Everything you need to go from download to desktop.
Before you install Battleship OS, there's one thing you need to do that takes about 30 seconds. You need to turn off something called "Secure Boot" in your computer's startup settings.
Why? Because Battleship OS is built on a security-hardened infrastructure — the same ecosystem used by journalists, penetration testers, and security researchers. That ecosystem has historically never relied on Secure Boot, and the consumer ecosystem that does use Secure Boot is a different world entirely. We chose to build on the strongest security foundation available, and this is the one trade-off that comes with it.
Don't worry. It sounds scarier than it is. We're going to walk you through it, and you're going to be fine.
When you press the power button on your computer, your machine runs a checklist before Windows ever appears. It looks at the software that's about to load and asks: "Do I recognize this? Is it signed by someone I trust?"
That checklist is called Secure Boot. It was designed by a group of hardware companies, but in practice, Microsoft controls the keys. Their digital signature is baked into the firmware of nearly every PC sold in the last decade. If the software loading at startup isn't signed by Microsoft, the computer refuses to boot.
This is fine if you're running Windows. It's a problem if you're running anything else.
Most Linux operating systems handle this by asking Microsoft to co-sign their startup software. Some Linux distributions skip that process entirely and just tell you to turn Secure Boot off.
No security-focused Linux distribution has ever shipped with Secure Boot support. None. The ones used by journalists, activists, security researchers, and penetration testers — not one of them supports Secure Boot. Disabling Secure Boot to install Linux is completely normal and has been standard practice for over a decade.
We've already built our own Secure Boot solution, and it works. But there's a reason we're not shipping it yet. Microsoft's Secure Boot signing key — the one that all those mainstream Linux distributions depend on — expires in June 2026. This is the first time the key has changed since Secure Boot was introduced in 2012. The replacement key has been available since 2023, but many computers don't have it yet, and getting it onto existing machines requires firmware updates that may never come for older hardware. Major enterprise Linux vendors have published formal guidance documents. Open source teams are working to get new packages signed. Forum threads are full of users trying to understand what happens to their machines when the key expires. None of this affects you. You disable Secure Boot, install Battleship OS, and everything works. The rest of this section is context — read it if you're curious, skip it if you're not.
There are two kinds of Linux distributions. The mainstream consumer versions handle Secure Boot by asking Microsoft to co-sign their startup software. These distributions depend on Microsoft's cooperation to start up on your hardware. Then there are the security-focused distributions — the ones built from the ground up for privacy and security. Most of them ship without Secure Boot support. They tell you to disable Secure Boot, and you do, because you're choosing security tools that work for you.
Battleship OS follows the security model. That's why it ships with a security-hardened kernel, one-click Tor routing, 81,000 blocked trackers, and a six-layer protection stack that no other mainstream distribution offers. Disabling Secure Boot puts you in the same category as the journalists and security researchers who use those other distributions. It's not a limitation — it's standard practice for serious security software.
We will not put you in the middle of the 2026 Secure Boot transition. The responsible thing to do is wait until the dust settles, test thoroughly, and ship Secure Boot support when we can guarantee it won't cause problems on your machine. That day is coming — and when it arrives, Battleship OS will be one of the only security-hardened Linux distributions in the world that boots with Secure Boot enabled.
No. Not in any way that matters for you.
Secure Boot protects against a very specific kind of attack: someone with physical access to your machine installing malicious software that runs before the operating system loads. This is called a "bootkit" attack. It's real, but it's extremely rare outside of targeted espionage operations against high-value targets.
Meanwhile, Battleship OS ships with protections that matter far more for everyday security:
Windows 11 ships with Secure Boot enabled — and also collects diagnostic data, app usage, advertising identifiers, and activity history that you cannot fully turn off, even with every privacy setting at its most restrictive. Battleship OS ships without Secure Boot — and collects nothing. No telemetry, no analytics, no data sent anywhere you didn't choose to send it.
This takes about 30 seconds. You need to get into your computer's startup settings (called BIOS or UEFI) and flip one switch.
Turn off your computer completely. Then turn it back on while pressing a specific key. The key depends on who made your computer:
| Manufacturer | Key to Press | When to Press It |
|---|---|---|
| Dell | F2 | As soon as you press the power button |
| HP | F10 | As soon as the HP logo appears |
| Lenovo | F2 or Enter then F1 | As soon as you press the power button |
| ASUS | F2 (hold it down) | Before the logo appears |
| Acer | F2 | As soon as you press the power button |
| MSI | Del | As soon as you press the power button |
| Samsung | F2 | As soon as you press the power button |
| Toshiba | F2 | As soon as you press the power button |
| Microsoft Surface | Hold Volume Up + press power | Before the logo appears |
If you miss it, the computer just starts normally. Turn it off and try again. It sometimes takes a couple of tries to get the timing right. That's normal.
Once you're in the BIOS, you'll see a screen that looks like it's from 1995. That's normal. Use your arrow keys to navigate (the mouse might not work here).
