Secure Boot on Zorin

I know that ubuntu will run on system with secure boot enabled. Correct me if not. As Zorin is made based on Ubuntu will Zorin OS support secure boot. Is there something I have to do with GRUB. Spread some light on the topic. Microsoft wants Secure boot. What will that imply to Linux?

The basics of Secure Boot:
During init, only "trusted" (by signed certificate) modules and firmware can be loaded.

Ubuntu and Zorin OS both can generally be run with Secure Boot Enabled. However... Certain modules for DKMS, graphics cards and network cards may not load properly due to manufacturer preference for Windows signed keys in the firmware.
While Windows is very standardized and tightly controlled, Open Source Linux is more versatile and modular. The chances of Secure Boot becoming a problem increase the more stuff you install or modify.
In some cases, Linux cannot be run (or boot up) on a system with UEFI Secure Boot enabled.
So the general practice has been to disable Secure Boot for running Linux, Ubuntu or otherwise. This just prevents problems arising from what really is a redundant and unnecessary 'security' feature.

Changing grub parameters may sidestep Secure Boot by preventing modules to load until after init. But this comes with other problems such as failing to initialize a necessary module. It must be taken on a case-by-case basis.

You can enable Secure Boot in your UEFI settings, then boot up and run Zorin OS and see if anything fails.

2 Likes

Tried secure boot. Booted PC it just loads into BIOS by default. Then I just looked at boot menu nothing showed up(F12 in my case). As I was aware something like this would happen I already had a zorin installation medium ready. So I just plugged it in and boot zorin os. Then I just navigated to Boot Repair. Clicked on Recommended settings they just did something "shims" something like that. It also made me uninstall GRUB 2 (showed me some command which was to be pasted directly on to terminal). So on my quest to reach Windows 11 (it needs secure boot :angry:) I just did what they said. Then I would just reboot my PC then vola GUI of grub has disappeared (I am only accustomed to GUI). I really didnt know what to do in grub terminal. Then I just put things back.Back to Legacy back to CSM support (in BIOS).Then I again turned towards zorin installation media. Went to Boot Repair then by surprise it showed Active Connection Failed. (Remember that few minutes ago I had that) And again I got stuck. Had no choice I deleted zorin partition. Rebooted.Boot Repair --> Recommended Settings. They just did something and hopefully they just got windows bootloader back. (I had Windows 10 in another partition. This time too I didnt have internet connection in zorin installation). Rebooted then windows showed up. :smiley:
Conclusion may be, Secure Boot failed (Would resume my efforts tomorrow) , My road to Windows 11 ends here (Insider Preview)(For reasons not having secure boot and a incompatible CPU(its not listed on microsoft site)) Is this Secure Boot a neccessary thing well Microsoft have to answer . I would also appreciate efforts in making Linux compatible with that. What is shim? (Something that is made by Linux developers to have secure boot on linux). Again I would just really to look at Windows 11 (VM no please). Is there a workaround.
As Aravisian has said changing grub parameter may have lead to loss in internet connection(My assumption correct me if I am wrong)

No it does not.
I am running Windows 11 on secure-bootless Bios only TPM-less machines.
All you need is to replace applaiser.dll in Win 11 installer.

(this instruction says to replace applaiserres.dll as well but it is wrong. )
Then run regedit during the installation.

[edit]
Just found this:

Obviously, there is more than one way to accomplish the mission :nerd_face:

1 Like

Where can I get ISO file. (I thought only through Insider Program)Also is it safe

Select Dev Channel in menu for Windows 11 iso.

Follow these steps to bypass Windows 11 TPM 2.0 requirements:

  1. Install Windows 11 via bootable installation media we created via Rufus. If your system hardware doesn’t meet the Windows 11 requirements. You will see the following message stating:
    This PC can’t run Windows 11.
  2. If the above message appears on your screen when installing Windows 11. Press Shift + F10 keys on your keyboard to launch the command prompt window. Type “Regedit” in the command prompt and hit enter to launch the Windows Registry Editor.
  3. Navigate to the following when the registry editor opens: HKEY_LOCAL_MACHINE\SYSTEM\Setup
  4. Right-click on the setup folder, and from the submenu, select New>Key.
  5. Name the key you created “LabConfig” when prompted and hit enter.
  6. Right-click on the LabConfig key and select New > DWORD (32-bit) value. Name the value you created BypassTPMCheck. Create two more values with the following names:
    BypassRAMCheck
    BypassSecureBootCheck
  7. Now double-click on each value you created and set the date to 1 for each.
  8. After configuring all three values under the LabConfig key, close the registry editor.
  9. Next, in the Command Prompt window, type “Exit” and hit enter to close the window.
  10. Now that you are back at the message stating, “This PC can’t run Windows 11,”. On the Windows Setup window, click the back button as shown below.
  11. Doing so will take you back to the screen, prompting you to select the Windows version you want to install.
  12. Proceed without worrying about hardware requirements and install Windows 11.

if you are still facing problems then you can go to yehiweb and read it with screenshots

1 Like