this post was submitted on 21 Jul 2023
35 points (100.0% liked)
Technology
39479 readers
190 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not necessarily, most motherboards and laptops (at least every single one I've ever owned) allow users to enroll their own Secure Boot keys and maintain an entirely non-Microsoft chain of trust. You can also disable secure boot entirely.
Major distros like Ubuntu and Fedora started shipping with Microsoft-signed boot shims as a matter of convenience, not necessity.
Secure Boot itself is not some nefarious mechanism, it is a component of the open UEFI standard. Where Microsoft comes in to play is the fact that most PC vendors are going to pre-enroll Microsoft keys because they are all shipping computers with Windows, and Microsoft wants Secure Boot enabled by default on machines shipping with with their operating system.
You can't disable secure boot if you want to use your Nvidia GPU :( though. [edit2: turns out this is a linux mint thing, not the case in Debian or Fedora]
Edit: fine, there may be workarounds and for other distros everything is awesome, but in mint and possibly Ubuntu and Debian for a laptop 2022 RTX3060 you need to set up your MOK keys in secure mode to be able to install the Nvidia drivers, outside secure mode the GPU is simply locked. I wasn't even complaining, there is a way to get it working, so that's fine by me. No need to tell me that I was imagining things.
My experience is that Nvidia plays nicer without secure boot. Getting Fedora up and running with the proprietary Nvidia drivers and fully working SecureBoot was quite a headache, whereas everything just worked out of the box when I disabled it.
But this is very much an Nvidia problem and not a SecureBoot problem. There is a reason basically no-one else provides their drivers as one-size-fits-all binary kernel modules.
For now. They're boiling the frog slow.
Microsoft doesn't control the standard, and the entire rest of the industry has no reason to ban non-Windows operating systems.
Widnows doesn't have the stranglehold over the market that it once did.
Windows 11 is saying you're required to have tpm 2.0 enabled in your bios in order to upgrade. Didn't know what it was on my self built computer until recently when windows said my system wasn't compatible to upgrade.
TPM and SecureBoot are separate UEFI features. Windows 11 requires TPM 2.0. If your system meets the CPU requirements, then it should support this without needing to install a hardware TPM dongle. However, until recently, many vendors turned had this feature turned off for some reason.
Where some confusion comes in is another Windows 11 requirement, that machines be SecureBoot capable. What this actually means in practice is that your system needs to be configured to boot in UEFI mode rather than CSM ("Legacy BIOS") mode.