[INSTALLATION] Secure Boot, Zorin OS or Intel Optane?

Hello everyone and moderators,

So today I purchased Zorin OS 15.3 after trying the Core version on VMware Workstation Pro, I was so happy to obtain my first Linux to install it on my local laptop, but it was not smooth, the story began with my hardware specification:

1. UEFI plus Secure Boot with the combination keys from ASUS and Windows.
2. Intel Optane with NVMe SSD H10, using Windows to manage the partition, something called "Intel Optane Memory and Storage Management", this drive has built-in Intel Optane to be configured for optimization with the SSD comes along with it, yes, it's in one package.
3. NVIDIA RTX 2060.
4. Intel Core i7.
5. Basically, it's a ASUS Zephyrus M machine with the model number as GU502GV and I love it.

The problem started when I resized the 1TB linked Optane + SSD to get 100 GBs at the end of the partition to install Zorin OS 15.3, the installation process went well without any problem, I used the option to use modern NVIDIA drivers and connect the machine to the Internet so that it can pull updates globally during the installation. The machine needed to be rebooted so I got it rebooted without hassles, thing is, after the rebooting, the whole Boot Manager of the Windows was corrupted and the system has to repair the Boot Management and automatically restarted several times to complete the procedures.

After that, the next reboot after I went to Windows and restart it, I booted to Boot Menu of the UEFI, chose the record of the Zorin OS to try to start it up, but no luck, the screen flashed in 1 sec and returned to itself, made me to choose the Windows Boot Manager to fire things up.

So, what do we have here? I resized the partition for Zorin OS to install alongside with Windows, chose Secure Boot and put a password for it, used the modern NVIDIA drivers option to install Zorin or the SSD with Intel Optane cannot be installed with Zorin OS?

Thank you for your supports regardless it's from our beloved users or the masterminds behind!

Edited: P/S: I didn't use balenaEtcher (bE) to make the USB Boot but instead using Rufus since it could not format my thumb drive, I hate using bE

That's a lot in one go.You pretty much have the anti-linux machine, there.
First things first; as you chose Zorin OS Ultimate, this comes with direct Installation Support from the Zorin Group Developers. Please use the contact form to request help:

• SSD using eMMC or NVMe must use RAID instead of AHCI -set in your UEFI settings. Even then, these particular drive types are formatted to work with Windows.
• It is advisable that Secure Boot be disabled in order to install and run a Linux Distro. This can be worked around, but given your experiences, you would want to make this as easy on yourself as you can.
• Your motherboard is one known to resist use with Open Source, as well.
• Nvidia is notoriously contemptuous of Open Source. Again, this usually still works, but it is just another aspect of your build that adds to the Wow factor.

From what you describe, you may need Boot Repair:
https://help.ubuntu.com/community/Boot-Repair

This video guide for installation may be helpful:

One option you may consider in the meantime is using a separate standard HDD and installing your copy of Zorin OS Ultimate on that.
You may also opt to running Zorin in VM if that works well for you.

And yes, I also recommend avoiding BalenaEtcher. I use Unetbootin, but Rufus is good, too.

FYI. You can find that here: Before you install

Me too.

Well it looks like Windows 10 21H1 does well on hardening my main installation also secure it by implement the Secure Boot alongside with Hibernating the entire internal drive to make it trust with UEFI through TPM 2.0.

My question is I didn't face this problem doing installation with Ubuntu originals version (both 20.04 LTS and 21), and the Rufus allow me to create my USB to work with Secure Boot using GPT and UEFI native option formatted as FAT32. Can I still use all the security option IF I ONLY use Zorin OS as the only OS on my other machine, having said that means Secure Boot enabled, TPM enabled, encryption enabled.

If bE needs to be avoided then why the Installation page of Zorin OS suggested me to use it to make the USB boot? It even leaded me to bE site to download it, I'm suprised:

image866×683 40.1 KB

I don't personally think the system to still use AHCI in UEFI anymore:

image1020×700 41.9 KB

I want to make my machine to be a completely secure environment no matter what OS I am using, from Open Source to Close Source such as Windows.

