OpenCore Menu Password

With OpenCore 0.6.1 and newer, users are able to set a SHA-512 password to ensure best security with their setups. This will enable a password prompt whenever elevated tasks are required. This includes:

  • Showing boot menu
  • Booting non-default OSes and tools(ie. not blessed by Startup Disk or Bootcamp Utility)
  • Resetting NVRAM
  • Booting non-default modes(ie. Verbose or Safe Mode via hotkeys)

With OpenCore 0.6.7, a new tool called ocpasswordgen was added to aid users in generating passwords.

To start, lets grab OpenCore 0.6.7 or newer and run the ocpasswordgen binary under Utilities/ocpasswordgen/. It'll prompt you to create a password:

For this example, we chose Dortania as the password. ocpasswordgen then popped out 2 important values we need for our config.plist:

  • PasswordHash: Hash of the password
  • PasswordSalt: Ensures 2 users with the exact same password do not do not have the same hash

Next let's open our config.plist and add these values to Misc -> Security:

  • Note: Don't forget to also enable EnablePassword

Once these changes have been made, you can save and reboot the machine. Now when you enter OpenCore's menu, you should receive a prompt:

Enter your password and you should get your regular boot options:

  • Note: Between typing the password and entering the menu, some older machines and VMs can take 30 seconds+ to finish verification. Please be patient