Secureboot is a security measure to make sure the boot environment have not been tampered with. It would detect malwares that attempt to modify the boot environments.
According to ArchWiki, it ensures “core boot components (boot manager, kernel, initramfs) have not been tampered with”, which would protect against initramfs-swap attacks like de-LUKS, however there are conflicting reports on the internet, and I have not tried myself.
I personally don’t find it makes Linux harder to install, like others suggested. Unless you use a surface device, it will happily accept the key for most common linux distro, including Ubuntu, Debian, Fedora, and many more. For most custom distros, you can easily register its key via MOK (require root privilege and confirmation in the UEFI, for security purpose). In fact, Debian project is quite clear on SecureBoot not being a tool for MS to monopolize the desktop market: https://wiki.debian.org/SecureBoot#What_is_UEFI_Secure_Boot_NOT.3F .
However, if you need to load additional kernel modules, like NVIDIA drivers, secureboot can get quite annoying. I am actually quite interested in why Windows don’t have a problem loading additional drivers, yet Linux do.
In the end, I feel if you are using a distro that works with secureboot, there is no reason to leave it off; if you find it annoying, yet okay with a downgrade in security, then you might want to leave it off.
Secureboot is a security measure to make sure the boot environment have not been tampered with. It would detect malwares that attempt to modify the boot environments. According to ArchWiki, it ensures “core boot components (boot manager, kernel, initramfs) have not been tampered with”, which would protect against initramfs-swap attacks like de-LUKS, however there are conflicting reports on the internet, and I have not tried myself.
I personally don’t find it makes Linux harder to install, like others suggested. Unless you use a surface device, it will happily accept the key for most common linux distro, including Ubuntu, Debian, Fedora, and many more. For most custom distros, you can easily register its key via MOK (require root privilege and confirmation in the UEFI, for security purpose). In fact, Debian project is quite clear on SecureBoot not being a tool for MS to monopolize the desktop market: https://wiki.debian.org/SecureBoot#What_is_UEFI_Secure_Boot_NOT.3F .
However, if you need to load additional kernel modules, like NVIDIA drivers, secureboot can get quite annoying. I am actually quite interested in why Windows don’t have a problem loading additional drivers, yet Linux do.
In the end, I feel if you are using a distro that works with secureboot, there is no reason to leave it off; if you find it annoying, yet okay with a downgrade in security, then you might want to leave it off.