SecureBoot is not always supported by Linux distributions and most distributions supporting it rely on the Shim bootloader. Linuxloops secure boot implementation is therefore also based on the Shim bootloader, nevertheless you can manually switch to your preferred method if needed (replacement of platform key...).
In case you only want to enable secureboot for specific Windows 11 / games support but you are not actually interested by the security benefits it brings, you may want to consider disabling the validation process in shim by running mokutil --disable-validation which will allow you to boot any kernel/bootloader without actually disabling secureboot.
During install, the Linuxloops script will generate a basic secure boot key (which is used both for kernel and dkms modules signing) in /etc/secureboot_key directory and copies the secure boot DER Machine Owner Key certificate in the EFI partition.
On the first boot, a blue screen saying "Verification failed: Access Denied" will appear and you will have to enroll the secure boot key by selecting "OK->Enroll key from disk->EFI->MOK.der->Continue".
Reboot your device and the distribution will start normally.
Requirement: An installed linux distribution with secureboot enabled through Shim.
In the case of disk images, SecureBoot support will rely on your main linux distribution shim bootloader.
During install, the Linuxloops script generates a basic secure boot key (which is used both for kernel and dkms modules signing) in /etc/secureboot_key directory and copies the secure boot DER Machine Owner Key certificate in the disk image folder as "<image_name>.img.der".
After creating the image, run sudo mokutil --import <image_path>/<image_name>.img.der
Reboot your device, enroll the key and launch the image specific grub entry.