this post was submitted on 14 May 2024
21 points (95.7% liked)

linux4noobs

1388 readers
1 users here now

linux4noobs


Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.


Seeking Support?

Community Rules

founded 1 year ago
MODERATORS
 

I got most of my games run pretty good now with the help of Steam compatibility and Wine now what should I do moving forward, win11 is a strong no go because I heard rumors about Microsoft locking bootloader with software update and I can't stand fucking copilot/edge, should I wait until EOL or do it now? I'm pretty noob when it comes to Linux but I know what distro I'll use (Fedora+KDE). Sorry for bad grammar English is not my first language

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

The info on the bootloader is wrong. Secure Boot in UEFI is important to understand. The actual bootloader is the largest vulnerable surface area in a modern computer with a fully encrypted drive.

Linux itself does not support SB in the kernel. SB is a mechanism to steal ownership from the end user. You can find a document that says the exact opposite; typical of corporate gaslighting from the members of the UEFI consortium. The specification for Secure Boot includes a provision to allow the end user to create and sign their own SB key set. However, the design specification is not a required implementation and in many cases you will find this is not implemented in consumer grade hardware. There is a tool called Keytool that can boot directly into UEFI (wrap your head around that and you'll understand why this might be important). Good luck finding solid documentation for Keytool though. Gentoo has a guide, but all Gentoo documentation assumes a very high level of competence.

The reason people have issues with Linux and W11 coexisting is because they are not addressing the issue of UEFI Secure Boot. W11 only works with SB. If you boot into a SB distro, it will do exactly what it is supposed to do and remove any unsigned bootable code.

If you can't change SB keys for self signed, both Fedora and Ubuntu include a shim key outside of Linux. The final package manager signs this shim key with a Microsoft 3rd party key signing system m$ created. If you use one of these distros with a shim, you will not be able to mess with kernel space at all (read: potential Nvidia issues), but Linux and Windows can coexist in any configuration.

I never use W11, and I have a copy on a separate drive, but I have a W11 partition on the same NVME as Linux with no issues whatsoever using Fedora with the shim key.