What is Secure Boot?
Secure Boot is a measure to secure the boot process against tampering.
How is it set up?
Zorin supports Secure Boot enrollment during installation. Make sure to set Secure Boot as enabled in the UEFI before starting the installation.
If you run into any problems, reset the UEFI and/or Secure Boot to factory defaults/clear any keys, and disable & re-enable Secure Boot. Make sure to enable the Microsoft certificate.
During the installation wizard, you'll be asked to provide a Secure Boot password, it needs to be 8-16 characters. It does not need to be complex or stored for a long time, however during the first reboot after installation you'll be greeted with a blue screen. After 10-15 seconds the machine might or might not continue booting, so it is important to 'catch' it in time.
The second option should read 'Enroll MOK', press Enter.
The first option should read 'view key 0', press Enter.
Here you can see the details about the key. Pressing Enter again brings you back to the previous screen.
The second option should read 'Continue', press Enter and confirm enrolling with [yes].
Type in the previously set password. After this, the password can be discarded.
Press [Reboot] and start using Zorin!
You can check the status of Secure Boot while logged in, by running mokutil --sb-state. It should return: SecureBoot enabled
After enabling Secure Boot and finishing up your installation, make sure to disable booting from an external USB, and locking down the UEFI with a strong password to further reduce the attack surface.
Secure boot is a Microsoft feature, and is not necessary or required for Linux, unless your operating a high security computer in the government sector. For a person who just operates a computer from home, all Secure Boot will do, is cause you loads of problems, where you will be pulling your hair out.
Much agreed with StarTreker - just to see if I could do it, I got it working with my laptop but.. every Nvidia update needed a password and then booting into the secure boot to proceed with the install and it was just an absolute headache..
Home users - definitely would suggest leaving SecureBoot off; it only causes more troubles than it helps.
The problem to the Secure Boot password not appearing during Zorin install was that, on boot, I booted from 'USB - [manufacturer]', instead of 'UEFI: [manufacturer], Partition 1'.
Once I booted using the UEFI option, the option to enter a Secure Boot password on Zorin install appeared.
Posters after me were right, though, in that I asked how to do this, not should I do this. All a part of the learning experience. Special thanks to @swarfendor437; the first link on EFI boot loaders was really educational.
