- 0 Posts
- 45 Comments
This isn’t foolproof. A lot of malware these days is resistant to analysis because they can detect that they’re running in a sandbox and refuse to run the malicioua code.
dafta@lemmy.blahaj.zoneto Linux Gaming@lemmy.world•Gaming on Linux hasn't been great so far... | JayzTwoCents [27:59]English10·2 months agoYeah, if you’ve got two EFI partitions on separate disks and one is for Windows while the other is for your Linux, you’re good. Windows likes to reinstall its bootloader which sets it as the default and sometimes overwrites the Linux bootloader, but not if it’s on a different EFI partition, then it doesn’t “know” about it.
dafta@lemmy.blahaj.zoneto Linux Gaming@lemmy.ml•Battlefield 6 requires secure boot to be enabled and activeEnglish2·2 months ago- This is with systemd-boot, which I switched to because it’s easier to use a unified kernel image with, but it should work just fine with grub as well. The last step will sign everything that needs to be signed, including grub and the kernel images.
- You only need to trigger a re-sign if you update grub using grub-install. If you just change the grub config, you don’t need to re-sign it because the config is loaded once the signed grub is already booted. This is another reason why I went with systemd-boot and unified kernel images, because I work with sensitive data and maybe I’m a bit too paranoid, and don’t want anyone to be able to tamper with my boot in any way. This is also possible with grub and using an encrypted boot partition, but systemd + UKI + full system encryption was just easier. If you’re not worried about evil maid attacks and just want secure boot, grub will work with no additional setup.
- No issues with the pacman hook, it triggers every time there’s a kernel update or nvidia update, and since I’m using mkinitcpio and UKI, the signing is usually already done by mkinitcpio before the pacman hook is ran, so the pacman hook doesn’t really ever do anything. It’s all done in the mkinitcpio hook.
As for bricking your motherboard, this only happens if your motherboard or any other component uses the microsoft vendor keys as part of the boot sequence, and it’s only really a hard brick if it’s your motherboard that uses it. If it’s any other component, you can remove it and readd the microsoft keys and it’ll work again when you add the component back.
And the key part here is replacing the platform keys. If you just always use the -m flag on sbctl enroll-keys, you’ll enroll both your own keys and microsoft’s, meaning no replacing necessary. If you always use -m, there’s no real risk really, because you’ll always add the microsoft keys that your hardware might need. Plus, if you’re dual booting with windows, you need the -m to have windows secure boot work, anyway.
If you’re extra paranoid, you can also add the -f option which should also include all the keys that your motherboard comes with by default, if it contains more than just microsoft’s keys, but this shouldn’t really be necessary.
dafta@lemmy.blahaj.zoneto Linux Gaming@lemmy.ml•Battlefield 6 requires secure boot to be enabled and activeEnglish3·2 months agoI’m saying this as someone who has a self-signed key + kernel + bootloader + dual boot with windows. I have Arch and I dual boot windows, and the setup was literally three commands.
Enable secure boot setup mode and then do the following:
sbctl create-keys
to create the keyssbctl enroll-keys -m
to enroll the keys to BIOS, including microsoft keyssbctl verify | sed -E 's|^.* (/.+) is not signed$|sbctl sign -s "\1"|e'
to sign everything that needs to be signed.And everything is signed automatically on an update with a pacman hook that comes by default when installing sbctl.
That wiki entry lists all the possible ways to do it, for all combinations of bootloaders and secure boot tools. You only need one of them, for example 3.1.4. which is what I just described.
dafta@lemmy.blahaj.zoneto Linux@programming.dev•Microsoft's Secure Boot UEFI bootloader signing key expires in September, posing problems for Linux usersEnglish4·3 months agoIt won’t turn off your TPM, but if you’ve set it up correctly (by using PCR7), the TPM won’t allow decrypting your data without secure boot.
dafta@lemmy.blahaj.zoneto Games@lemmy.world•Has the live-service dream crashed back down to earth? | OpinionEnglish2·3 months agoAdventureQuest Worlds my beloved
dafta@lemmy.blahaj.zoneto Linux@programming.dev•Bash 5.3 Released With Many ImprovementsEnglish19·3 months ago.config/bash/bashrc
dafta@lemmy.blahaj.zoneto Privacy@lemmy.dbzer0.com•Using Signal groups for activismEnglish1·4 months agoOk.
dafta@lemmy.blahaj.zoneto Privacy@lemmy.dbzer0.com•Using Signal groups for activismEnglish2·4 months agoI’d say that the principal claim is that they can’t see your messages and that they have no incriminating data on you. No judge can order them to hand over your data and incriminate you because they don’t have that data. What exactly is the very little data they have is less important.
dafta@lemmy.blahaj.zoneto Privacy@lemmy.dbzer0.com•Using Signal groups for activismEnglish2·4 months agoYeah, they likely misremembered that it was timestamps instead of IPs.
dafta@lemmy.blahaj.zoneto Privacy@lemmy.dbzer0.com•Using Signal groups for activismEnglish11·4 months agoWhich claim are you referring to?
dafta@lemmy.blahaj.zoneto Privacy@lemmy.dbzer0.com•Using Signal groups for activismEnglish61·4 months agoIt’s been proven in court several times. The only information they keep is your phone number, unix timestamp of your account creation, and the unix timestamp of when you were last online.
dafta@lemmy.blahaj.zoneto Linux Gaming@lemmy.world•Anyone have Rocket League running smoothly on Gnome?English2·4 months agogame-performance is CachyOS’ script to set the power profile to performance while the game is running and restore it to what it was before when the game closes.
dafta@lemmy.blahaj.zoneto Linux Gaming@lemmy.world•Anyone have Rocket League running smoothly on Gnome?English1·4 months agogame-performance is CachyOS’ script to set the power profile to performance while the game is running and restore it to what it was before when the game closes.
Edit: Also, here’s the Arch wiki page for prime-run.
dafta@lemmy.blahaj.zoneto Technology@lemmy.world•In 2025, Apple still makes it hard to play your own MP3s, so I wrote my own appEnglish3·5 months agoMy GF has an iphone, and on KDE I can just connect it via USB and it’s visible in the file manager.
There’s also this.
dafta@lemmy.blahaj.zoneto Technology@lemmy.world•In 2025, Apple still makes it hard to play your own MP3s, so I wrote my own appEnglish3·5 months agoMy GF has an iphone, and on KDE I can just connect it via USB and it’s visible in the file manager.
There’s also this.
dafta@lemmy.blahaj.zoneto Programming@programming.dev•What's your favorite IDE right now?English71·5 months agoThere’s avante.nvim for LLM integration, it supports most if not all LLM vendors at the moment.
I tried it, however, and got to the same conclusion as you. Not worth it.
Breezy Weather
Not affiliated, just discovered this amazing app relatively recently.