Removing Windows and replacing it with Linux is not as simple as it was earlier. This is because modern Windows PCs now have UEFI firmware enabled with “Secure Boot”.
Not only does it protect the system from rootkits and malware but Linux and other non-Windows operating systems from booting too.
Some Linux distributions have their boot loaders signed by Microsoft. But there are others where you have to disable Secure Boot before you can run Linux from a pendrive.
Of course, there’s a clear difference. While Microsoft signs Windows with a particular key, this isn’t the one that is used to sign Linux boot loaders.
Sometimes, PC manufacturers might not add this key for third-party UEFI applications. This means that a number of Linux distributions might not work with these PCs. Still, most PC manufacturers do include with the product that they offer.
So, which Linux distributions work without disabling or configuring Secure Boot?
Some of these include modern versions of Ubuntu, Fedora, openSUSE and Red Hat Enterprise Linux. This is due to the use of a shim bootloader that confirms that the main bootloader was signed by the Linux distribution before it being loaded.
Of course, the Linux Foundation has released its Secure Boot solution that a number of distributions can use instead of the shim bootloader. Of course, there are efforts underway to combine both these solutions which would make it easier for all Linux distributions to use in the future.
However, with PCs that are shipped with Windows 10, you might not be given the option to turn off Secure Boot. This really depends on the PC manufacturer. If there is a way to disable Secure Boot, you should find it in the UEFI firmware settings screen.