We have the same question ! Same quirks to enable secure boot and use customised BIOS settings. Even that is not possible. Intel please provide a solution for this issue. A Windows and a Linux version of the Intel Integrator Toolkit could solve this.
1 of 1 people found this helpful
You can create a USB flash drive with the EFI Shell file and boot from that instead of the built-in EFI Shell. You can download the source for the EFI Shell from tianocore.org or use this binary:
This is the article I saw this in. Second comment from the top:
Create a USB flash drive formatted in FAT32. Create a directory \EFI\BOOT\
Copy the file you downloaded to this folder and rename it BOOTX64.EFI
Make sure Secure Boot is disabled. Boot the system and press F10 One-Time Boot menu. Select the EFI USB drive and you should be golden.
This message was posted on behalf of Intel Corporation
I understand you are having problems when customizing the .bio file with UEFI shell. What happens is that it is actually required in order to be able to customize that .bio file.
Nevertheless, once the .bio file is customized you do not need to activate the shell on each of the Nuc units since you already customized the file. It is a matter of using the customized file among all of the Nuc units where you would like to add the custom .bio file.
I hope you find this information helpful.
Thanks a ton. It worked like a charm !
Of course, I would still hope that Intel provides us the solution sometime - While creating the custom .bio file, the enabled UEFI Shell should not be considered as part of Custom Settings (similar to Boot-order).
For now, I am happy that I am unblocked and can continue doing what I need to do.
You don't seem to have understood my question.
I didn't want the UEFI shell to be enabled in my custom .bio file. But it was enabled in the my .bio file because I had to enable it to create my .bio file in the first place!!!!
So I was having to manually de-activate the UEFI shell on every NUC which I updated using this custom .bio, which obviously I didn't want to do.
Nevertheless, MrMitch has provided me the solution (the only one that I know of) which worked for me now.
But how to get secure boot enabled in die Custom BIOS ?
You can't use EFI Shell with Secure Boot enabled since it is not signed. Just like you can't flash the BIOS with Secure Boot enabled because it is not signed to pass through the Secure Boot layer.
The goal is to have a customized BIOS with an enabled secure boot. So secure boot has to enabled to capturing the settings but this is not possible because with enabled secure boot i cannot boot EFI to start the capturing. A capturing tool for Windows could help but seems not exists.