I have an older computer that I use for some simple games. Its I5-7400, GTX-1050, 12GB memory, and an SSD - not new by any standards, but most of the games I’m playing are a decade old or more. I switched to Linux Mint today, since I don’t want to use Windows 11, but the performance on Mint is terrible compared to Windows 10. For example, in Portal 2’s native Linux version, I get like 10 fps in the title screen. War Thunder doesn’t even launch. The drivers are set to Nvidia’s proprietary drivers via the GUI. Am I missing something? I’d really rather not switch back to Windows.
Edit: VulkanInfo is saying, “ERROR: [Loader Message] Code 0: loader_scanned_icd_add: Could not get ‘vkCreateInstance’ via…”
It also seems to only be showing my CPU, not gpu? Not certain, since I don’t unstand a lot of the details, but it says, “deviceType = PHYSICAL_DEVICE_TYPE_CPU”.
Edit 2: turning off secureboot fixed it.
this is really stupid advice. Secureboot should be installed on laptop otherwise your device is as good as open. Sure it has some CVEs but its a big step up in security and its getting better and better on linux.
This performance issue is likely due to an issue with the driver not with secure boot itself. Maybe since it is an old driver it wasnt signed.
privileged little cunt and genocide voter
What advantage does secure boot have compared to full disk encryption? The only examples I’ve seen have been contrived evil maid attack that fails under scrutiny.
Evil maid is one advantage but signed modules is another. Secure boot can prevent you from loading unsigned kernel modules once booted.
You basically need to have both or your computer is practically open for anyone who has physical access to the device.
For my desktop I dont use either but for my laptop i’d never leave home without both.
deleted by creator
Once you’re booted secure boot is inactive. If there was a security benefit to only loading signed modules, then distros would have that enabled by default regardless of the secure boot status.
Iirc, requiring modules be signed is a requirement Microsoft put on the shim bootloader rather than Lunux’s choice. I could be mistaken here, I’m not too sure on the specifics.
Regardless, if someone has the ability to load or modify modules on an encrypted Linux install, they can just steal Firefox’s cookie jar and cut out the intermediate step.
If you have to choose between one, then yes; full disk encryption is superior. But they should ideally be used in tandem.
Without secure boot, you are vulnerable to evil maid attacks. A bad actor can modify your bootloader (which has to remain unencrypted) in a way that allows them to steal your encryption keys. Secure Boot prevents running unsigned bootloaders, which negates this risk.
If someone has access to your device enough to modify your bootloader they could also just install a hardware keylogger or hidden camera and get your password that way.
Sure, but that’s much harder to do undetected. Don’t let perfect be the enemy of good. Secure Boot still prevents against particular types attacks.
I get that perfect is the enemy of good, but you also need to have defined threat models. Secure boot protects against people covertly taking your ssd, putting it in their own device, overwriting the OS with one that looks identical but is a key logger, and then putting it back in your system. Yet systems with secure boot have no tooling to stop attackers from just… Putting a hardware keylogger inline with the keyboard.
I second SavvyWolf. Full disk encryption is better than SecureBoot. SB is security theater for people who don’t know what they’re doing and don’t know how to avoid getting their laptop infected in the first place. As I said before, SB has already been defeated. Every hacker/malware can bypass it already. It’s like pretending you have armor on and going headlong into a sword fight.