Mount EFI automatically on login

sos86

New member
Original poster
Aug 28, 2020
14
3
3
With hackintoshing requiring regular updates to OpenCore on the EFI partition, I became frustrated at needing to manually mount EFI each time, either via the terminal, or using Clover etc.

Given macOS no longer uses fstab, or at least fiddles with it through automounter, I found it surprisingly difficult to automount the EFI partition. Lots of web sites tell you how to stop a drive automounting, but that's the opposite of what I wanted. So:

BEST METHOD (IMHO):

1. Create the following script using textedit or similar, and save as 'mount-EFI.sh'. Make it executable with chmod +x.

#!/bin/sh
sudo diskutil mount -mountPoint /System/Volumes/Data/EFI/partition-UUID

where partition-UUID is the EFI partition's UUID.

2. Create the following plist, again using TextEdit or similar:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.user.loginscript</string>
<key>ProgramArguments</key>
<array><string>/Users/username/mount-EFI.sh</string></array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

Where "/Users/username/mount-EFI.sh" refers to the location of your script in Step 1.
Ensure the shell script 'mount-EFI.sh' created in step 1 is located at the path specified e.g. /Users/username/mount-EFI.sh

3. Save the plist as 'com.user.mount-EFI.plist'

4. Place 'com.user.mount-EFI.plist' in ~/Library/LaunchAgents

5. Edit the sudoers file to allow your user to mount using diskutil without requiring a password:
a. run the following terminal command: sudo visudo
b. add the following to your sudoers file: username ALL = (ALL) NOPASSWD: /usr/sbin/diskutil
c. save and exit your sudoers file


ALTERNATIVE (uses the Automator Application):

1. Create the mount-EFI.sh as above

2. Use Automator Application to create an app called 'mount-EFI.app' or similar, which runs the mount-EFI.sh script

2. Launch “mount-EFI.app” as a startup item for any user you wish

3. Make sure your sudoers file is edited as above

NOTE: this will allow you to run 'sudo diskutil' in a terminal without needing a password. There is likely to be a workaround for this if you are concerned!
 
Last edited:

sos86

New member
Original poster
Aug 28, 2020
14
3
3
Thanks - that does what it says on the tin. Still, it's a little more overengineered for what I want it to do i.e. simply mount the EFI partition silently on login.

I also had a bit of fun & learning working out my own wheel :)
 

olbo

Member
Jun 26, 2020
48
25
18
Code:
echo -n password

↑ Please don't do this, it's a huge security risk.

You should use DiskImageMounter or fstab
 

sos86

New member
Original poster
Aug 28, 2020
14
3
3
For a single user PC, where I am the admin + user, I don't really see this, but of course everyone's situation is different. The user's password is in plain text in the file, but given its location can only be read by the user logging in using their own password anyway, the risk seems low (although I appreciate if you left yourself logged in and someone else browsed the plain text script file, they could get your password). Still, for a single user, home PC, I find the considered risk acceptable. YMMV.

Another way to avoid the plain text password would be to add the command "diskutil mount" to the sudoers list for my username.

I tried using fstab, but as mentioned, Apple gimps fstab, so the correct / usual fstab syntax won't automount the EFI partition. Believe me, I tried and automount or some other macOS-specific startup daemon gets in the way and does its own thing.

I'm interested to learn how DiskImageMounter may be used to silently mount the EFI partition automatically though - but couldn't find any info on how to do so.
 
Last edited:

olbo

Member
Jun 26, 2020
48
25
18
For a single user PC, where I am the admin + user, I don't really see this
Code:
cat ~/mount-EFI.sh
Any script could execute this whilst your logged in without prompt and authenticate any command, don't be naive - it's a security risk. Don't do it
 

sos86

New member
Original poster
Aug 28, 2020
14
3
3
Thanks - I feel a bit less naive now. Still not sure where such a script might come from, but one can imagine.

I'll go sudoers, unless there's a clear way to do it with fstab, or DiskImageMounter (remember: silently, with no user interventions, on login).

EDIT: altered above to use sudoers method instead of passing a plaintext password in script.
 
Last edited:
  • Like
Reactions: olbo

008_

New member
Nov 28, 2020
1
0
1
I was just looking for such a solution. I did everything as described, but your method doesn't work.

When you try to run the script, it is replaced:
Mount the volume in the "standard" place (/Volumes), unless an optional
"custom" mount point is specified.

With hackintoshing requiring regular updates to OpenCore on the EFI partition, I became frustrated at needing to manually mount EFI each time, either via the terminal, or using Clover etc.
 

Attachments

  • terminal.png
    terminal.png
    198.2 KB · Views: 2
  • mount_efi.png
    mount_efi.png
    11.1 KB · Views: 2

sos86

New member
Original poster
Aug 28, 2020
14
3
3
I created the above mount point /System/Volumes/Data/EFI/ manually, and ensure you can write to that location.

...and the above still works for me, although I had to re-edit the sudoers file again, since it got overwritten when I moved from Big Sur Beta to Big Sur public release.

EDIT: I noticed a space character between "EFI/ partition" in "sudo diskutil mount -mountPoint /System/Volumes/Data/EFI/partition-UUID" in my original script (now edited & fixed). You carried this through to your script. Get rid of the space, and it should fix your issue.
 
Last edited: