this post was submitted on 15 Aug 2024
30 points (96.9% liked)
Linux
48364 readers
1038 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No. You can use either a Fedora distro or regular default vanilla Ubuntu. Both of these package managers have a special shim keys that are signed by a 3rd party program from Microsoft.
If you want to run anything else, you need to self sign your key for secure boot. Gentoo has killer documentation on how to do this. It doesn't matter what distro you use. Secure Boot is outside of the Linux kernel. With Fedora, it is handled by their Anaconda system, (no relationship to the Python containers system by the same name).
I am mentioning the NVIDIA drivers. That is because there are new kernel modules that are open source. Maybe kernel signage is not needed with those ones. That is why I am asking.
Secure boot must have all kernel modules signed. The system that Fedora uses is a way that builds the drivers from source with every new kernel update. It works, but it can't be modified further.
The primary issue you will likely come across is that the nvcc compiler is not open source and it is part of the CUDA chain. You can't build things like lama.cpp without nvcc and have CUDA support. Most example type projects have the same issues. Without nvcc fully open, you are still somewhat limited. Also the toolchain for nvcc screws up the open source built stuff and will put you back at the train wreck of secure boot. If Nvidia had half a working brain, they would open source everything instead of the petty conservative nonsense stupidity that drives proprietary fools. There is absolutely no room in AI for anyone that lacks full transparency.
The opensource drivers are not included by default (out of tree) so no this is the same scenario.
If the boot files change, you cant just fix the signature. Thats a key feature of public-private-cryptography
This is entirely plausible, but I don’t know if it’s there yet. I’ve long since moved to AMD GPUs so I can’t really fiddle and find out. Give the open source drivers some time to mature.
Until then, you are reasonably safe running Linux with secure boot turned off. I’m no expert on the matter, but I’m not familiar with any ongoing threats to boot loader in Linux distributions. Stick to your official repos to be safest, unverified user maintained sources like AUR and COPR are possibly more likely to harbor security threats, don’t use them if you don’t need to or don’t know what you’re doing. Password your bios and require a password to log in to your operating system. Common sense is a better defense than secure boot.