When I installed Zorin (17.3 Core), as part of the process I was asked to set up a secure boot (?) password, along with my user/password. I assumed this was a post-bios input like BitLocker, but I've never been asked for it.
At one point during install there was a tiny 640x480 (on an OLED it was laughably small) DOS-like prompt screen that I didn't read and just pressed return on the first option - was that related?
Being a laptop, I'd rather have that extra security in place - how do I turn that on, or as I mis-understanding what that part of the setup was for?
So, You have Secure Boot enabled in BIOS now, yes? On Linux, it can cause more Issues than really help. When You would use Windows ... yes, that can be a Security Factor because it works with Microsoft certified Files that should make sure that a Software is save to start.
I had the same issue as you. During install, it stated that I needed the Secure Boot password in order to install proprietary drivers etc., but I was never prompted for the Secure Boot password after that.
I know Secure Boot can cause issues with some distros, so it is recommended with Zorin to turn Secure Boot off in BIOS, or leave it on?
If you enroll the key(s), the OS will work properly.
You need to go to the MOK screen once for the OS install (which happens on first boot if you tell it to), once if you use Nvidia, and once if you use VMware.
I don't know what other third party software needs them, but Zorin 17.3 core runs very well with secure boot enabled.
That sounds like what's happened - is there any way back to that setup screen without going through the install process again, or is it too low-level to be re-visited?
Does your notebook computer have an Nvidia card? Microsoft is notorious about failing to sign Nvidia drivers...
That it is a notebook computer is not really relevant in this. Secure boot deals only with initialization.
It works like a Bouncer at a nightclub. If the initializing process is not signed by Microsoft - then it denies init.
The issue is... Microsoft does not always provide that signature for GNuLinux, or anyone they have any conflict with (Nvidia... who conflicts with everyone at one point or another)...
Security for a notebook computer would focus on restricting access to unauthorized persons or encrypting data in case of theft - neither of which Secure Boot have any management of.
Ah, OK, I've misunderstood - I thought secure boot was akin to BitLocker, encrypting the drive, not boot security. I'll leave it alone for now, everything else seems to work OK.