Intel NUC BIOS Configuration and Recommendations

During the configuration of my new Homelab Based on this version of Intel NUC “NUC10i5FNH” and “NUC8i7HNK” that you can find easily online, I started by getting a particular error, and after some searching and some try and error, I decided to write down this article in order to remember to myself the proper configuration and the relative information that I found on the web regarding it.

First thing first let’s start from the main error, after the installation of ESXi 7.x on the Intel Nuc and added it on the vCenter I get immediately the error: “TPM 2.0 device detected but a connection cannot be established“, so I started searching and a part of the configuration is the update of the BIOS as suggested in this article from the William Lam blog “vGhetto”.

So the first thing to do is to be sure to have the latest version of the BIOS in order to cover all the possible bugs related to this, in my case the correct configuration and the update of the Bios solved completely the alarm related to TPM.

So check the version of your BIOS before start installing ESXi, if you have an older version you can download the update for the NUC 10th Generation from here.

Once you did the update you can start configuring the BIOS, as per best practice disable all the unused features and devices

Advanced Settings:

  • Onboard Devices -> HD Audio = Disabled
  • Onboard Devices -> Digital Microphone = Disabled
  • Onboard Devices -> LAN = Enabled
  • Onboard Devices ->Thunderbolt Support = Enabled
  • Onboard Devices -> WLAN = Disabled
  • Onboard devices -> Bluetooth = Disabled
  • Onboard Devices -> SDCard 3.0 Controller = Enabled
  • Onboard Devices -> Enhanced Consumer IR = Disabled
  • Onboard Devices -> HDMI CEC Control = Disabled

Cooling:

  • Fan Control Mode -> Cool or Balanced

Performance (for Max Performance Hyperthreading and Turbo Boost enabled):

  • Performance -> Processor -> Hyper-Threading = Enabled
  • Performance¬† -> Processor -> Intel turbo Boost Technology = Enabled
  • Performance -> Processor -> Active Processor Cores = All

Security:

  • Security -> Security Features: Intel Virtualization Technology = Enabled
  • Security -> Security Features: Intel VT for Directed I/O (VT-d) = Enabled
  • Security -> Security Features: Intel Platform Trust Technology = Disabled (This with the BIOS Update will fix the issue with the TPM)

Power:

  • Power -> Max Performance Enabled = Enabled
  • Power -> Processor Power Efficiency Policy = High Performance
  • Power -> Seconday Power Settings -> Modern Stand By = Legacy S3 Stand By
  • Power -> Secondary Power Settings -> Wake on LAN from S4/S5 = Power On/Normal Boot

Boot:

  • Boot -> Secure Boot -> Secure Boot = Disabled

For these settings, you can also check the following blog article from Virten.net

Feel free to comment if I missed other important settings.

Giovanni Dominoni

About Giovanni Dominoni

Leave a Reply