Id like to hear thoughts. Of course us gamers hate kernel level anti cheat, but is that actually tied to secureboot?
I know some/most distros can boot in secure mode, so it doesn’t seem like an issue there.
With all the new games moving to it, looks like we will all have to sit them out or install Spyware (microshit) to play. I will opt not to.
All secure boot does is ensue the binary (say, Linux or Windows kernel) run in early boot is “trusted,” meaning it’s cryptographically signed by a key the motherboard has. You can usually load your own keys and sign your own binaries, but I imagine only large orgs do that if they have a lot of Linux systems or something.
The way Linux works with this is they use a shim binary that is signed by Microsoft’s key, and that binary loads the actual Linux kernel. The kernel itself is not signed with that key.
The only way this impacts gaming is if games check if Secure Boot is enabled. If it is enabled, the game knows the system booted with something signed by a key the motherboard trusts. For most systems, that means Microsoft’s keys, but AFAIK, they can’t check what key was used in early boot unless the kernel provides some indication of that.
Basically, it’s an anti-tampering check, so they have some assurance the kernel is untampered from what the maintainer released.
Some newer distros like Bazzite are pretty awesome in that they install their own Secure Boot keys during the first time setup.
That’s pretty dope! I imagine we’ll see more distros follow suit as the September expiration of Microsoft’s keys approaches.
My distro, openSUSE Tumbleweed, does that as well, but I imagine plenty don’t.
Edit: I’m wrong, looks like they do that for “Trusted Boot,” but not “secure boot,” if this documentation is to be believed. It’s an option, not forced. I’m going to check later if it’s configured properly on my machine that I set up several years ago.
Did Novel git gud?
Apparently. OpenSUSE is going hard on the “we build quality” angle, and I’m here for it.