When an IoT Gateway that uses Intel® IoT Gateway Technology is installed, the secure boot keys in the BIOS are set to match the keys used to sign the kernel. Once this is done, images that do not match will not boot on the HW. This prevents booting an alternative image/os and gaining access to the data on the IoT Gateway. If you need to install a new image with non-default keys, you will 1st need to clear the secure boot keys from the BIOS.
- IoT Gateway that uses Intel® IoT Gateway Technology
- Intel® IoT Gateway Technology version 3.1 or above
- Boot/reboot
- Select boot device by pressing F12 before boot or ESC to enter BIOS (depends on HW)
- Select Enter Setup (skip if ESC entered BIOS)
- Select the Security Menu
- Select Secure Boot Menu
- Set Secure Boot to Disabled
- Press F4 to save and exit
- System will reboot
- Select boot device by pressing F12 before boot
- Select Enter Setup
- Select the Security Menu
- Select Secure Boot Menu
- Set Secure Boot to Enabled a. Accept Warning - press enter for Ok
- Set Secure Boot Mode to Custom
- Select Key Management
- Set Default Key Provision to Disabled
- Select Delete All Secure Boot Variables or for each Section (5) select Delete PK, KEK, DB, DBT, and DBX a. All should say NOT INSTALLED
- Press Esc
- Set Secure Boot Mode to Standard
- Ensure Secure Boot is set to Enabled
- Press F4 to save and exit
(let's double check)
- System will reboot
- Select boot device by pressing F12 before boot
- Select Enter Setup
- Select the Security Menu
- Select Secure Boot Menu
- System Mode should say Setup
- Secure Boot should say Not Active
- Secure Boot should say Enabled
- Secure Boot Mode should say Standard
- Press F4 to save and exit
You should now be able to boot a new image
- none
*indicates that third-party names might be the property of others.