No, there is no option for secure boot atm on preview. I'm not sure what kitten is talking about. I wouldn't be surprised to see it there shortly since it's a feature on every pc bios I've seen in the last 10 years.

Messaggio originale di KittenGrindr:

Sorry, fTPM support was added because the hardware was already there.

Secure Boot is software that just needs to be enabled in the bios/firmware, so from that point of view it is also "already there".

Messaggio originale di maxRunner:

Secure Boot is software that just needs to be enabled in the bios/firmware, so from that point of view it is also "already there".

Secure Boot would prevent Windows from being booted at all unless Valve enrol Microsoft's keys as being trusted.

Messaggio originale di WarnerCK:

Secure Boot would prevent Windows from being booted at all unless Valve enrol Microsoft's keys as being trusted.

This is standard practice since the beginning of time (that is, since 2012 or whenever secure boot came about). I remember when Fedora controversially paid microsoft money to avail themselves of their key.

oooh ooh. In 20212 most linux installers didnt even support UEFI and secure boot had to permanently switched off. UEFI could be switched on post install. Learning Linux now supports secure boot today is very interesting indeed.

Makes sense to me that Valve will provide UEFI keys for windows on Deck as part of the dual boot support update coming soon.

Is UEFI switched on in Deck ootb as it ships?

Secure boot obviously aint but am more convinced that it may very well come with dual boot update after you guys explaing the kernel ant i cheat thing is possible on linux though with caveats - as always with linux lol.

Messaggio originale di maxRunner:

This is standard practice since the beginning of time (that is, since 2012 or whenever secure boot came about). I remember when Fedora controversially paid microsoft money to avail themselves of their key.

OEMs trust Microsoft's key because they sell hardware that comes with Windows. Valve do not sell hardware that comes with Windows.

Yes, if it still works the same way it did back then, the bios requires microsoft's key. The key was used to sign a shim for linux. The shim loaded grub/boot loader, which then had the option to sign later parts of the chain.

Messaggio originale di WarnerCK:

OEMs trust Microsoft's key because they sell hardware that comes with Windows. Valve do not sell hardware that comes with Windows.

That's not true, the keys were built into bioses that came with no OS. I know, I always build my own pcs. Look I get your point, it's kind of crappy. But that's the way it works. Only Valve can decide whether they will allow windows 11 to boot under secure boot.

Messaggio originale di Balderick:

Is UEFI switched on in Deck ootb as it ships?

Yes

Wasnt it UEFI 2.0 that brought secure boot with the arrival of windows 10?
There were earlier implemetations of EFI on many devices before the secure boot thing became a thing.

I had first gen AMD LLiano APU mobo that had that basic EFI with no secure boot. It was from 2011. It took me six months to work out and needed a lot of help how to install linux using EFI. lol

You very knowledgible guys maxRunner WarnerCK

The biggest reason for Valve to allow secure boot to be enabled on Deck is for gaming, so am hopeful it will come.

Messaggio originale di maxRunner:

Yes, if it still works the same way it did back then, the bios requires microsoft's key. The key was used to sign a shim for linux. The shim loaded grub/boot loader, which then had the option to sign later parts of the chain.

UEFI does not require trust of Microsoft's key unless one is using Windows. Canonical's key, or Red Hat's key, or even a hypothetical Valve key, are perfectly sufficient if one is only booting Linux but wishes to use Secure Boot. One can also sign their own software and trust their own key.

The signed shim is only because OEMs habitually pre-load trust in Microsoft's key, but don't habitually pre-load trust in keys from Linux vendors, because they sell machines with Windows and Microsoft don't want them to turn off Secure Boot. Again, Valve do not sell machines with Windows. They are under no obligation to trust Microsoft.

Messaggio originale di WarnerCK:

UEFI does not require trust of Microsoft's key unless one is using Windows. Canonical's key, or Red Hat's key, or even a hypothetical Valve key, are perfectly sufficient if one is only booting Linux but wishes to use Secure Boot. One can also sign their own software and trust their own key.

The signed shim is only because OEMs habitually pre-load trust in Microsoft's key, but don't habitually pre-load trust in keys from Linux vendors, because they sell machines with Windows and Microsoft don't want them to turn off Secure Boot. Again, Valve do not sell machines with Windows. They are under no obligation to trust Microsoft.

Correct. You are acting like this is a barrier. It is not.

Messaggio originale di maxRunner:

That's not true, the keys were built into bioses that came with no OS.

Fine: "because they sell hardware with Windows or expect the majority of their customers to use their hardware with Windows."

Not using Windows is the specific point of the Steam Deck.

Messaggio originale di WarnerCK:

Not using Windows is the specific point of the Steam Deck.

Unless, you know, Gabe has something to say about it.

Messaggio originale di maxRunner:

Correct. You are acting like this is a barrier. It is not.

It's the part that isn't "already there." If they just turned on Secure Boot without doing anything else, that group of people that wanted to use the unsupported Windows on the Deck would be prevented from doing so.

Valve could enrol trust in Microsoft's key specifically to help those customers, or they could just not bother with the Secure Boot stuff at all.

It would be fair to say Deck was built from ground up for SteamOS but i disagree with the "not for windows" better windows support is just wip and evewn SteamOS is still wip on Deck and all the firmware on Deck is wip

How Valve managed to get Deck into the wild in a working state when all the software ws not really ready is absolutely remarkable.

Do the current gen consoles support secure boot?