Zorin is awesome, and it should be a very strong contender for one of the main distros leading the Linux Desktop revolution. I cannot express how well it works out of the box.
Personally, I am missing just a few nitpicky details that I'd love to discuss with the community:
While Secure Boot is implemented (very well implemented, very reliable to setup the MOK I must say!), there is one pretty important thing missing to fully benefit from Secure Boot: that is using a Unified Kernel Image which is booted directly by the UEFI, and which can be measured with the TPM2 chip to provide Measured Boot.
So I would like to discuss if it's maybe an idea to add the following to the installer:
- /dev/sda1, about 1GB for the Unified Kernel Image
- /dev/sda2 as the cryptroot partition, LUKS2
- /dev/sda3 as the cryptswap partition, LUKS2 opened with a random key generated every boot
I understand and appreciate, if there is any, reluctance to create more options in the installer, since that makes it more cluttered and difficult for the folks that have never installed any OS or Linux before. But maybe it's an idea to create a checkbox for an advanced installer, or a separate advanced installer?
Or drop Encrypted LVM in favor of the suggested above disk layout, and if SecureBoot + encrypted Full Disk Install is chosen during installation, it installs Zorin with a UKI instead of grub? Since there isn't going to be a second OS etc? Should be possible to implement this without cluttering the install process too much...
SecureBoot + MeasuredBoot is a (very) strong requirement for me personally. I'm currently playing around with debootstrap, installing debian like it's Arch Linux, (which by the way is a pain in the rear just to setup SecureBoot and enroll a MOK properly, Zorin handles this much, much, much better).
But for reliability sake, I'd rather have a good OS that I can install cleanly and fully from a flashdrive and does what I want (UKI + Secure Boot + Measured Boot), instead of having to manually install and manually modify afterwards.