I have a Deciso 740 appliance. It has an AMD Ryzen Embedded CPU. I have upgraded it with 32Gb RAM.
My intention is to run IncusOS on it but I’m having trouble booting up the installer.
Please find below the options I attempted, all without success. What other options do I have?
Secure Boot Disabled
SecureBoot is disabled. IncusOS will attempt to fall back to a less-secure boot logic.
No TPM detected. IncusOS will attempt to fall back to a less-secure swtpm implementation.
IncusOS cannot boot if SecureBoot is disabled and no physical TPM is present.
Secure Boot Enabled with default Microsoft keys
BIOS displays:
EFI USB Device (SanDisk) has been blocked by the current security policy.
fTPM detection by existing OS
I am currently running Debian on the device with Secure Boot. fTPM doesn’t seem to be exposed to the OS:
$ ls /dev/tpm*
ls: cannot access '/dev/tpm*': No such file or directory
$ dmesg | grep -i tpm
[ 0.740379] ima: No TPM chip found, activating TPM-bypass!
$ ls /sys/bus/acpi/devices/ | grep -iE "tpm|msft"
# (empty - no TPM ACPI device)
Attempted to enrol the .der certs to Secure Boot’s DB:
The USB image includes IncusOS signing certificates in /keys/:
secureboot-PK-R1.dersecureboot-KEK-R1.dersecureboot-DB-2025-R1.dersecureboot-DB-2026-R1.der
The certs don’t show up on the BIOS when trying to add them. I can navigate to the keys dir, but it appears empty.
Alternate approaches
.crt cert
I copied the .der files replacing the extension with .crt. Those didn’t show up in the BIOS either.
Convert to .esl format
Used efitools package on Debian to convert certificates:
cert-to-efi-sig-list -g "$(uuidgen)" secureboot-DB-2025-R1.der secureboot-DB-2025-R1.esl
cert-to-efi-sig-list -g "$(uuidgen)" secureboot-DB-2026-R1.der secureboot-DB-2026-R1.esl
Even after putting BIOS into Setup Mode (erasing all Secure Boot keys), the file browser does not display .esl files.