Id like to hear thoughts. Of course us gamers hate kernel level anti cheat, but is that actually tied to secureboot?

I know some/most distros can boot in secure mode, so it doesn’t seem like an issue there.

With all the new games moving to it, looks like we will all have to sit them out or install Spyware (microshit) to play. I will opt not to.

  • Leaflet@lemmy.worldEnglish
    29·
    5 days ago

    For Linux, the protection is weak.

    But if properly implemented, it’s good. But it would be a hassle to do and would require users to register new keys and blacklist Microsoft’s.

    Measured boot is a better solution for Linux. It’s decentralized and does not rely on Microsoft. It uses the TPM to “measure” various parts of the UEFI, bootloader, and OS to ensure they have not been tampered with.

    • lemonskate@lemmy.worldEnglish
      8·
      5 days ago

      Measured boot requires secure boot to be enabled as one of its components.

      The real value of measured boot is when paired with full disk encryption as it protects against boot loader attacks that can compromise your sealed keys.

      • Leaflet@lemmy.worldEnglish
        3·
        5 days ago

        I don’t believe that’s the case, according to Aeon. The state of secure boot can be measured, so if you have it enabled/disabled, you have to keep it that way or else the measurement will fail and the TPM will complain.

    • naeap@sopuli.xyzEnglish
      4·
      5 days ago

      Never heard of that

      Does “every” modern BIOS support that?
      Need to read up on it…

      • Leaflet@lemmy.worldEnglish
        13·
        5 days ago

        No, it requires a TPM2 chip. So the requirements for measured boot are to similar to Windows 11.

        Poettering has a few blog posts and conference videos on it. And Aeon is a distro that implements measured boot as the default.

        • sugar_in_your_tea@sh.itjust.worksEnglish
          9·
          5 days ago

          I use Aeon on my laptop, and I will say there are usability issues, but hopefully the kinks get worked out. Since installing in March, I’ve had to enter my recovery key and reenroll three times due to some kind of firmware update. This is on an older laptop (Ryzen 3500U), so I don’t know if it’s a common issue or unique to me.

          Anyway, it’s a cool idea, I hope it gets more attention. The benefits for regular users are fairly minimal, but I certainly appreciate security for security’s sake.

          • naeap@sopuli.xyzEnglish
            1·
            5 days ago

            Thanks!

            That’s good to know.
            As I need my laptop for work, I can’t really risk such experiments…

            • sugar_in_your_tea@sh.itjust.worksEnglish
              2·
              5 days ago

              Yeah, mine is just for mucking around at home. I mostly browse the web and play casual games. Nothing important is stored there, so if I need to reinstall, then so be it.