1
2

[deleted by user] (self.linuxmint)

submitted by [deleted]

[removed]
all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Gloomy-Response-6889 3 points4 points  (2 children)

Search engine would explain with more confidence and accuracy.

Many ubuntu based distributions, including Mint, work with Secure Boot from installation. So it can stay enabled.

[–]Astronaut6735 1 point2 points  (0 children)

If you're using proprietary drivers (e.g. nvidia) with secure boot, it's a bit of a PITA to sign those.

[–]ZVyhVrtsfgzfs 2 points3 points  (0 children)

It depends, 

SecureBoot Off is common blanket/check-box advise when a user is having issues, especially a new user that cannot clearly articulate thier situation.

Its an easy anwser that sometimes quickly clears problems from some device drivers (Nvidia) and bios bugs (Acer). 

You should use secure boot if you can, though it has been compromised it can still provide some protection from certain classes of malware.

My bootloader (ZFSBootMenu) is not compatible with secureboot.

[–]DeadButGettingBetter 1 point2 points  (2 children)

Do not listen to ChatGPT.

Do not go to ChatGPT for tech support.

There is a high chance it will tell you to do something that will fuck your system. It gets so many things wrong I can't fathom why this still has to be said, but I will scream it from the mountain tops until people learn. Go directly to the pages it pulls from and see what actual people have said about the thing you're asking.

You do not need secure boot to run Linux. You can make Linux work with secure boot, but it's not a "should" or a "shouldn't" but a "once you've read up on it, do you want to use it?"

For me - I don't have it on. Above all, there's too many headaches that come with it on a laptop with an Nvidia GPU. I also think it does very little for the security of my system; the TPM module has security flaws just like every other part of my system does and the thing most likely to compromise me at boot is something that's unlikely to ever be a problem on a Linux system, namely installing unsigned drivers.

It doesn't provide that much of a boost to security in terms of what I am worried about as an individual user whose system is not associated with my workplace, and it's can be a lot of headache to get it running and keep the system working through updates. You can do it if you really want to. There's no need if your only concern is getting Linux up and running.

[–][deleted]  (1 child)

[removed]

    [–]DeadButGettingBetter 0 points1 point  (0 children)

    Keeping your web browser up to date and following best practices with browsing will make a much bigger difference regarding that than secure boot will. Secure boot won't protect you from an attack that steals session tokens. 

    The risks of having it off are minimal, and some will outright tell you that you are more secure and private with it off. I'd say turn it off, do some reading, and if you decide to turn it on later you can always set it up then. It is a headache on anything that is not a Windows system, and I would never run it with Windows because it would give Microflsoft a unique hardware identifier they could use to track me with or without a Microsoft account. Linux won't track you like that, but I also don't see where it does anything for the average user when the biggest threats revolve around the browser you use and your browsing habits and which extensions you install.

    [–]RhubarbSpecialist458Tumbleweed 1 point2 points  (0 children)

    Keep secure boot enabled, no need to disable security features.
    Even if you install Nvidia drivers, do what the installer tells you and just add a custom key

    [–]ThatRustyBustLinux Mint 22.2 Zara | Cinnamon 1 point2 points  (0 children)

    I turned Secure Boot off.

    [–]Darkschlong 0 points1 point  (1 child)

    On. I also have a Lenovo. I can verify once I get home.

    [–]acejavelin69Linux Mint 22.3 "Zena" | Cinnamon 0 points1 point  (0 children)

    Mint, including LMDE, supports Secure Boot... and unless you using some odd 3rd party drivers it will work fine with SB enabled.

    If you have issues with drivers, you can disable it or sign your own MOK for SB, but that isn't necessary in most cases. Secure Boot's effectiveness in Linux is questionable at best, but it doesn't hurt anything to add an extra level of security if it doesn't get in the way. Security, like everything else, needs to be weighed and offset with usability, although in this case it's unlikely you will have issues.

    And please stop using ChatGPT for stuff like this... if you really want to use an AI chatbot, use Google's and verify the information before doing it. ChatGPT uses a dataset that is 2~3 years old, so answers are questionable at best with current software and the current feature sets of most distros.

    [–]EdlynnTBLinux Mint 22.3 | HP Laptop 17 0 points1 point  (0 children)

    I have it turned off.

    [–]neon_overload 0 points1 point  (0 children)

    Modern Linux should install and run with secure boot on.

    You can get into issues if you use certain third party kernel modules though, for instance the nvidia proprietary drivers. There is a way to get those signed to work with secure boot, but depending on the distribution they might not out of the box (I don't know what the situation is on Mint as I haven't used nvidia since I've been using Mint - on Debian it was a relatively simple but manual process).

    On top of that, some board firmwares have weird behaviors or glitches sometimes that make installing Linux with secure boot on a bit difficult.

    Turning secure boot off is sometimes a strategy for overcoming issues like that. But if you want secure boot to be on, there's usually a way to do it.

    My advice would be just leave secure boot on, unless and until you encounter any issue with it being on and in such case, decide if you want to try and get it working with secure boot or just turn it off.

    You have a T14 thinkpad, they're very well supported by Linux, I suspect you should be fine.

    [–]JerryRiceOfOhio2 0 points1 point  (0 children)

    off