Looking for help configuring Dell BIOS to allow me to run true headless.
I have a Dell 7070 Micro motherboard, Intel Q370 chipset, Core i7-9700T processor, no PCI slots on the motherboard.
I’ve installed Ubuntu 20 and then 18 to run it as a headless server for a special purpose that requires an Intel SGX secure enclave.
When starting the secure enclave, during attestation, I get a warning about INTEL-SA-00289. (Also called “plundervolt.”)
I am advised that the resolution to this is to disable the Intel HD Graphics component of the CPU. Normally this is done by plugging in a discrete graphics card, but this motherboard has no PCI slots. (Also, if I add a card, it’s not so “micro” any more.)
BIOS shows no option to disable the internal graphics: the only two options are “Auto” and “Intel HD Graphics.”
I have a backup of the BIOS, as well as a programmer and SOP 16 clip. (I’ve previously tried updating the MCU from revision 000000de to 000000ea (latest), but that did not help. This was before I learned the internal graphics is causing the vulnerability.)
So: how and what can I do to get this thing to boot up with the Intel HD Graphics disabled?
Note: I’ve already put
and I've set systemctl with
sudo systemctl set-default multi-user.target
... these boot Ubuntu with no graphics support. This is not enough; the CPU must have the graphics disabled. I guess disabling in software like this can be reversed after startup, which means the SA-00289 vulnerability is still there.