Jump to content

How Do I Get Full Security Mode In Apple Secure Boot To Work?


2 posts in this topic

Recommended Posts

I've followed this guide...

Apple Secure Boot - Dortania

 

I did everything the guide asks... However, upon checking on the terminal to see if it worked, by issuing command 

Code Block sh
nvram 94b73556-2197-4702-82a8-3e1337dafbfb:AppleSecureBootPolicy

It only gives me %01 which is medium security.

What am I doing wrong?

I did enter recovery mode and blessed "CoreServices" as the guide asks...

 

But no avail. Can't get Full Security.

Link to comment
Share on other sites

Sure you have all this done but for recheck.

 

OpenCore provides 3 keys to enable Secure Boot:

  • Misc >> Security >> DmgLoading: to set load policy with DMGs in OpenCore; it can be Any (boot fails if Secure Boot is enabled), Signed and Disabled (both support Secure Boot)
  • Misc >> Security >> SecureBootModel: to set the Apple Secure Boot hardware model and policy; SecureBootModel equate to Medium Security (01), for Full Security (02) you must use ApECID
  • Misc >> Security >> ApECID: to use personalized Apple Secure Boot identifiers and to have Full Security (02) when paired with SecureBootModel.

SecureBootModel valid values:

  • x86legacy is recommended for Big Sur or Monterey
  • j137 is recommended for macOS 10.13.2 through 10.15.x
  • you can also set Secure Boot Model to the value that corresponds to the macOS version you want to boot (example j160 for macOS Catalina 10.15.1 or newer).

When using ApECID, SecureBootModel must have a defined value instead of Default (Default can change in following versions of OpenCore).

It's advisable to personalize the boot volume the first time that macOS boots with an ApECID value. To do this:

  • boot into Recovery
  • be sure you have an Internet connection
  • open Terminal
  • bless --folder "/Volumes/HD/System/Library/CoreServices" --bootefi --personalize
    (replace HD with the name of your system volume)
  • reboot into macOS.

 

Edited by miliuco
  • Like 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...