What is Secure Boot?
Secure Boot is a measure to secure the boot process against tampering.
How is it set up?
Zorin supports Secure Boot enrollment during installation. Make sure to set Secure Boot as enabled in the UEFI before starting the installation.
If you run into any problems, reset the UEFI and/or Secure Boot to factory defaults/clear any keys, and disable & re-enable Secure Boot. Make sure to enable the Microsoft certificate.
During the installation wizard, you'll be asked to provide a Secure Boot password, it needs to be 8-16 characters. It does not need to be complex or stored for a long time, however during the first reboot after installation you'll be greeted with a blue screen. After 10-15 seconds the machine might or might not continue booting, so it is important to 'catch' it in time.
The second option should read 'Enroll MOK', press Enter.
The first option should read 'view key 0', press Enter.
Here you can see the details about the key. Pressing Enter again brings you back to the previous screen.
The second option should read 'Continue', press Enter and confirm enrolling with [yes].
Type in the previously set password. After this, the password can be discarded.
Press [Reboot] and start using Zorin!
You can check the status of Secure Boot while logged in, by running mokutil --sb-state. It should return:
SecureBoot enabled
After enabling Secure Boot and finishing up your installation, make sure to disable booting from an external USB, and locking down the UEFI with a strong password to further reduce the attack surface.