[dabockster]

This is a part of Secure Boot, which Linux people have raged against for a long time. Mostly because the main key signing authority was Microsoft.

But here's my rub: no one else bothered to step up to be a key signer. Everyone has instead whined for 15 years and told people to disable Secure Boot and the loads of trusted compute tech that depends on it, instead of actually building and running the necessary infra for everyone to have a Secure Boot authority outside of big tech. Not even Red Hat/IBM even though they have the infra to do it.

Secure Boot and signed kernels are proven tech. But the Linux world absolutely needs to pull their heads out of their butts on this.

[ndriscoll]

The goals of the people mandating Secure Boot are completely opposed to the goals of people who want to decide what software they run on the computer they own. Literally the entire point of remote attestation is to take that choice away from you (e.g. because they don't want you to choose to run cheating software). It's not a matter of "no one stepped up"; it's that Epic Games isn't going to trust my secure boot key for my kernel I built.

The only thing Secure Boot provides is the ability for someone else to measure what I'm running and therefore the ability to tell me what I can run on the device I own (mostly likely leading to them demanding I run malware like like the adware/spyware bundled into Windows). I don't have a maid to protect against; such attacks are a completely non-serious argument for most people.

[wredcoll]

Is there any even theoretically viable way to prevent cheats from accessing a game you're running on a local machine without also disabling full user control of your system?

I suppose something like a "reboot into '''secure''' mode" to enable the anti-cheat and stuff, or maybe we'll just get steamplay or whatever where literally the entire game runs remote and streams video frames to the user.

[cogman10]

And all this came from big game makers turning their games into casinos. The reason they want everything locked down is money is on the line.

[jpalawaga]

anti-cheat far precedes the casinoification of modern games.

nobody wants to play games that are full of bots. cheaters will destroy your game and value proposition.

anti-cheat is essentially existential for studios/publishers that rely on multiplayer gaming.

So yes, the second half of your statement is true. The first half--not so much.

[cogman10]

> anti-cheat far precedes the casinoification of modern games.

> nobody wants to play games that are full of bots. cheaters will destroy your game and value proposition.

You are correct, but I think I did a bad job of communicating what I meant. It's true that anti-cheat has been around since forever. However, what's changed relatively recently is anti-cheat integrated into the kernel alongside requirements for signed kernels and secure boot. This dates back to 2012, right as games like Battlefield started introducing gambling mechanics into their games.

There were certainly other games that had some gambly aspects to them, but 2010s is pretty close to where esports along with in game gambling was starting to bud.

[codeflo]

There are plenty of locked down computers in my life already. I don't need or want another system that only runs crap signed by someone, and it doesn't really matter whether that someone is Microsoft or Redhat. A computer is truly "general purpose" only if it will run exactly the executable code I choose to place there, and Secure Boot is designed to prevent that.

[mhitza]

I don't know overall in the ecosystem but Fedora has been working for me with secureboot enabled for a long time.

Having the option to disable secureboot, was probably due to backlash at the time and antitrust concerns.

Aside from providing protection "evil maid" attacks (right?) secureboot is in the interest of software companies. Just like platform "integrity" checks.

[packetlost]

I'm pro secure boot fwiw and have had it working on my of my Linux systems for awhile.

[esseph]

I'm not giving game ownership of my kernel, that's fucking insane. That will lead to nothing but other companies using the same tech to enforce other things, like the software you can run on your own stuff.

No thanks.