this post was submitted on 11 Aug 2025
51 points (93.2% liked)

Linux Gaming

20602 readers
396 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

No memes/shitposts/low-effort posts, please.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 2 years ago
MODERATORS
monolalia@lemmy.world
51
Is secure boot actually bad ? (sh.itjust.works)
submitted 3 days ago by bridgeenjoyer@sh.itjust.works to c/linux_gaming@lemmy.world
42 comments fedilink hide all child comments
 

Id like to hear thoughts. Of course us gamers hate kernel level anti cheat, but is that actually tied to secureboot?

I know some/most distros can boot in secure mode, so it doesn't seem like an issue there.

With all the new games moving to it, looks like we will all have to sit them out or install Spyware (microshit) to play. I will opt not to.

you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 50 points 3 days ago (1 children)

All secure boot does is ensue the binary (say, Linux or Windows kernel) run in early boot is "trusted," meaning it's cryptographically signed by a key the motherboard has. You can usually load your own keys and sign your own binaries, but I imagine only large orgs do that if they have a lot of Linux systems or something.

The way Linux works with this is they use a shim binary that is signed by Microsoft's key, and that binary loads the actual Linux kernel. The kernel itself is not signed with that key.

The only way this impacts gaming is if games check if Secure Boot is enabled. If it is enabled, the game knows the system booted with something signed by a key the motherboard trusts. For most systems, that means Microsoft's keys, but AFAIK, they can't check what key was used in early boot unless the kernel provides some indication of that.

Basically, it's an anti-tampering check, so they have some assurance the kernel is untampered from what the maintainer released.

[–] exu@feditown.com 28 points 3 days ago (1 children)

Some newer distros like Bazzite are pretty awesome in that they install their own Secure Boot keys during the first time setup.

[–] sugar_in_your_tea@sh.itjust.works 13 points 3 days ago* (last edited 3 days ago) (1 children)

That's pretty dope! I imagine we'll see more distros follow suit as the September expiration of Microsoft's keys approaches.

My distro, openSUSE Tumbleweed, does that as well, but I imagine plenty don't.

Edit: I'm wrong, looks like they do that for "Trusted Boot," but not "secure boot," if this documentation is to be believed. It's an option, not forced. I'm going to check later if it's configured properly on my machine that I set up several years ago.

[–] redsand@lemmy.dbzer0.com 1 points 3 days ago (1 children)

Did Novel git gud?

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 days ago

Apparently. OpenSUSE is going hard on the "we build quality" angle, and I'm here for it.