Agreed. The call trace shows it occurred as part of a drm_ function, which is related to the DRM (Direct Rendering Manager) subsystem.

There’s a chance it might not be the root cause, but the more obvious answer is that the Nvidia driver managed to corrupt a kernel data structure.

A thief doesn’t loudly announce that they just stole something.

Yeah, they’re are. I used sbctl to enroll and manage my own keys, and I chose to include the MS ones to ensure dual booting still worked properly.

Because of that hard-bricking motherboard problem, choosing to not include the MS keys is actually more effort due it being gated behind a flag and a mountain of warnings.

these games only accept the secure boot setup where the root key is that of microsoft’s.

I have a PC where I could actually test this. Custom MOK but with all the MS signatures in the database. I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.

Do you know if it would immediately reject the game from launching, or would I be flagged and banned later as some kind of ban wave?

The latter is something I would prefer to avoid.

Oh, the comment I directly replied to is absolutely justified in its downvotes. I actually meant to reply to a different comment of theirs.

There’s a lot of FUD and disinformation around Secure Boot and TPM 2.0 in general. When it comes to anticheat and those as requirements, people are dog piling IMO. The comments being cynical or exaggerating the security risk of the TPM to the user are getting more upvotes, while the comments that disagree with those are getting pushback.

secure boot enabled with machine owner keys wouldn’t be enough either for these games

They should be able to check which signing keys were used for every part of the boot process. Unless they want to be colossal assholes and check the MOK as well, they could still verify what they need without flagging Linux Secure Boot dual-booters as cheaters.

You quoted the end of my comment, so you must have read this part:

Together, they make it possible for anticheat to tell if something (like cheating software) tried to rootkit Windows as a way to evade detection.

For the threat model of anticheat software, verifying system integrity is not an unusual requirement.

The other reason is that I’m kinda verbose.

Some say, “why many words when few work?”

Others express their freedom to choose exactly to what extent of verbosity and verbiage they consider necessary in order to accurately and effectively communicate their previously-unspoken thoughts either through private correspondence or statements to some subset of the general populace.

Amazing. Crowdstrike did end up providing some benefit to users after all.

Once you delve into the technical specifics of Secure Boot and the TPM, it’s actually not that unusual. I wrote more detail in another comment on this post, but the TLDR of it is that Secure Boot is meant to enforce the integrity of the boot procedure to ensure that only approved code runs before the Windows kernel gets control, and the TPM 2.0 is meant to attest to that. Together, they make it possible for anticheat to tell if something (like cheating software) tried to rootkit Windows as a way to evade detection.

I don’t agree with the requirement, but it’s not a pointless requirement or some grand conspiracy to make people buy new hardware.

Sorry to see the downvotes on your comments explaining the technical stuff. You aren’t wrong, but people are cultish and like dog piling.

The entire idea of Secure Boot is to verify the boot chain using signature checks to ensure that nothing “unauthorized” runs in the boot process before control is handed off to the kernel. It’s meant to stop lower bootloader stages from silently modifying or hooking later stages.

In theory, it’s supposed to stop rootkits from being able to exist above the OS, hiding themselves while stealing information or influencing programs. In practice, there’s a shit load of badly implemented EFI programs and bootloaders that are signed and later turned out to be vectors for arbitrary code execution (this is why you need the DBX list to be updated frequently).

Cynically, Microsoft probably came up with Secure Boot because that whole rootkit-and-fuck-with-the-kernel thing used to be one of the ways people cracked Windows 7.

As for TPM 2.0, the whole point of it being used for anticheat is because it stores an immutable log of the Secure Boot process and attests to the integrity of the system. If I installed my own Secure Boot certificates and rootkitted Windows for the sole purpose of cheating, the TPM would see that a self-signed executable was used during boot and refuse to say the system was unmodified.

Edit: The downvote button is not a “I disagree” button. There is an actual technical reason why Secure Boot and TPM 2.0 are used in anticheat crap. I don’t agree with it or that they demand it as a requirement to even open the game, but it’s not some grand conspiracy to make you buy new PC hardware.

I agree with them when they say distros shouldn’t be theming their apps by default. When the packager breaks a package, it misleadingly gives users the impression that the software is at fault. Unless the distro itself is willing to field all the user complaints and bug reports, it just ends up causing problems for the maintainers.

Where I will never agree with them is in the demand that the developer has exclusive control over the application icon. It’s inconsequential to the software’s functionality, and if anyone thinks their brand should have more rights to a computer than the person who owns it, they can rightfully fuck off with the likes of Apple and Microsoft.

App Icons are the identity of an app. Changing an app’s icon denies the developer the possibility to control their brand.

Here’s an novel solution to that: fuck off! A lot of us use Linux because we’re sick of corporations and rightsholders trying to control how we use our devices while treating us as marketing tools by shoving their “vision” in our face.

Curious what kind of real world use makes it a good choice?

It’s declarative. Everything is (usually) configured via Nix itself, without requiring manual steps of running additional commands. This ends up being pretty useful when you have a fleet of devices that you want to configure.

Changing config is atomic. If you end up breaking your system when trying to tweak it, you can boot into the previous generation and try again with different settings.

How would this impact F-Droid in any way?

F-Droid itself builds the APKs to ensure that they’re reproducible and not signed on a development machine that could be compromised.

https://f-droid.org/en/docs/FAQ_-_General/#is-your-building-and-signing-process-secure

With these changes, either:

• They use Google’s developer identity process to sign every APK they build with their own developer identity, which Google is likely not going to allow or is going to quickly find an example of a “malicious” app so they can blacklist all of them; or
• They stop building APKs and just trust the developer provides a non-malicious, pre-verified APK;
• They find a way to mediate the process between the original developer and Google. Knowing Google, they would make it as needlessly painful for everyone involved to discourage and punish alternative app stores.

They also aren’t learning skills that will help them when they are released

That’s by design. Teaching people skills to support themselves gives them an opportunity to break out of the cycle of recidivism. Teaching people skills that are useless for most employers but are profitable to the slavers ensures that they are left disadvantaged, where they’ll eventually end up back in prison for another round.

To the same end, having a culture where employers are legally permitted to background-check candidates for any old job makes it harder for reformed criminals to reintegrate into society.

When adding “tough on crime” politicians and their legislature to the mix, you can begin to see exactly what the goal is.

They just have no legal recourse if the reward is not paid.

Even if they did, anyone desperate enough for the vague promise of money isn’t going to have enough of it to hire a lawyer.

I think most (all?) linux distros could learn a lot from ACTUALLY showing the error when the machine dies a horrible death

Linux recently DRM (Direct Rendering Manager, not copyright protection garbage) subsystem recently gained the ability to do something even better.

It can render a QR code containing debug information and kernel logs.

Oh, absolutely.

I would understand paying for online news as an alternative to ads, and only if the news organization does actual reporting free from political or billionaire interference.

Off the top of my head, I can think of exactly one news website that seems to meet that criteria at a surface level.

For everything else, fuck 'em— archive.is :)