The intel Tunnel Mountain UEFI secure boot test box is fairly easy to get to the boot menu (it's also easy if you don't follow this, because it will drop into a UEFI shell unlike almost any other secure boot system on the market).

To get the UEFI menu, power the system on and press ESC after the TianoCore logo appears on the screen.  Once in the Boot menu, select 'Device Manager' and then 'Secure Boot Configuration'.

Once in the Secure Boot Configuration menu, go to 'Secure Boot Mode' and Select 'Custom Mode'. This will cause a new menu to appear on the Secure Boot Configuration page called 'Custom Secure Boot Options'.  When selected, you will get a menu of enrol/delete options for the four key databases.  The only way to put this system into Setup Mode, which will allow the programmatic enrolment of hashes and keys is to delete the Platform Key (PK).  Once deleted, the platform key cannot be restored, so make sure you take copies of all keys using the ReadVars.efi programme.  ReadVars will produce a set of files looking like PK-1-0-X509-Efi.  To re-enrol the PK, copy this file to PK.cer (all files have to have a .cer extension for the system to recognise them as UEFI keys). You can now re-enrol the PK.cer file by going to

Device Manager > Secure Boot Configuration > Custom Secure Boot Options > PK Options > Enrol PK

And navigating the file manager to PK.cer.  This will reinstall the Platform Key and flip the system out of Setup Mode