We have the same problem as described in How to clear UEFI secure boot keys (or enter Setup Mode) on S1200SPO
We are also interested in using secure boot to protect the boot-process of our appliances. All our appliances run the same Linux kernel, and that Linux kernel is the only thing the appliance should run, so it makes sense to set up our own PKI infrastructure for signing.
I am currently testing with a S1200SP (R1304SPOSHORR) with BIOS version S1200SP.86B.03.01.0038.062620180344.
When I booted the system for the first time, it was in Setup Mode. This would have been a good moment to install our own PK. After enabling secure mode, the default Intel and Microsoft keys were installed.
When I disabled secure boot again, the Intel PK was still there and there doesn't seem to be a way to remove that key to return to Setup Mode. (according to most Google hits, there should be an option to clear all secure mode keys, or an option to force Setup Mode)
Is there a way to remove the key and/or do a factory reset of the whole system?