Intel NUC (Kaby Lake, Skylake and Broadwell)

*** note WARNING: These are directions to configure a NUC machine to load and boot an experimental, in-development OS.


NUC Setup & Configuration

These instructions configure the NUC machine to boot from a USB flash drive. This is a necessary step for network boot, where the system on your USB drive pulls your freshly-built OS across the network, from host machine to NUC.

  1. Install memory (and optional SSD)
    • Remove four bottom plate screws and bottom plate
    • Install memory in the DIMM slot(s)
    • (Optional) Install SSD in M.2 slot (SATA support only; NVMe lacks a driver)
  2. Boot the machine into Visual BIOS
    • Reinstall the bottom plate, attach power, and start the machine
    • Press F2 during startup to enter Visual BIOS setup
    • Mouse will be required, due to the wonders of Visual BIOS
  3. Disable BIOS updates from internet (setting may not be present in newer NUCs)
    • Select the Wrench menu (upper right), then Visual Bios Settings
    • Deselect Internet Updates
  4. Verify that your memory (and SSD) are correctly installed and detected
    • Select Advanced settings, then Main section
    • Right-side Memory Information pane should list your memory
    • Switch to Devices section
    • Select PCI tab, verify that M.2 Slot is enabled
    • Select SATA tab, verify that Chipset SATA is enabled
    • Both tabs (PCI and SATA) should show your SSD
  5. Disable USB legacy and legacy boot
    • Still in Devices section, select USB tab
    • Deselect USB Legacy support
    • In Boot section, select Priority tab
    • Deselect Legacy Boot (in right-side Legacy Boot Priority pane)
    • If you see a Secure Boot tab,
    • Deselect Secure Boot in the tab (otherwise you will see an "Image Authorization Fail" while booting USB).
  6. Configure boot ordering
    • Select Boot Configuration tab
    • Enable Boot USB Devices First, Boot Network Devices Last, and Unlimited Boot to Network Attempts
    • Network Boot (bottom left pane) should display UEFI PXE & iSCSI. *** note WARNING: DO NOT disable netbooting here or netbooting from Gigaboot and Zedboot may not work. ***
  7. Disable secure boot (on machines that support it)
    • On the Boot section, Secure Boot tab, disable Secure Boot
  8. Save BIOS changes
    • Press F10 (or click the top right (x) button) to Save and Exit, Y to confirm
    • Device will automatically reboot and begin looking for a USB or network boot
  9. Power down the NUC
  10. Continue to Setup with USB flash drive

*** promo Network booting only works with the NUC's built-in ethernet, netbooting via USB-ethernet dongle is unsupported.


Remote management

To enable remote management, including KVM, you also need to configure AMT.

  1. Enter Intel ME settings by pressing Ctrl+P on the boot screen
    • The first time you need to set a password, the default one is "admin" *** aside Password must be at least 8 characters long, contain both lowercase and uppercase characters, at least one digit and at least one non alpha-numeric character. ***
  2. Configure network
    • Go to Network Setup > TCP/IP Settings > Wired LAN IPV4 Configuration
    • Disable DHCP Mode and set a static IPV4 Address
    • Return to AMT Configuration and enable Activate Network Access
    • Exit Intel ME settings and save your changes

*** note NOTE: This assumes you're using NUC connected to the EdgeRouter. If your networking setup is different, you may need a different network configuration.


Enabling Intel AMT / vPro KVM

The Intel AMT / vPro KVM needs to be enabled before use. To do so, you can use the wsman command-line utility.

The following commands assume you have set the AMT_HOST variable which contains the IPv4 address you configured in the Intel ME settings, AMT_PASSWORD which is the Intel ME password, and VNC_PASSWORD which is going to be the VNC password.

*** aside Password must be exactly 8 characters long, contain both lowercase and uppercase characters, at least one digit and at least one non alpha-numeric character.


# set the VNC password
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k RFBPassword=${VNC_PASSWORD}
# enable KVM redirection to port 5900
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k Is5900PortEnabled=true
# disable opt-in policy (do not ask user for console access)
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k OptInPolicy=false
# disable session timeout
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k SessionTimeout=0
# enable KVM
wsman invoke -a RequestStateChange http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_KVMRedirectionSAP -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k RequestedState=2

Now, you can remotely access the NUC using any VNC client, e.g. vncviewer ${AMT_HOST}.