I don't think it as well, I can still install Ubuntu or Pop OS if I want, just a little bit of working around if you know the root causes.

Vulkan does the job very well if you look into decent articles both on Google or YouTube

As said above, Windows did a very good job to successfully recovered my boot records (BIOS), well I meant EFI (UEFI) since I don't normally just partitioning drive and set a fixed partition to make the OS to be installed on there, I deleted the whole disk to be unallocated, then let the OS installation create other ones which people normally don't think how important they are:

image698×123 9.15 KB

Did think of it but I always ask myself why should I buy a Linux distro and make it to be portable in an antique HDD like that, forget about HDD, even if it should be portable, I'll make it with SSD external hooking into USB Type-C for broaden up the bandwidth preventing some of the bottlenecks.

Again, you guys recommend me to avoid bE, but the original site instructed people to do so, I think you guys should revolutionize the Webmaster's mind to change it to Rufus or any reliable USB thumb drive boot creator.

Perhaps I am not understanding properly what is conveyed here:

Are you able to boot into Zorin OS?

Yes. As you pointed out, you can workaround certain issues as long as you know the cause. Secure Boot can be enabled; it is only recommended to be disabled if possible since Secure Boot is known to cause issues. Not just in installation but in performance.

The best security begins with the User. TPM is useful. But Hardware Security is not the best Front Line defence. A malicious actor will work around hardware security quickly and when they do- replacing the hardware is not the best option.

I am sorry, I was not clear. HDD/SDD is fine; I was referring to an external drive that is not NVMe or PCI eMMC. Bottlenecks are a problem with external drives, so it is good to see that you understand this well.

As in all things, opinions vary.
The ZorinGroup recommends BalenaEtcher while many of us on the forum recommend against it.

Can we step back and ask you to please clarify: What has gone wrong with your installation? What symptoms, errors or failures are you seeing?

MBR sticks with BIOS quite GPT sticks with UEFI, basic understanding of what we are calling the boot records lay in the type of MBR, whilst EFI lay in the type of GPT, from traditional time, we are so used to the term of BIOS modifications and defined it as the thing when we go into them to configure, the BIOS we called should be known as "Firmware", not BIOS or UEFI, this is to what I have understood about the system, correct me if I'm wrong.

No, I was having meeting with colleagues for some Multi Cloud deployment so did not have a chance to rework.

I didn't call Secure boot a full stack solution for the security, but at least in Firmware based, it can prevent some known issues come from variant sources. Later on, if that hacking bypass the first security, OS line will handle, my Windows OS is hardened by different securities rules and with the helps from Firewall for Networking Defenses, Bitdefender Total Security and Malwarebytes with Microsoft 365 together Surfshark VPN for encrypting in and outbound connections and if everything fails, then I can revered back previous changes using my Arcronis True Image backups.

The firmware could not load the boot of Zorin OS and went straight to Windows for short.

You are correct.
Yes, many people say BIOS when what they mean is the UEFI settings.

Ok, the Windows Boot Repair seems to have only repaired boot for Windows and ignored the Zorin OS Grub. I suggest using the Ubuntu Boot Repair linked above in order to ensure that Both Windows and Zorin OS can successfully boot.

Very well said.

I do need to add one small caveat in the interest of Open Honesty:
Bitcoin.

Bitcoin has caused a change in security, though slight. While the above is well said and correct; in these times bitcoin generation has led to average users being targeted more, in hopes of building a network of bitcoin generation for free by hijacking personal machines.
This affects Windows, really. It would be exceptionally difficult to hijack a linux machine for that purpose. But for those who Dual Boot- they are at risk of their computer being compromised, even if not the Linux install.
This makes a valid security concern that is purely modern. But this brings us back to You are the main line of defense. The main method of enabling this is to trick a user into clicking a file that contains a Binder that fakes the size of the file and utilizes a discrete launcher. Only an intelligent and attentive user can catch these; All the anti-virus in the world cannot catch a well constructed Binder. But a reasonably attentive person knows not to open dubious objects.

This reminds me of this article:

Unfortunately, that fatigue makes it more likely users will click on a malicious email without knowing it – which explains why 94% of malware is now delivered via email.