I am trying to secure an Ubuntu server image. I'm not sure what you mean by mode, under secure boot there are no options to upload private keys so I have tried using keytool to do so (Managing EFI Boot Loaders for Linux: Controlling Secure Boot ). Within keytool (run through the efi shell), the system is in setup mode. Within the nuc bios on the NUC7i7BNH again there are no options to upload a private platform key (PK), there is only an option to generate an intel platform key.
The goal for this is to :
Use secure boot to load a custom ubuntu server image and prevent that ubuntu server from loading if secure boot is turned off, or if the secure boot keys have been changed.
Any direction on this would be appreciated. We are hoping to use the NUC as the platform for our product and can start our eventual rollout of thousands of devices once we have a secure boot implementation.
We have not had any report of issues when doing secure boot however we dont officially validate Linux on NUC7i7BNH, please see the following web site for further information about validated operating systems: Supported Operating Systems for Intel® NUC Products
On the other hand, can you provide me with all the steps required to duplicate this issyue? We dont provide full support to this configuration but I can try to do my best effort to help you out.
If you are using KeyTool my understanding if that to add a key to data base the .auth needs to be generated with -a switch