How to boot a Secure-K with hardware encryption?ΒΆ

When the Secure-K is embodied in a rugged USB device with hardware encryption, the boot procedure consists of 4 steps:

  1. Shut down the host computer.
  2. Unlock the Secure-Key with hardware encryption.
  3. Plug the Secure-K into a USB port on the host computer and power it on.
  4. Change the boot sequence of the host computer as detailed below.

Secure-K Unlock Procedure

To unlock your USB key on which Secure-K has been deployed you need to:

  1. Press the KEY botton at the bottom of the Secure-K: the RED, GREEN and BLUE LEDs will simultaneously blink once and the RED LED will continue to flash waiting for the 8-digit PIN code
  2. Enter the 8-digit PIN code within 10 seconds. The default factory PIN is 11 22 33 44
  3. Press the KEY button again to light up the GREEN LED in order to make Secure-K ready to boot on the host computer.
  4. Plug the Secure-K into the computer and power it on

Important note: during the start-up phase Secure-K can experience a decrease in power input that switches it off (both RED and GREEN LEDs are off or flashing). In this case, please repeat the unlock procedure without removing the device from the USB port.

Boot Procedure

The booting process may vary from a computer brand to another, depending on manufacturers’ arbitrary best practices. Unfortunately it is pretty hard to find out technical standards of each brand and/or model, that is why we encourage the community-based participation to enrich the wiki’s contents.

In general, however, the Boot Manager executes the first OS loader it finds in the storage device. Therefore, you are required to move the Secure-K USB flash drive to the first position among the operating systems connected to your computer. In doing so you can opt for one of the following solutions:

  • Make the adjustment permanent through the  BIOS menu so that you no longer need to repeat the procedure every time you use the Secure-K. Usually, you can access the BIOS menu by repeatedly pressing the specific keyboard key reported on the screen during the computer startup phase. It is recommended, however, to refer to the user manual provided by the manufacturer or to visit the website for more detailed information. Please note the Macintosh computers do not have the BIOS menu, so this option is not doable for Mac owners.
  • Make one-time adjustment from the  Boot Device Menu and repeat the procedure every time you use the Secure-K. As per the BIOS menu, there is a specific keyboard key you have to press repeatedly to access the Boot Device Menu (tipically the ESC, DEL, F10, or F12 on Windows systems and ALT key on Macintosh).

Now, two are the possible scenarios:

  1. The system will begin its booting process. Congratulation, you’re done!
  2. The system won’t run the booting process because of the presence of the  Secure Boot. If this is your case, please keep reading

Booting process with the Secure Boot

UEFI Secure Boot compliance is guaranteed by a signed pre-bootloader which enables the user to manually validate the “real” system bootloader, which in turn will run the kernel. Upon the first boot, user must enable the new component (“loader.efi”) to run on the system, as pictured in the following screenshots.

../_images/startloader.png ../_images/Enroll_Hash.png ../_images/Loaderefi.png ../_images/Enroll_hash_into_MOK.png ../_images/Reboot_System.png

Start Up

After the correct completation of the boot procedure, you are asked to login using the securek USERNAME and PASSWORD and eventually change your credentials.