I have an older computer that I use for some simple games. Its I5-7400, GTX-1050, 12GB memory, and an SSD - not new by any standards, but most of the games I’m playing are a decade old or more. I switched to Linux Mint today, since I don’t want to use Windows 11, but the performance on Mint is terrible compared to Windows 10. For example, in Portal 2’s native Linux version, I get like 10 fps in the title screen. War Thunder doesn’t even launch. The drivers are set to Nvidia’s proprietary drivers via the GUI. Am I missing something? I’d really rather not switch back to Windows.
Edit: VulkanInfo is saying, “ERROR: [Loader Message] Code 0: loader_scanned_icd_add: Could not get ‘vkCreateInstance’ via…”
It also seems to only be showing my CPU, not gpu? Not certain, since I don’t unstand a lot of the details, but it says, “deviceType = PHYSICAL_DEVICE_TYPE_CPU”.
Edit 2: turning off secureboot fixed it.
Evil maid is one advantage but signed modules is another. Secure boot can prevent you from loading unsigned kernel modules once booted.
You basically need to have both or your computer is practically open for anyone who has physical access to the device.
For my desktop I dont use either but for my laptop i’d never leave home without both.
deleted by creator
Once you’re booted secure boot is inactive. If there was a security benefit to only loading signed modules, then distros would have that enabled by default regardless of the secure boot status.
Iirc, requiring modules be signed is a requirement Microsoft put on the shim bootloader rather than Lunux’s choice. I could be mistaken here, I’m not too sure on the specifics.
Regardless, if someone has the ability to load or modify modules on an encrypted Linux install, they can just steal Firefox’s cookie jar and cut out the intermediate step.
I might be wrong on some of this so take it with a grain of salt but heres my view.
Its not only loading signed modules it enables kernel lockdown mode which prevents even the root user from accessing certain kernel functions. This prevents them from installing persistent malware and a host of other attacks. Fedora and other distros that ship secure boot do enable this.
Yes microsoft signs the shim but I believe other authorities are being worked on.
If someone gets root on your system they can do a lot of damage but you can still prevent it and limit it. Stealing my firefox cookies is much better than installing persistent malware. If my cookies are stolen I can clear the malware and reset my passwords, same cannot be said for loading something into the kernel.
My gut reaction is that there are a lot of ways, once you have root access, to have your changes persistent. For example, modifying/replacing binaries, adding new ones before old ones in the path, adding startup scripts, modifying config files. Kernel modules seem to be an overcomplicated way to go about it, especially since (afaik) it would need to be compiled against the specific kernel version.