My question is very similar (exactly same to be exact) as that asked in /thread/116957?q=Custom%20BIOS https://communities.intel.com/thread/116957?q=Custom%20BIOS.
However the answer provided there does not help me since that solution does not apply to the custom bio file created, but rather talks about a manual workaround.
I am using NUC7i5BNB.
I am also trying to create a custom BIOS (.bio) file which will include my own customised BIOS settings using Intel Integrator Toolkit. Everything works as per the documentation. But there is a Chicken-and-Egg problem, as stated in that other thread. In order to create the custom BIOS, I have to run the commands in the Internal UEFI Shell and in order to access that shell I need to enable the UEFI Shell Custom Settings in the BIOS. (by default this UEFI shell has higher priority than the Hard-disk boot in the Boot Order, else we would never enter the UEFI shell during the boot)
So along with my other Custom Settings, even the 'Internal UEFI Shell Enabled' setting gets saved in the resulting custom bio file I generate. Now if I update any other NUC with this custom bio file, it is causing that NUC to boot by default into the Internal UEFI shell.
Of course, I can change the boot-order locally on my NUC or even disable Internal UEFI shell settings on my NUC, but then it will have to be done on every NUC on which we install this custom bio and that completely defeats the purpose of the custom bio file.
Please provide me a solution where I can create a custom .bio file having only my customised settings without having the Internal UEFI Shell setting Enabled.
Thanks and looking forward to hear from you soon.
We have the same question ! Same quirks to enable secure boot and use customised BIOS settings. Even that is not possible. Intel please provide a solution for this issue. A Windows and a Linux version of the Intel Integrator Toolkit could solve this.
You can create a USB flash drive with the EFI Shell file and boot from that instead of the built-in EFI Shell. You can download the source for the EFI Shell from tianocore.org or use this binary:
This is the article I saw this in. Second comment from the top:
https://superuser.com/questions/1057446/how-to-boot-to-uefi-shell how to Boot to UEFI shell - Super User
Create a USB flash drive formatted in FAT32. Create a directory \EFI\BOOT\
Copy the file you downloaded to this folder and rename it BOOTX64.EFI
Make sure Secure Boot is disabled. Boot the system and press F10 One-Time Boot menu. Select the EFI USB drive and you should be golden.
Thanks a ton. It worked like a charm !
Of course, I would still hope that Intel provides us the solution sometime - While creating the custom .bio file, the enabled UEFI Shell should not be considered as part of Custom Settings (similar to Boot-order).
For now, I am happy that I am unblocked and can continue doing what I need to do.
I understand you are having problems when customizing the .bio file with UEFI shell. What happens is that it is actually required in order to be able to customize that .bio file.
Nevertheless, once the .bio file is customized you do not need to activate the shell on each of the Nuc units since you already customized the file. It is a matter of using the customized file among all of the Nuc units where you would like to add the custom .bio file.
I hope you find this information helpful.
You don't seem to have understood my question.
I didn't want the UEFI shell to be enabled in my custom .bio file. But it was enabled in the my .bio file because I had to enable it to create my .bio file in the first place!!!!
So I was having to manually de-activate the UEFI shell on every NUC which I updated using this custom .bio, which obviously I didn't want to do.
Nevertheless, MrMitch has provided me the solution (the only one that I know of) which worked for me now.
You can't use EFI Shell with Secure Boot enabled since it is not signed. Just like you can't flash the BIOS with Secure Boot enabled because it is not signed to pass through the Secure Boot layer.
The goal is to have a customized BIOS with an enabled secure boot. So secure boot has to enabled to capturing the settings but this is not possible because with enabled secure boot i cannot boot EFI to start the capturing. A capturing tool for Windows could help but seems not exists.