This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Obtaining and Installing HeartSuite Core Secure

Download, installation steps, and preliminary setup for virtual machines.

1: Obtaining HeartSuite Core Secure

2: VM Preparation

3: Installing HeartSuite Core Secure – Part 1

4: Installing HeartSuite Core Secure – Part 2

Overview: HeartSuite Core Secure installation follows one of two paths depending on your deployment method. Both paths end at the Dashboard, where Phase 1 (System Verification) confirms that the system is ready for allowlisting.

Cloud Path

Launch a pre-configured cloud instance (e.g., AWS AMI, GCP image). The HeartSuite Core Secure kernel is already installed and Phase 1 (System Verification) auto-completes on first boot. The Dashboard appears immediately — skip ahead to the allowlisting queues.

Local Path

Download the HeartSuite Core Secure installer, run it, and reboot multiple times to build the initial allowlist of startup and shutdown programs. This path involves:

Obtaining HeartSuite Core Secure — Download the installer from the website.
VM Preparation — Configure GRUB settings for virtual machines on clouds.
Installation Part 1 — Run the installer and reboot to load the kernel.
Installation Part 2 — Auto-allowlist startup programs with hs-os-boot-setup.

After the final reboot cycle, the Dashboard appears and displays the Suggested Next Step to guide you into Phase 2 (Program Allowlisting).

1 - Obtaining HeartSuite Core Secure

Download and acquire HeartSuite Core Secure distribution.

Overview: HeartSuite Core Secure is distributed as a single tar file. Download it from the HeartSuite Core Secure website at heartsecsuite.com.

Note

Cloud users who launched a pre-configured instance (AWS AMI, GCP image) already have HeartSuite Core Secure installed. Skip this step and proceed directly to the Dashboard.

Access to the tar file via wget is disabled by the hosting provider. Use the download form on the website to obtain the file.

2 - VM Preparation

Preliminary setup for virtual machines in the cloud.

Overview: This step applies to the Local Path only. Cloud VMs provisioned from a pre-configured image do not require GRUB changes.

Installation of HeartSuite Core Secure requires rebooting several times. The installation procedure uses the GRUB boot loader, which can reference disks by labels or UUIDs. Using labels on cloud deployments can result in boot failures. Edit the GRUB settings for VMs provisioned in the cloud before proceeding.

Configuring GRUB Settings

Comment out the following line in /etc/default/grub:

GRUB_DISABLE_LINUX_UUID=true

by preceding it with a # symbol:

#GRUB_DISABLE_LINUX_UUID=true

Then rebuild GRUB:

# /sbin/update-grub

Note

Cloud VMs may fail to boot due to GRUB settings. Correcting this ensures reliable reboots during the installation process.

3 - Installing HeartSuite Core Secure – Part 1

Extract the HeartSuite Core Secure tar file, run the installer, and reboot to load the HeartSuite Core Secure kernel.

Overview: Run the installer bundle and reboot to load the HeartSuite Core Secure kernel. This is the first step of Phase 1 (System Verification) on the Local Path.

Note

Cloud users skip this step entirely. The HeartSuite Core Secure kernel is pre-installed and Phase 1 auto-completes on first boot. Proceed directly to the Dashboard.

Extract the Distribution

Untar the distribution tar file:

tar xvf 6.18-HeartSuite-1.6.4.tar -m

Run the Installer

Run the installer from the extracted directory (as root):

sudo bash heartsuite-install-bundle.sh

The installer sets up the HeartSuite Core Secure kernel, tools, and management UI. When it finishes, it displays === Bundle Installation Complete ===.

Reboot into the HeartSuite Core Secure Kernel

Reboot the system:

reboot

When the GRUB menu appears, select the HeartSuite Core Secure kernel:

Select Advanced options for Debian GNU/Linux
Select Debian GNU/Linux, with Linux 5.19.6-HeartSuite-1.0

Tip

If the GRUB menu does not appear automatically, hold Shift (BIOS) or press Esc immediately after the system starts.

After boot, the HeartSuite Core Secure management UI appears on the console. The Setup Wizard starts automatically — proceed to Installation Part 2.

If the Reboot Fails

If the system does not reboot or hangs, try these steps:

Verify the installer completed without errors before rebooting.
Check GRUB configuration for VMs (uncomment GRUB_DISABLE_LINUX_UUID if needed and run update-grub).
Boot into recovery mode and run fsck to check file systems.
After a successful boot, the Dashboard confirms the HeartSuite Core Secure kernel is loaded. The Safety Banner shows the current mode and the System Info Strip shows “Kernel: HS”.

4 - Installing HeartSuite Core Secure – Part 2

Auto-allowlisting essential startup programs with hs-os-boot-setup.

Overview: After rebooting into the HeartSuite Core Secure kernel, build the initial allowlist of startup and shutdown programs. This completes Phase 1 (System Verification) on the Local Path. The Dashboard then appears and guides you into Phase 2 (Program Allowlisting).

Note

Cloud users skip this step. Phase 1 auto-completes on a pre-configured cloud instance, and the Dashboard is ready immediately.

Building the Initial Allowlist

After booting into the HeartSuite Core Secure kernel, the management UI appears on the console automatically. The System Setup screen opens on first boot.

Each cycle follows the same pattern:

Press [a] to run the setup step — the UI scans startup and shutdown logs and adds the programs it finds to the allowlist.
When the step completes, the UI reboots the system automatically (5-second countdown — press any key to cancel if needed).
At the GRUB menu, select the HeartSuite Core Secure kernel again.
The System Setup screen resumes at the next step automatically.

Repeat until the setup screen shows Setup Complete in green — no manual commands are needed between cycles.

After three to five cycles (depending on the distribution), the setup screen confirms that all startup and shutdown programs have been allowlisted.

After Phase 1 Completes

When the setup screen shows the completion message, press [q] to return to the Dashboard. The Dashboard displays your current progress and the Suggested Next Step guides you into Phase 2 (Program Allowlisting).

If the UI Does Not Appear After Boot

If the management UI does not appear on the console after booting into the HeartSuite Core Secure kernel:

Switch to TTY2 (Ctrl+Alt+F2), log in as root, and check the service:
```
systemctl status heartsuite-ui.service
```
Verify the HeartSuite Core Secure kernel is loaded:
```
uname -r
```
Expected output: 5.19.6-HeartSuite-1.0
If the wrong kernel booted, reboot and select the correct entry from the GRUB menu.

If the Setup Screen Does Not Progress

If after several cycles the setup screen does not show the completion message:

Check the Dashboard’s Programs review queue ([p]) for any pending events and approve missing programs.
Verify the HeartSuite Core Secure kernel is loaded (the Dashboard System Info Strip shows “Kernel: HS”).

Warning

Completing these reboot-and-review cycles is essential before switching to Secure Mode. If the initial allowlist is incomplete, the system may hang on boot or shutdown after the mode switch.