• areyouevenreal@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    5 months ago

    I don’t use or particularly believe in secure boot.

    I have a fully encrypted root partition, with automatic unlocking using the TPM. Wasn’t even that hard to setup either. Bazzite makes it fairly easy to enroll a secure boot key if you really want that, as do some other distros. Nothing you are describing is that difficult.

    A lot of systems use AppArmour instead of SELinux, as this is easier to work with while still providing enhanced security.

    • ruse8145@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      It’s not hard to set up if you already have sufficient baseline technical knowledge to feel comfortable copy-pasting the right commands from the Internet with hope that you don’t brick your computer (which ironically fedora or opensuse kinda did although I eventually found out how to work around the failure which makes my laptop permanently unable to use an older version of Linux lololol).

      Arch was really easy to set up, I followed tutorials for fedora from fedora which never worked, and opensuse worked until a power outage then never again. So easy. So simple.

      Secureboot with shim is the easiest, the arch (/standalone) way seems to work better and more securely since it’s my own keys, but again depends on feeling a lot of unearned confidence. Some distros like Ubuntu and suse include mechanisms for secureboot, others do not, hence hit or miss.

      Tldr I know what you’re telling me, and from my pov and experience none of that changes what I said for the average “go on, try Linux, you’ll like it” user.