This is some pretty exciting news! The Arch Linux team have announced a new direct collaboration with Valve (Steam). Something that's not too surprising, since Valve do fund a lot of open source work, and SteamOS for Steam Deck is built directly on Arch Linux so working more closely together makes a lot of sense.
Posted to the Arch developer mailing list by Levente Polyak, the Arch Linux leader:
We are excited to announce that Arch Linux is entering into a direct collaboration with Valve. Valve is generously providing backing for two critical projects that will have a huge impact on our distribution: a build service infrastructure and a secure signing enclave. By supporting work on a freelance basis for these topics, Valve enables us to work on them without being limited solely by the free time of our volunteers.
This opportunity allows us to address some of the biggest outstanding challenges we have been facing for a while. The collaboration will speed-up the progress that would otherwise take much longer for us to achieve, and will ultimately unblock us from finally pursuing some of our planned endeavors. We are incredibly grateful for Valve to make this possible and for their explicit commitment to help and support Arch Linux.
These projects will follow our usual development and consensus-building workflows. [RFCs] will be created for any wide-ranging changes. Discussions on this mailing list as well as issue, milestone and epic planning in our GitLab will provide transparency and insight into the work. We believe this collaboration will greatly benefit Arch Linux, and are looking forward to share further development on this mailing list as work progresses.
[RFCs]: https://rfc.archlinux.page/
The secure signing enclave could certainly be an interesting one. What do you think Valve and the Arch team will be cooking up with that? This is something that could perhaps be a useful change for anti-cheat to have a more secure platform on Arch and so SteamOS / Steam Deck, and potentially get more games to enable it for us.
Update 28/09/24 - 14:13 UTC: Arch Linux packager and Valve collaborator Campbell Jones, mentioned to me:
The enclave is essentially intended to be a way for us to PGP-sign packages with a single signing key instead of how we do it right now, which is with one personal key per packager. It will not benefit Proton or the anti-cheat situation in any way and is completely unrelated.
and the only issue I've had is with GPU accelerated rendering, which seems to be a bit unstable.
This is a gross understatement. In my experience, Steam is literally the only app on Linux that may cause a total desktop freeze (no matter on which DE, X.org or Wayland) after which I can do nothing but hard reboot my PC. The only workaround to it is disabling hardware acceleration in Steam.
Also, how about the fact that Steam context menu contents are 95% of the time unclickable. This is an issue since the big ui redesign update and it still hasn't been fixed after more than a year or two. You have to click sometimes dozens of times until game properties finally opens for example.
Oh, and also how Steam was already slow to launch on Linux and since the big ui update it's even slower. And many more annoyances..
I mean don't get me wrong, I have endless grattitude towards Valve for everything they've put into Linux, but you honestly have to admit that when it comes to the Steam client itself on Linux, it's a POS and the forever unfixed issues with it makes them look lazy.
Actually the enclave part in this story implies we're dealing with a deeper than kernel feature.How anti-cheat relates to that?To really secure system integrity, there needs to be a full validation chain up to the kernel (and potentially beyond). Without that validation, game devs may continue to distrust anticheat tools on Linux. We don't yet know the new API MS announced to integrate in Windows, but it's really certain Linux will not be able to provide an equivalent unless the kernel and core libraries are build and signed by a trusted entity. Wouldn't make much sense to use that APi if the user can use a patched kernel. As SteamOS uses Archs kernel images and libraries, that must be done in Archs build system, hence the speculation this is related.
To be frank, I think we will see a major shift in cheating and anti-cheat in the coming years, it will be a battle of "AIs".
I think they plan on using this kind of processor feature..
Meaning that kernel verification isn't needed, because it would be firmware based.
Obviously this also means that the processor firmware starts behaving more like an OS, so you might be tempted to replace it with a FOSS variant to which I say look into coreboot/canoeboot/librem devices.
This isn't as crazy as it sounds HWID features such as CPUID have been really effectively in use for anti-cheat and drm, since their introduction.
Technically it can be circumvented with JIT, but in practice it costs way too much performance, leaving only flatout binary modding, which is OS agnostic anyway.
Edit:
The new info posted by Liam negates all the speculation here.
It's not useful for anti-cheat and it doesn't use fancy processor features.
Last edited by LoudTechie on 28 September 2024 at 9:13 pm UTC
and the only issue I've had is with GPU accelerated rendering, which seems to be a bit unstable.
This is a gross understatement. In my experience, Steam is literally the only app on Linux that may cause a total desktop freeze (no matter on which DE, X.org or Wayland) after which I can do nothing but hard reboot my PC. The only workaround to it is disabling hardware acceleration in Steam.
Also, how about the fact that Steam context menu contents are 95% of the time unclickable. This is an issue since the big ui redesign update and it still hasn't been fixed after more than a year or two. You have to click sometimes dozens of times until game properties finally opens for example.
Oh, and also how Steam was already slow to launch on Linux and since the big ui update it's even slower. And many more annoyances..
I mean don't get me wrong, I have endless grattitude towards Valve for everything they've put into Linux, but you honestly have to admit that when it comes to the Steam client itself on Linux, it's a POS and the forever unfixed issues with it makes them look lazy.
Steam has an option to remove the fancy animations IIRC, so you can speed it up. Maybe without that you also wouldn't have a problem with GPU acceleration, so even more speed up with it.
