Secure Boot on Zorin

I know that ubuntu will run on system with secure boot enabled. Correct me if not. As Zorin is made based on Ubuntu will Zorin OS support secure boot. Is there something I have to do with GRUB. Spread some light on the topic. Microsoft wants Secure boot. What will that imply to Linux?

The basics of Secure Boot:
During init, only "trusted" (by signed certificate) modules and firmware can be loaded.

Ubuntu and Zorin OS both can generally be run with Secure Boot Enabled. However... Certain modules for DKMS, graphics cards and network cards may not load properly due to manufacturer preference for Windows signed keys in the firmware.
While Windows is very standardized and tightly controlled, Open Source Linux is more versatile and modular. The chances of Secure Boot becoming a problem increase the more stuff you install or modify.
In some cases, Linux cannot be run (or boot up) on a system with UEFI Secure Boot enabled.
So the general practice has been to disable Secure Boot for running Linux, Ubuntu or otherwise. This just prevents problems arising from what really is a redundant and unnecessary 'security' feature.

Changing grub parameters may sidestep Secure Boot by preventing modules to load until after init. But this comes with other problems such as failing to initialize a necessary module. It must be taken on a case-by-case basis.

You can enable Secure Boot in your UEFI settings, then boot up and run Zorin OS and see if anything fails.

2 Likes

Tried secure boot. Booted PC it just loads into BIOS by default. Then I just looked at boot menu nothing showed up(F12 in my case). As I was aware something like this would happen I already had a zorin installation medium ready. So I just plugged it in and boot zorin os. Then I just navigated to Boot Repair. Clicked on Recommended settings they just did something "shims" something like that. It also made me uninstall GRUB 2 (showed me some command which was to be pasted directly on to terminal). So on my quest to reach Windows 11 (it needs secure boot :angry:) I just did what they said. Then I would just reboot my PC then vola GUI of grub has disappeared (I am only accustomed to GUI). I really didnt know what to do in grub terminal. Then I just put things back.Back to Legacy back to CSM support (in BIOS).Then I again turned towards zorin installation media. Went to Boot Repair then by surprise it showed Active Connection Failed. (Remember that few minutes ago I had that) And again I got stuck. Had no choice I deleted zorin partition. Rebooted.Boot Repair --> Recommended Settings. They just did something and hopefully they just got windows bootloader back. (I had Windows 10 in another partition. This time too I didnt have internet connection in zorin installation). Rebooted then windows showed up. :smiley:
Conclusion may be, Secure Boot failed (Would resume my efforts tomorrow) , My road to Windows 11 ends here (Insider Preview)(For reasons not having secure boot and a incompatible CPU(its not listed on microsoft site)) Is this Secure Boot a neccessary thing well Microsoft have to answer . I would also appreciate efforts in making Linux compatible with that. What is shim? (Something that is made by Linux developers to have secure boot on linux). Again I would just really to look at Windows 11 (VM no please). Is there a workaround.
As Aravisian has said changing grub parameter may have lead to loss in internet connection(My assumption correct me if I am wrong)

No it does not.
I am running Windows 11 on secure-bootless Bios only TPM-less machines.
All you need is to replace applaiser.dll in Win 11 installer.

(this instruction says to replace applaiserres.dll as well but it is wrong. )
Then run regedit during the installation.

[edit]
Just found this:

Obviously, there is more than one way to accomplish the mission :nerd_face:

1 Like

Where can I get ISO file. (I thought only through Insider Program)Also is it safe

Select Dev Channel in menu for Windows 11 iso.