this post was submitted on 11 Aug 2025
51 points (93.2% liked)

Linux Gaming

20602 readers
396 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

No memes/shitposts/low-effort posts, please.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 2 years ago
MODERATORS
monolalia@lemmy.world
51
Is secure boot actually bad ? (sh.itjust.works)
submitted 3 days ago by bridgeenjoyer@sh.itjust.works to c/linux_gaming@lemmy.world
42 comments fedilink hide all child comments
 

Id like to hear thoughts. Of course us gamers hate kernel level anti cheat, but is that actually tied to secureboot?

I know some/most distros can boot in secure mode, so it doesn't seem like an issue there.

With all the new games moving to it, looks like we will all have to sit them out or install Spyware (microshit) to play. I will opt not to.

you are viewing a single comment's thread
view the rest of the comments
[–] coherent_domain@infosec.pub 8 points 3 days ago* (last edited 3 days ago) (1 children)

Secureboot is a security measure to make sure the boot environment have not been tampered with. It would detect malwares that attempt to modify the boot environments. According to ArchWiki, it ensures "core boot components (boot manager, kernel, initramfs) have not been tampered with", which would protect against initramfs-swap attacks like de-LUKS, however there are conflicting reports on the internet, and I have not tried myself.

I personally don't find it makes Linux harder to install, like others suggested. Unless you use a surface device, it will happily accept the key for most common linux distro, including Ubuntu, Debian, Fedora, and many more. For most custom distros, you can easily register its key via MOK (require root privilege and confirmation in the UEFI, for security purpose). In fact, Debian project is quite clear on SecureBoot not being a tool for MS to monopolize the desktop market: https://wiki.debian.org/SecureBoot#What_is_UEFI_Secure_Boot_NOT.3F .

However, if you need to load additional kernel modules, like NVIDIA drivers, secureboot can get quite annoying. I am actually quite interested in why Windows don't have a problem loading additional drivers, yet Linux do.

In the end, I feel if you are using a distro that works with secureboot, there is no reason to leave it off; if you find it annoying, yet okay with a downgrade in security, then you might want to leave it off.

[–] sugar_in_your_tea@sh.itjust.works 5 points 3 days ago

Isn't Windows a hybrid kernel? Perhaps things like drivers technically don't run in the kernel and instead technically operate outside of it. Linux loads kernel modules directly, so maybe that's the issue?

Or maybe drivers are also signed by Microsoft's key?

I don't know a ton about Secure Boot, so maybe it's something else entirely.