Windows 10/8 pre-installed devices come with a UEFI feature named Secure Boot, and it places the root of trust in firmware. Currently all Ubuntu 64-bit (not 32-bit) versions now support this feature, as well as Linux operating systems running on generation 2 virtual machines can boot with it. If you have installed Linux through Microsoft Hyper-V and would like to prevent malicious code being injected into startup cycle, try the how-to tutorial to set it up on Surface Pro tablet or other computer.
How to Enable Linux Secure Boot in Hyper-V Manager on Windows 10 Fall Creators Update
Linux Secure Boot feature is compatible with those versions, including Ubuntu 14.04+, CentOS 7.0+, Red Hat Enterprise Linux 7.0+, and SUSE Linux Enterprise Server 12+.
Note: Make sure you tablet or computer have been upgraded to Windows 10 Fall Creators Update
* First you need to shut down all running virtual machine in Hyper-V.
* Within Hyper-V Manager, Open the properties sheet for your Linux VM.
* Click on the Security tab in the left side.
* Go to its right side pane, check the “Enable Secure Boot” box, set the template to “Microsoft UEFI Certificate Authority”, and click OK button to save changes.
* If those options are greyed out, you need to temporarily disable shielding feature or turn Linux Secure Boot on in PowerShell. If you can not find the Enable Secure Boot checkbox from there, it means that the current Linux VM is Generation 1 virtual machine.
Finally boot the virtual machine to check if Secure Boot is in effect.
The PowerShell method also offers a way to enable Linux Secure Boot.
* From your desktop, right click on the Start button, and select PowerShell (run as administrator).
* Type the command below and replace the you-linux with your VM name:
Set-VMFirmware -VMName you-linux -EnableSecureBoot On -SecureBootTemplate 'MicrosoftUEFICertificateAuthority'
and press Enter to execute it. That takes effects quickly no matter the Shielding has been enabled.