It is recommended to have a backup of your system before installing OpenCore.
automates the process of installing OpenCore on your system
Linux:
- Checks if required packages (openssl, unzip, mokutil, efitools, curl) are installed and if necessary directories and files exist.
- Installs any missing packages using APT or DNF package managers.
- Creates necessary directories for the script to work.
- Downloads the latest release of OpenCore from a GitHub repository and extracts necessary directories (X64, Docs, Utilities).
- Copies system files to the appropriate destination.
- Creates a signed version of the X64 directory by signing the .efi .kext files using sbsign.
- Provides options for installing OpenCore with or without secure boot.
- Installs OpenCore by copying files to the EFI partition.
Before running script, ensure that you have the following:
- Internet connectivity.
- Appropriate permissions to modify system files.
- Basic knowledge of EFI, OpenCore, and system booting.
- For Ubuntu & Fedora Based Linux Distro or Windows
- For X64 Computer
Linux:
- chmod +x OpenCore-UEFI-Setup.sh && ./OpenCore-UEFI-Setup.sh
- WHEN ASKED DO NOT INSTALL OPENCORE YOU MUST MODIFY system-files FOLDER FOR YOUR SYSTEM
(anything in system-files folder will be copied into Download/X64/EFI/OC/ folder overriding files) - Re-Run Shell Script: ./OpenCore-UEFI-Setup.sh
- You Now Can Install OpenCore on your system
can't install in Windows Subsystem for Linux (WSL)
Adding Secure Boot Support:
The RequireSignature key enables the requirement for signed bootloaders and kernel extensions (kexts).
Setting it to <true/> ensures that only signed components are loaded.
The RequireVault key enables the requirement for a vaulted configuration, which provides additional security measures. Setting it to <true/> ensures that the configuration is vaulted.
The ScanPolicy key sets the policy for scanning unsigned drivers during boot. Setting it to <integer>0</integer> allows all drivers to load regardless of their signatures. You can change this value if you want to enforce stricter policies.
Open your config.plist (system-files/config.plist) file using a text editor.
Locate the "Misc" section in the file. If it doesn't exist, add the following code to create it:
<key>Misc</key>
<dict>
</dict>
Inside the "Misc" section, add the following code to enable UEFI Secure Boot:
<key>Security</key>
<dict>
<key>RequireSignature</key>
<true/>
<key>RequireVault</key>
<true/>
<key>ScanPolicy</key>
<integer>0</integer>
</dict>
should look like:
<plist version="1.0">
<dict>
<!-- Other sections and settings -->
<key>PlatformInfo</key>
<dict>
<!-- Other settings -->
<key>Misc</key>
<dict>
<key>Security</key>
<dict>
<key>RequireSignature</key>
<true/>
<key>RequireVault</key>
<true/>
<key>ScanPolicy</key>
<integer>0</integer>
</dict>
</dict>
<!-- Other settings -->
</dict>
<!-- Other sections and settings -->
</dict>
</plist>