How to boot a Secure-K without hardware encryption?ΒΆ

When the Secure-K is embodied in a common not-encrypted USB flash drive, the boot process can be summed up in 3 simple steps:

  1. Shut down the host computer
  2. Plug the Secure-K without hardware encryption into a USB port on the host computer and power it on
  3. Change the boot sequence of the host computer as detailed in the next paraghaph.

Boot Procedure

The booting process may vary from a computer brand to another, depending on manufacturers’ arbitrary best practices. Unfortunately it is quite hard to find out technical standards of each brand and/or model, that is why we encourage the community-based participation to enrich the wiki’s contents.

In general, however, the Boot Manager executes the first OS loader it finds in the storage device. Therefore, you are required to move the Secure-K USB flash drive to the first position among the operating systems connected to your computer. In doing so you can opt for one of the following solutions:

  • Make the adjustment permanent through the BIOS menu so that you no longer need to repeat the procedure every time you use the Secure-K. Usually, you can access the BIOS menu by repeatedly pressing the specific keyboard key reported on the screen during the computer startup phase. It is recommended, however, to refer to the user manual provided by the manufacturer or to visit the website for more detailed information. Please note the Macintosh computers do not have the BIOS menu, so this option is not doable for Mac owners.
  • Make one-time adjustment from the Boot Device Menu and repeat the procedure every time you use the Secure-K. As per the BIOS menu, there is a specific keyboard key you have to press repeatedly to access the Boot Device Menu (tipically the ESC, DEL, F10, or F12 on Windows systems and ALT key on Macintosh).

Now, two are the possible scenarios:

  1. The system will begin its booting process. Congratulation, you’re done!
  2. The system won’t run the booting process because of the presence of the Secure Boot. If this is your case, please keep reading.

Booting process with the Secure Boot

UEFI Secure Boot compliance is guaranteed by a signed pre-bootloader which enables the user to manually validate the “real” system bootloader, which in turn will run the kernel. Upon the first boot, user must enable the new component (“loader.efi”) to run on the system, as pictured in the following screenshots.

../_images/startloader.png ../_images/Enroll_Hash.png ../_images/Loaderefi.png ../_images/Enroll_hash_into_MOK.png ../_images/Reboot_System.png

Start Up

After the correct completation of the boot procedure, you are asked to login using the securek USERNAME and PASSWORD and eventually change your credentials.