Conversation
rmol
force-pushed
the
nuc10-support
branch
2 times, most recently
from
8f87c52 to
37963a3
Compare
eloquence
force-pushed
the
nuc10-support
branch
from
37963a3 to
cd92f02
Compare
|
The NUC10i5FNH uses an Aptio V UEFI Firmware Core and the BIOS files are called recovery capsules with the The Aptio BIOS menu structure is also a bit different than what we have documented via the NUC8 screenshots; since the Aptio core does not seem to offer a native screenshot facility, I haven't retaken those yet, but can use the HDMI capture method to do so. That said, I am a bit skeptical about maintaining the docs at this level of detail, especially given the frequency of NUC releases and the fact that it's a visual BIOS that's fairly easy to navigate. Intel's own BIOS docs are pretty solid, so we may want to streamline things a bit further:
Thoughts? |
|
I look very favourably on cutting down our documentation, I think it's entirely reasonable to link out to other docs and/or expect people installing SecureDrop to find their own way w.r.t BIOS updates. |
The visual BIOS provides a clear navigational structure which we can reference in text; it's not clear that the screenshots provide significant help when adjusting these settings. This reduces the burden of updates for each new NUC generation. Note also that the NUC10 Aptio BIOS does not appear to have a built-in screenshot facility (not a blocker if we really need them, but again, plain text is IMO sufficient here). This commit also cross-references the BIOS settings from the server guide.
eloquence
force-pushed
the
nuc10-support
branch
from
cd92f02 to
062df14
Compare
|
|
||
| - Under **Advanced ▸ Onboard Devices**, disable all onboard devices | ||
| other than LAN: HD audio, microphone, Thunderbolt, WLAN, Bluetooth, | ||
| SD card controller, and enhanced consumer infrared. |
There was a problem hiding this comment.
I don't know if the infrared option exists for older NUCs; it seems to be intended for remote controls, and worth enumerating. The settings I have not enumerated here are:
- Gaussian Mixture Models and Neutral Networks Accelerator (enabled by default)
- HDMI CEC Control (enabled by default)
- Auto Turn on TV (set to "From S3/S4/S5 boot")
- Auto Turn OFF TV (disabled by default)
- Wake On TV (disabled by default)
- Standby by TV (disabled by default)
If any of those settings should be explicitly changed, I can enumerate them here as well. Note that this settings page scrolls vertically, and the above settings are not immediately visible.
| |NUC10 leads| | ||
|
|
||
| Before the initial OS installation, boot into the BIOS by pressing **F2** at | ||
| startup and adjust the system configuration: |
There was a problem hiding this comment.
Note that while it's branded to look very similar, the Aptio BIOS uses a slightly different menu structure than the Visual BIOS for other NUC models.
| .. |NUC8 leads| image:: images/hardware/nuc8_leads.jpg | ||
| .. |NUC8 VisualBIOS1| image:: images/hardware/nuc8_visualbios1.png | ||
| .. |NUC8 VisualBIOS2| image:: images/hardware/nuc8_visualbios2.png | ||
| .. |NUC8 VisualBIOS SecureBoot| image:: images/hardware/nuc8_visualbios_secureboot.png |
There was a problem hiding this comment.
As noted in the PR summary, I'm removing these screenshots to increase maintainability of the docs, given that the menu structure is generally straightforward to navigate.
|
|
||
| - Under **Advanced ▸ Devices ▸ Onboard Devices**, disable all onboard devices | ||
| other than LAN: audio, audio DSP, microphone, Thunderbolt, WLAN, Bluetooth, | ||
| and SD card. |
There was a problem hiding this comment.
I don't have a NUC7 at hand, but I noticed that these BIOS instructions don't include the recommendations we specify for the other NUC models:
- Under Advanced ▸ Security, disable SGX support, which is not used by SecureDrop and may be targeted by active CPU exploits.
- Under Advanced ▸ Boot ▸ Secure Boot, uncheck the Secure Boot checkbox.
If these recommendations are applicable on NUC7 as well, and someone can validate that these are the correct menus, I can add them here as well.
| Other 7th-generation NUCs have also been reported to work, although we have not | ||
| tested them. For example, the `NUC7i5DNHE <https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc7i5dnhe.html>`__ uses the same Ethernet chipset as the NUC7i5BNH, | ||
| and also has a removable wireless card, simplifying the server setup process. | ||
| However, it may be harder to find a retail source for this model. |
There was a problem hiding this comment.
Given that the NUC7 was discontinued last year and we do not recommend installing on NUC7s for new installations at this point, I figured it was best to remove this outdated guidance.
|
|
||
| #. A clean USB device to download the ``.bio`` file | ||
| #. An internet-connected workstation, such as the *Admin Workstation* | ||
| #. A clean USB device to download the BIOS file |
There was a problem hiding this comment.
As noted in #187, I would recommend phasing out this chapter of the documentation; I can do that in a separate follow-up PR. For now, the changes in this document should cover us for the supported NUC models.
3 participants
Status
Ready for review
Description of Changes
Checklist
make docs-lint) passed locallymake docs-linkcheck) passedmake docs) docs at http://localhost:8000