I am provisioning a new nitropad with nitrokey. How may I configure the boot loader to lock / prevent the user from making any changes or selection at boot without entering a security pin?
Measured Boot is used to detect any modifications of /. Consequently any modifications of / will be detected. NitroPads come pre-configured with Measured Boot so no need to do anything. If it’s not setup already or you want to re-configure it, you may want to perform the “OEM factory reset”.
Thank you for your reply, but it doesn’t help me with this issue. I need to lock changes to the setup to prevent a user from making changes and allowing them to continue using the laptop.
For example if I, as an IT administrator securely provision the laptop, I do not want the user to boot off another volume (e.g. USB drive) or reinstall the OS on the internal drive.
The current boot behavior allows the user to ignore warnings, boot w/o the nitro key, and boot to any volume they wish, continuing to use the laptop.