From 92a308b37ad48b0119e347ebead1fa7f4df57776 Mon Sep 17 00:00:00 2001
From: Allie Crevier <allie@freedom.press>
Date: Mon, 22 Feb 2021 23:10:12 -0800
Subject: [PATCH] add disable secure boot instructions

Signed-off-by: Allie Crevier <allie@freedom.press>
---
 docs/hardware.rst                                   | 11 +++++++----
 docs/images/hardware/nuc8_visualbios_secureboot.png |  3 +++
 2 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 docs/images/hardware/nuc8_visualbios_secureboot.png

diff --git a/docs/hardware.rst b/docs/hardware.rst
index ddf839206..a2e755d4b 100644
--- a/docs/hardware.rst
+++ b/docs/hardware.rst
@@ -413,16 +413,19 @@ to disable wireless functionality:
 
 |NUC8 VisualBios1|
 
-While in the BIOS, you should also navigate to **Advanced > Security** in the
-and disable SGX support, which not used by SecureDrop and may be targeted by
-active CPU exploits:
+- navigate to **Advanced > Security** in the BIOS and disable SGX support, which is not used by 
+  SecureDrop and may be targeted by active CPU exploits:
 
 |NUC8 VisualBios2|
 
+- navigate to **Advanced > Boot > Secure Boot** and uncheck the **Secure Boot** checkbox:
+
+|NUC8 VisualBIOS SecureBoot|
+
 .. |NUC8 leads| image:: images/hardware/nuc8_leads.jpg
 .. |NUC8 VisualBIOS1| image:: images/hardware/nuc8_visualbios1.png
 .. |NUC8 VisualBIOS2| image:: images/hardware/nuc8_visualbios2.png
-
+.. |NUC8 VisualBIOS SecureBoot| image:: images/hardware/nuc8_visualbios_secureboot.png
 
 .. _nuc8_enable_network:
 
diff --git a/docs/images/hardware/nuc8_visualbios_secureboot.png b/docs/images/hardware/nuc8_visualbios_secureboot.png
new file mode 100644
index 000000000..1b4e5b96b
--- /dev/null
+++ b/docs/images/hardware/nuc8_visualbios_secureboot.png
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1f843318aa92b06e7225c0b0ebbbe79ce885bc4f2da2df6f79bdb84e36016e4b
+size 76807