Do you have any advice for someone that dual boots SteamOS and Windows 10 on a Steam Deck?
I’ve heard online that since SteamOS manually signs keys or something, that if any changes happen to the kernel that later need to be updated by SteamOS, I’d need to re-sign the keys or whatever. Idk I’m not well versed in any of this
I’ve heard it’s as easy as downloading the M$ keys to enable Secure Boot, but I also don’t want to brick my Deck.
Windows 10 support is ending soon so there’s no reason to have it on your steam deck. Steam will stop supporting it sooner after Microsoft does, just like steam does with Apples operating system.
Needlessly intrusive. Can obviously be circumvented by cheaters anyway, so quite possibly superfluous. Apart from that it protects against the kinds of attacks that typically require physical access to the computer. If you have physical access you have full access anyway. Etc.
I get your pc, “tamper” it, then i install a fake bios that tells you all is well and that your tpm and secureboot and whatever else bullcrap they invent is still happy.
A USB keylogger is not detectable by the computer, not in firmware nor operating system. It passively sniffs the traffic between the USB keyboard and the computer, to be dumped out later.
beautiful. fuck secureboot.
Why?
Im fairly certain any legacy hardware that doesn’t have secure boot as an option is going to struggle loading BF6 regardless.
The first two points are not related to secure boot at all.
you think loading my own kernel modules is not related to secure boot? i guess you don’t work in IT then.
It doesn’t matter which kernel modules are used, as long as you have signed those changes before rebooting.
You can’t install most linux distributions with secure boot enabled.
This is outdated information. Linux has supported secure boot for quite a while now.
Do you have any advice for someone that dual boots SteamOS and Windows 10 on a Steam Deck?
I’ve heard online that since SteamOS manually signs keys or something, that if any changes happen to the kernel that later need to be updated by SteamOS, I’d need to re-sign the keys or whatever. Idk I’m not well versed in any of this
I’ve heard it’s as easy as downloading the M$ keys to enable Secure Boot, but I also don’t want to brick my Deck.
Windows 10 support is ending soon so there’s no reason to have it on your steam deck. Steam will stop supporting it sooner after Microsoft does, just like steam does with Apples operating system.
Windows 10 commercial is ending, not the LTSC versions. Those are good for another 2-7 years iirc
Really? Which would those be? So far I haven’t come upon one.
I don’t think he needs a winning argument. I think EA needs to justify this kernel level AC, not the other way around.
I’m agreeing with point 4.
Weird, for me it was just flicking the switch in UEFI and now Grub and through it Windows 10 and Fedora 43 boot in Secure Boot.
Needlessly intrusive. Can obviously be circumvented by cheaters anyway, so quite possibly superfluous. Apart from that it protects against the kinds of attacks that typically require physical access to the computer. If you have physical access you have full access anyway. Etc.
You know secure boot was specifically made to protect users for this exact use case. Any tampering of the system will prevent the system from booting.
I get your pc, “tamper” it, then i install a fake bios that tells you all is well and that your tpm and secureboot and whatever else bullcrap they invent is still happy.
See the problem?
It won’t boot though, because the keys to decrypt the system are stored in the TPM.
Sure you could replace the whole OS, but that’s going to be very obvious and won’t allow you access to the data.
If you have physical access you could go into the bios and turn off secure boot
If you enable Secure Boot you should also set a BIOS password for this very reason.
So, if you set a bios password either way, which benefit does secureboot give?
I think you can reset a bios password by taking the CMOS battery out or something?
Isnt it possible to have a recovery key? Isnt that technically a backdoor? Maybe the terms are not correct but there is a way in physically.
A person with physical access can tamper with the OS, then tamper with the signing keys. Most secure boot systems allow you to install keys.
Secure boot can’t detect a USB keylogger. Nothing can.
The signature checks will immediately fail if ANY tampering has occurred.
Adding a USB keylogger that has not been signed will cause a signature verification failure during boot.
A USB keylogger is not detectable by the computer, not in firmware nor operating system. It passively sniffs the traffic between the USB keyboard and the computer, to be dumped out later.
If your keys are stored in the TPM for use during the secure boot phase, there will be nothing for it to log.
No, encrypt your drives.