#Is there really a benefit in having Secure Boot enabled?

Just curious.

On distros like Ubuntu and Mint, I kept Secure Boot enabled because they already supported this feature. On Arch, however, I thought that keeping SB on was too much of a hassle, so I was disabling it every time I tried Arch or an Arch-based distro.

Kinda feel like trying out LMDE for the funnies and seeing if I'll be 100% fine without associating with Ubuntu/Canonical in any way. I'd like to know if it supports SB. And even if it doesn't, I'd like to hear if I really lose something or even become more vulnerable with SB disabled.

Note: I have an Nvidia GPU. I heard that LMDE doesn't have a Driver Manager, so you gotta install drivers like in the OG Debian – using the terminal.

Secure boot supposedly protects you by preventing boot malware and rootkits. SB will only allow verified bootloaders and OS kernels (and by extent, their drivers) to load during the boot process.

Specifically...

Secure Boot checks the cryptographic signature in the operating system's bootloader to see if it matches a registered key in the UEFI firmware. If a match is found, the boot process proceeds. If Secure Boot cannot verify the boot loader, the system will generate an error and the boot process will halt. Most of today's computers are configured with UEFI firmware.

However, long time Linux users are aware that SB is largely a pain in the ass, particularly in the context of device drivers.

And considering major exploits against it, there's the notion that there's relatively insignificant benefit in keeping them on.

Coming from this excerpt...

SB will only allow verified bootloaders and OS kernels (and by extent, their drivers)
SB will only allow a device driver if it is signed. Nvidia forum threads seem to suggest me that their drivers are not (automatically).

I see. Thank you very much for the explanation!!! Glad to see you again, mate

So, as far as I get it, I can probably get at least some benefit from keeping SB on. However, due to major exploits against it that happened anyway, most people just don't see a point

SB was supposed to protect you, but even most of the Linux users just describe SB nowadays as "Microsoft's way to prevent you from booting another operating systems" 😭

The Debian wiki says otherwise, but we've already seen how SB was used in pretty much the same equivalence

If you plan checking out LMDE with Secure Boot, do check their article here. I suppose it would be of some help.
https://wiki.debian.org/SecureBoot

OK, just read that. There are some limitations provided by SB due to it automatically enabling the lockdown mode in the Linux kernel, but it's not like they're affecting me (I doubt if I'll even use hibernation)

Also, just found out more information about MOK, which is "Machine Owner's Key". I dealt with enrolling MOK a few times when I reinstalled Mint with its extra multimedia codecs

Also, Debian itself already supports SB, starting from Debian 10 (so Debian 12 and probably LMDE 6 will also be fine).

There is a way to enroll MOK and install Nvidia drivers. Got it!