1# Intel NUC (Kaby Lake, Skylake and Broadwell)
2
3*** note
4__WARNING:__ These are directions to configure a NUC machine to load and
5boot an experimental, in-development OS.
6***
7
8## NUC Setup & Configuration
9
10These instructions configure the NUC machine to boot from a USB flash drive.
11This is a necessary step for _network boot_, where the system on your USB
12drive pulls your freshly-built OS across the network, from host machine to NUC.
13
141. Install memory (and optional SSD)
15    + Remove four bottom plate screws and bottom plate
16    + Install memory in the DIMM slot(s)
17    + (Optional) Install SSD in M.2 slot (SATA support only; NVMe lacks a driver)
181. Boot the machine into Visual BIOS
19    + Reinstall the bottom plate, attach power, and start the machine
20    + Press F2 during startup to enter Visual BIOS setup
21    + Mouse will be required, due to the wonders of Visual BIOS
221. Disable BIOS updates from internet (setting may not be present in newer NUCs)
23    + Select the Wrench menu (upper right), then Visual Bios Settings
24    + Deselect __Internet Updates__
251. Verify that your memory (and SSD) are correctly installed and detected
26    + Select Advanced settings, then Main section
27    + Right-side Memory Information pane should list your memory
28    + Switch to Devices section
29    + Select PCI tab, verify that __M.2 Slot__ is enabled
30    + Select SATA tab, verify that __Chipset SATA__ is enabled
31    + Both tabs (PCI and SATA) should show your SSD
321. Disable USB legacy and legacy boot
33    + Still in Devices section, select USB tab
34    + Deselect __USB Legacy__ support
35    + In Boot section, select Priority tab
36    + Deselect __Legacy Boot__ (in right-side Legacy Boot Priority pane)
37    + If you see a Secure Boot tab,
38    + Deselect Secure Boot in the tab (otherwise you will see an "Image
39      Authorization Fail" while booting USB).
401. Configure boot ordering
41    + Select Boot Configuration tab
42    + Enable __Boot USB Devices First__, __Boot Network Devices Last__, and
43     __Unlimited Boot to Network Attempts__
44    + Network Boot (bottom left pane) should display _UEFI PXE & iSCSI_.
45      *** note
46      __WARNING__: DO NOT disable netbooting here or netbooting from Gigaboot and
47      Zedboot may not work.
48      ***
491. Disable secure boot (on machines that support it)
50     + On the Boot section, Secure Boot tab, disable __Secure Boot__
511. Save BIOS changes
52     + Press F10 (or click the top right (x) button) to Save and Exit, Y to confirm
53     + Device will automatically reboot and begin looking for a USB or network boot
541. Power down the NUC
551. Continue to [Setup with USB flash drive](usb_setup.md)
56
57*** promo
58Network booting only works with the NUC's *built-in* ethernet, netbooting via
59USB-ethernet dongle is unsupported.
60***
61
62## Remote management
63
64To enable remote management, including KVM, you also need to configure
65AMT.
66
671. Enter Intel ME settings by pressing Ctrl+P on the boot screen
68    + The first time you need to set a password, the default one is "admin"
69      *** aside
70      Password must be at least 8 characters long, contain both lowercase and
71      uppercase characters, at least one digit and at least one non alpha-numeric
72      character.
73      ***
741. Configure network
75    + Go to Network Setup > TCP/IP Settings > Wired LAN IPV4 Configuration
76    + Disable __DHCP Mode__ and set a static __IPV4 Address__
77    + Return to AMT Configuration and enable __Activate Network Access__
78    + Exit Intel ME settings and save your changes
79
80*** note
81__NOTE:__ This assumes you're using NUC connected to the EdgeRouter. If
82your networking setup is different, you may need a different network
83configuration.
84***
85
86#### Enabling Intel AMT / vPro KVM
87
88The Intel AMT / vPro KVM needs to be enabled before use. To do so, you
89can use the `wsman` command-line utility.
90
91The following commands assume you have set the `AMT_HOST` variable which
92contains the IPv4 address you configured in the Intel ME settings,
93`AMT_PASSWORD` which is the Intel ME password, and `VNC_PASSWORD` which
94is going to be the VNC password.
95
96*** aside
97Password must be _exactly_ 8 characters long, contain both lowercase and
98uppercase characters, at least one digit and at least one non alpha-numeric
99character.
100***
101
102```
103# set the VNC password
104wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k RFBPassword=${VNC_PASSWORD}
105# enable KVM redirection to port 5900
106wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k Is5900PortEnabled=true
107# disable opt-in policy (do not ask user for console access)
108wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k OptInPolicy=false
109# disable session timeout
110wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k SessionTimeout=0
111# enable KVM
112wsman invoke -a RequestStateChange http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_KVMRedirectionSAP -h ${AMT_HOST} -P 16992 -u admin -p ${AMT_PASSWORD} -k RequestedState=2
113```
114
115Now, you can remotely access the NUC using any VNC client, e.g.
116`vncviewer ${AMT_HOST}`.
117