I've been looking into Secure Boot because I'm considering booting Puppy Linux, which requires it to be disabled. My main concern is understanding how critical Secure Boot really is from a practical standpoint. Like, in the real world, how often do people get attacked by threats like rootkits or bootkits in a way that Secure Boot would have potentially shielded them? It seems many Linux distributions, including Linux Mint, don't mandate having it enabled, so isn't it often safe to disable it? I'm particularly cautious because I've downloaded some questionable files over the last five years on my primary Windows PC. I want to know if disabling Secure Boot on my main computer is a risky move, especially since I plan to dual boot in the future. I'd appreciate insights from anyone who's dealt with this topic before!
5 Answers
You might not need Secure Boot at all, especially if you’re cautious with what you install. Most security problems stem from users downloading random files and applications—Linux typically mitigates that risk by making it inconvenient to run things as root. Don't stress too much about it unless you're particularly worried or have sensitive data on the machine.
Secure Boot doesn't completely prevent security issues; it only stops your computer from booting if something like the bootloader is tampered with. There are many other ways harmful software can get into your system, especially if you're using an OS like Puppy Linux, which runs much of its software with root permissions. Generally, most Linux distros have better security practices regarding software installation and user permissions compared to Puppy, so unless you're consistently downloading untrusted sources, you're less likely to encounter serious threats with those.
For my main PC, I prioritize full-disk encryption over Secure Boot, especially since it mostly stays at home. If you encrypt your sensitive files and stick to reputable sources for your installations, it can provide a good layer of security without the need for Secure Boot. Just keep your system updated, and you should be good to go!
It's worth mentioning that while many Linux distributions work just fine with Secure Boot, disabling it may not have a significant downside unless you're using your machine for specific purposes, like gaming. Some games have anti-cheat systems that require a signed kernel, and if you plan to play those, you might want to keep Secure Boot enabled. On the whole, though, if you're just using your computer for everyday tasks and feel comfortable with your security practices, you can likely disable it without too much concern.
Yeah, I've had to deal with those gaming requirements before! If you're not in the gaming scene, though, the risk is minimal.
Honestly, I’ve always kept Secure Boot off and rarely faced issues. If you don’t have sensitive information on a laptop you take everywhere or handle personal data that's critical, you might be just fine without it. For most everyday users, it just adds complexity without much real-world benefit. Just remember to practice safe browsing habits!

That makes sense! I guess being cautious with downloads is key.