I’ve seen people advocating for both options, but since I’m still new to Linux I’m not sure what to do. I’m currently installing Mint on my laptop to try it out, and I’m not sure if I should enable secure boot or not.
I’ve seen people advocating for both options, but since I’m still new to Linux I’m not sure what to do. I’m currently installing Mint on my laptop to try it out, and I’m not sure if I should enable secure boot or not.
No idea where you got this understanding from, but it’s not accurate. In your example, if a distro has signed binaries, then it will work to verify code loaded during the boot process to help to verify system integrity. As OP asked about Mint, yes it technically does have signed pre boot and boot signed modules.
No, this will not prevent all code/processes that aren’t signed from running. That’s a ludicrous statement. It will prevent unsigned kernel modules from being loaded (see Nvidia’s MOK process), and it will prevent a disk from being hit with sideload attacks perhaps (it should be encrypted anyway), but it absolutely does not prevent a user from running unsigned code, or even using root privs to run harmful code (like running random scripts from GitHub).
So at the end of the day does it help a standard user with security? I would argue no. As I said elsewhere, if this question were about HOW to improve security with SB, I’d have a different answer, but that’s not the question OP asked.