PM, miliuco said:

 

Yes, it's strange, you and me see EFI partition/s when ScanPolicy=0 but @eSaF doesn't see that boot devices when using 0.

The only reference I can found about 0 value is in this Dortania text but in none of the OpenCore Configuration files I've reviewed a single word is said about that value.

 

thank you my friend, I put 2689795 and the EFI Partitions dissappeared 

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

Late to this thread but hopefully someone can assist. Here is my setup:

 

3 NVME drives each with a separate OS and no combined \EFI folders: Win10, OSX and Manjaro Linux

 

Would like to stick to manually adding entries in config.plist (example: PciRoot(0x0)/Pci(0x1B,0x4)/Pci(0x0,0x0)/NVMe(0x1,41-9D-07-D2-13-A7-79-64)/HD(1,GPT,149C028F-99F0-4847-A631-A834A4DCEA5D,0x1000,0x96000)/\EFI\Manjaro\grubx64.efi)

 

I don't want Opencore to duplicate entries. What should my scan policy setting be if I want to do this?

Link to comment
Share on other sites

22 minutes ago, antuneddu said:

As a scan policy you can use this value 2687747

This is what it shows at boot if you prefer you can hide Recovery and Tools further

799623205_Schermata2022-01-20alle00_37_35.thumb.png.ac143ca57e32f632659bf32efa291725.png

 

 

 

I'll give that a shot. Will that allow for USB boot in future?

Link to comment
Share on other sites

 Share

×
×
  • Create New...