The Secure Boot setting is usually in one of these places:
| Manufacturer | Where to Look |
|---|---|
| Dell | Boot Configuration (you may need to turn on "Advanced Setup" first) |
| HP | System Configuration tab → Boot Options |
| Lenovo | Security tab → Secure Boot |
| ASUS | Security tab → Secure Boot → Secure Boot Control (press F7 for Advanced Mode if you don't see it) |
| Acer | Security tab or Boot tab |
| MSI | Settings → Advanced → Windows OS Configuration → Secure Boot |
Here's roughly what the Secure Boot setting looks like on the three most common brands. Your screen won't look exactly like these — every computer is a little different — but the layout and the words will be similar.
Find the Secure Boot option and change it from Enabled to Disabled.
Press F10 to save your changes. Your computer will ask you to confirm. Say yes. The computer will restart.
That's it. Secure Boot is off.
That's okay. Here are some things that might help:
Millions of people have done this. Disabling Secure Boot is one of the most common steps in installing a Linux operating system, and has been standard practice across the Linux community for over a decade.
Your computer shop can do it for you. If you're buying a refurbished computer with Battleship OS pre-installed from a shop, they handle this during setup. You never have to see the BIOS screen at all.
Plug your Battleship OS USB drive into the computer and restart it (or turn it on if it's off). As soon as the screen goes dark, press the boot menu key for your computer. This is a different key from the BIOS key — it opens a one-time menu to pick which drive to start from.
| Manufacturer | Boot Menu Key |
|---|---|
| Dell | F12 |
| HP | F9 |
| Lenovo | F12 |
| ASUS | F8 |
| Acer | F12 |
| MSI | F11 |
| Samsung | F2 |
| Toshiba / Dynabook | F12 |
If yours isn't listed, try F12 first. If that doesn't work, try F2, Esc, or Del.
A menu will appear with a list of drives. Choose the one that mentions USB or shows your USB drive's brand name. Battleship OS will start loading.
You might need to tap the key a few times quickly. If your normal operating system starts loading instead, just restart and try again. There's no penalty for getting it wrong.
When you're ready to make it permanent, double-click the Install Battleship OS icon on the desktop. The installer will walk you through a few screens.
The installer checks that your computer meets the requirements: at least 20 GB of storage and 2 GB of RAM. If everything looks good, click Next.
Pick your region and timezone. This sets your clock and language defaults. You can change these later.
Select your keyboard layout. There's a test box at the bottom where you can type to make sure the right characters appear.
This is where you decide what happens to your hard drive. You have two choices:
Erase disk. This wipes everything on the drive and installs Battleship OS as your only operating system. This is the simplest option if you're starting fresh or dedicating this computer to Battleship OS.
Install alongside. This shrinks your existing operating system's space and puts Battleship OS next to it. Every time you start the computer, you'll choose which one to use.
Pick a username and a computer name (it defaults to "battleship"). Choose a password — it needs to be at least 8 characters, and weak passwords aren't allowed. This password is also your administrator password, so you'll use it when the system asks for permission to install software or change settings.
Review everything before committing. This is your last chance to go back and change anything.
Click Install. A slideshow will play while the system copies files to your hard drive — it takes about 10 to 20 minutes depending on your hardware. When it's done, remove the USB drive and click Restart.
During the partitioning step, the installer offers full-disk encryption using LUKS2 — the same encryption standard used by governments and security professionals. We recommend leaving it on.
When you enable encryption, you choose a passphrase. You'll type it every time you start your computer, before the login screen appears. It's a separate passphrase from your account password.
What encryption does: if your laptop is ever lost or stolen, whoever has it gets a locked brick. They can't read your files, they can't access your data, they can't boot into your system. Without the passphrase, the entire drive is unreadable.
The passphrase must be at least 8 characters. Weak passphrases are blocked. You can use a sentence that's easy for you to remember but hard for someone else to guess.
After the installer finishes and your computer restarts, here's what you'll see:
Encryption passphrase. If you enabled disk encryption, a plain screen will appear asking for your passphrase. Type it and press Enter. This happens every time you start the computer — it's the lock on your front door.
Login screen. After the passphrase (or immediately, if you skipped encryption), you'll see the login screen. Type the password you chose during installation.
First-boot wizard. The first time you log in, a short setup wizard launches automatically. It walks you through a few choices:
The wizard is optional. You can close it at any time and come back to it later, or never. Everything works without it.
That's it. Battleship OS is installed and running.
Your firewall is on. Your disk is encrypted. 81,000 tracker domains are blocked. Your browser doesn't phone home. Your antivirus is running. Your camera and microphone are under your control.
You'll find everything you need already installed — a web browser, an office suite, an image editor, an email client, a media player, and more. There's nothing extra to buy and nothing extra to install.
The Bridge — your security dashboard — lives in the system tray. Click it anytime to see what's protected and what's running.
Welcome aboard, Captain.