this post was submitted on 06 Jul 2026
718 points (99.2% liked)
memes
21858 readers
2101 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads/AI Slop
No advertisements or spam. This is an instance rule and the only way to live. We also consider AI slop to be spam in this community and is subject to removal.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How does DKMS and such break secure boot? If you want to load (custom) kernel modules, just generate a key pair, sign the module yourself, import your MOK into your UEFI (once, assuming you use the same key for all your modules and also keep a backup of your reinstall your system) and secure boot will let you do that.
I’m running current NVIDIA drivers on Linux and that’s basically the setup to use them- and since that is already set up, i’d not even need to to anything specific to get it working for other things.
Note: I do not endorse kernel level anti cheat and would never load such a module, but the infrastructure for it is already there and can be used with secure boot…
I would guess it would break it in that people holding out on switching until every game they play is as simple to run in Linux as they are in Windows would probably consider that a deal breaking amount if work compared to staying on Windows.
I feel there's a trust problem here. I'm no Windows dev, so I don't know all the details, but since MS enforces secure boot, they have to play by the rules: Only trusted code can be executed with very high (kernel level) privileges. That's one of the reasons why they want to enforce signed binaries. Especially for drivers and other stuff.
On Windows that means only entities that MS trusts are allowed to execute high privileged code. Otherwise you wouldn't get your binaries signed by MS (or co-signed, or white-listed or whatever aproach they take in this scenario) and without signature, no execution. You need to trust MS, but you need to trust them anyways, as they control the chain of trust on boot and also create the very kernel you're running on. If they wanted to cheat you, it's be easy for them.
On Linux it's a bit different. Linux has the aproach that any user with root privileges is trustworthy. That's good for me, as I get a say on what runs on my hardware and how it runs. But for the anti cheat vendor that's now a huge problem, because a random person is now the one controlling the kernel, its integrity and the chain of trust on boot. Worse: It's usually the very person they're trying to observe if they're cheating. But how do you do this, if they (theoretically) have full control over the kernel and can run arbitrary kernel modules?
Now, I'm not saying that there's no trust in the Linux kernel and Windows were more secure - just that there are completely different assumptions about trust and trust boundaries that may lead to severe headaches for the anti cheat vendors.
You do realise 99% of people have no clue what the hell you just said and at least 80% will rather stay with the devil they know (Windows) than taking a course in both Linux System Administration + UEFI / Secure Boot configuration? I'm generally assuming a common user, not a dev with loads of free time. What you describe isn't just hard and takes a lot of knowledge to fully understand, it's potentially hazardous on the same level of e.g. editing the fstab or crypttab manually, something a user without deep system knowledge shouldn't have to do either as it could cause an unbootable state.
I stand by my point, DKMS breaks Secure Boot (as it requires highly technical user intervention on every single update to make the computer boot again, and very deep knowledge to fix it if something goes wrong).
Generally yes, but I wasn’t talking to them. If you switch operating systems, you need to do some work to learn how they work. Yes, Linix could be way more „noob friendly“. Yes, even distributions that make this process as painless as possible (e.g. Fedora that automates everything with
akmods) require you to load the generated MOK into your UEFI manually and that looks very scary (by design - it’s usually only a good idea to load a MOK if you know what you’re doing and why as it can break the whole trust concept of secure boot).The main problem with Linux for mass adoption is IMHO that there’s still many cases that require you to leverage the terminal or edit config files. And to some degree that there isn’t „one official way“ of doing or customizing things. Yes it’s cool to be able to do all those things and to have the freedom, but I also respect people that just want it to work and not need to tinker everywhere.