this post was submitted on 08 Jul 2026
12 points (73.1% liked)

Linux Gaming

26684 readers
294 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

No memes/shitposts/low-effort posts, please.

Resources

Help:

Launchers/Game Library Managers:

General:

Discord:

IRC:

Matrix:

Telegram:

founded 3 years ago
MODERATORS
 

So probably not clear from title but I’d say this is a Linux problem. Basically I’m using sbctl to sign the cachyos kernel on fedora since it eeks out a little performance and also as I understand it it uses a slightly differently scheduler so my computer doesn’t lock up when hitting a steam download hard. I’ve only just started getting the error recently so I’m assuming it’s related to the MS secure boot key stuff that happened in June. I have confirmed that using the default provision from my mobo doesn’t trigger the vanguard error. Trying to figure out a solution, otherwise I guess I have half a mind to just nuke shitty windows forever again. I’ll take either an alternative solution to the cachyos kernel or a solution to the keys. What I don’t understand is doesn’t sbctl enroll the default keys from your mobos firmware anyway? Is this simply that ANY modification to my secure boot keys is somehow a problem with vanguard now? Thanks all!

you are viewing a single comment's thread
view the rest of the comments
[–] tekato@lemmy.world 3 points 6 days ago (1 children)

What’s the “default provision” on your motherboard and which one are you currently using? If secure boot is enabled with TPM, Valorant should boot. It doesn’t matter that you have another OS installed as long as it isn’t running at the same time as Windows.

[–] galaxy_nova@lemmy.world 2 points 6 days ago (1 children)

Default is whatever the motherboard provisions when reset to default settings. I’m using custom which is my own keys generated with sbctl + whatever is baked into my motherboard or at least that’s what I understand sbctl will do.

[–] tekato@lemmy.world 1 points 5 days ago (1 children)

Yeah that’s weird. Does sbctl status say Secure Boot: Enabled? What does it say on Vendor Keys?

[–] galaxy_nova@lemmy.world 1 points 4 days ago

Yes to the former, for the latter it says microsoft builtin-db builtin-KEK