If we're being optimistic about that secure signing piece targeting better anti-cheat, I'd suggest that Valve are looking to out-perform Windows in that regard, and turn SteamOS into THE trusted way to prevent cheating on any given game. Make it as trusted as a console, or more so if possible.
^^^^^ THIS! 10000%
Meanwhile the steam client still sucks on linux. When a new revamped Wayland native Linux Steam client?
I don't have any problems with it.. In what way does it suck?
and the only issue I've had is with GPU accelerated rendering, which seems to be a bit unstable.
This is a gross understatement. In my experience, Steam is literally the only app on Linux that may cause a total desktop freeze (no matter on which DE, X.org or Wayland) after which I can do nothing but hard reboot my PC. The only workaround to it is disabling hardware acceleration in Steam.
Also, how about the fact that Steam context menu contents are 95% of the time unclickable. This is an issue since the big ui redesign update and it still hasn't been fixed after more than a year or two. You have to click sometimes dozens of times until game properties finally opens for example.
Oh, and also how Steam was already slow to launch on Linux and since the big ui update it's even slower. And many more annoyances..
I mean don't get me wrong, I have endless grattitude towards Valve for everything they've put into Linux, but you honestly have to admit that when it comes to the Steam client itself on Linux, it's a POS and the forever unfixed issues with it makes them look lazy.
I have not encountered a single one of those issues. Maybe it's a problem specific to your system?
and the only issue I've had is with GPU accelerated rendering, which seems to be a bit unstable.
This is a gross understatement. In my experience, Steam is literally the only app on Linux that may cause a total desktop freeze (no matter on which DE, X.org or Wayland) after which I can do nothing but hard reboot my PC. The only workaround to it is disabling hardware acceleration in Steam.
Also, how about the fact that Steam context menu contents are 95% of the time unclickable. This is an issue since the big ui redesign update and it still hasn't been fixed after more than a year or two. You have to click sometimes dozens of times until game properties finally opens for example.
Oh, and also how Steam was already slow to launch on Linux and since the big ui update it's even slower. And many more annoyances..
I mean don't get me wrong, I have endless grattitude towards Valve for everything they've put into Linux, but you honestly have to admit that when it comes to the Steam client itself on Linux, it's a POS and the forever unfixed issues with it makes them look lazy.
this is off-topic but it sounds like either out-dated nvidia drivers or a resource limitation.
I have not encountered a single one of those issues. Maybe it's a problem specific to your system?
No, the issues I listed are also experienced by many others. If you're interested, here is the unclickable context menu issue on steam-for-linux Github.
Last edited by user1 on 28 September 2024 at 2:27 pm UTC
this is off-topic but it sounds like either out-dated nvidia drivers or a resource limitation.
As you can see in my PC info, I have AMD and I usually don't run any other software along with Steam. It's completely unrelated to which GPU / hardware you have.
We should hope they implement it in a way more distributions then SteamOS will profit.If we're being optimistic about that secure signing piece targeting better anti-cheat, I'd suggest that Valve are looking to out-perform Windows in that regard, and turn SteamOS into THE trusted way to prevent cheating on any given game. Make it as trusted as a console, or more so if possible.
^^^^^ THIS! 10000%
Article updated to clarify, nothing to do with any anti-cheat stuff folks.Still a great project. The whole PGP keychain stuff can really byte you if start up an arch based device after a long time and try to update. As I switch locations quite often and have some dedicated devices for specific jobs, repairing these issues cost me days in the last years.
As I switch locations quite often and have some dedicated devices for specific jobs, repairing these issues cost me days in the last years.I've run into the issue several times, but so far it could always be fixed with a quick
pacman -S archlinux-keyring
Did you try that?
The enclave is essentially intended to be a way for us to PGP-sign packages with a single signing key instead of how we do it right now, which is with one personal key per packager.
My assumption is this requires building on build servers instead of building on maintainers' machines like they currently do.
How anti-cheat relates to that?To really secure system integrity, there needs to be a full validation chain up to the kernel (and potentially beyond). Without that validation, game devs may continue to distrust anticheat tools on Linux. We don't yet know the new API MS announced to integrate in Windows, but it's really certain Linux will not be able to provide an equivalent unless the kernel and core libraries are build and signed by a trusted entity. Wouldn't make much sense to use that APi if the user can use a patched kernel. As SteamOS uses Archs kernel images and libraries, that must be done in Archs build system, hence the speculation this is related.
To be frank, I think we will see a major shift in cheating and anti-cheat in the coming years, it will be a battle of "AIs".
Yeah, my question came from my early assumption (post confirmed by the updated article) that the signing was related to just packages, your is/remains the choice to what to install and from where.
It is and remains an optional form of protection.
Meanwhile the steam client still sucks on linux. When a new revamped Wayland native Linux Steam client?
I don't have any problems with it.. In what way does it suck?
I do have a really peculiar issue. Whenever I start Steam via desktop icon which has a
Exec=/usr/games/steam %U
line, the client will start but will only show the indicator which in turn apart from allowing to exit the client will play dead. When starting from the command line with
$ /usr/games/steam
it works as expected (as does Steam when installed as snap package).
I wouldn't say it sucks but it... has issues.
and the only issue I've had is with GPU accelerated rendering, which seems to be a bit unstable.
This is a gross understatement. In my experience, Steam is literally the only app on Linux that may cause a total desktop freeze (no matter on which DE, X.org or Wayland) after which I can do nothing but hard reboot my PC. The only workaround to it is disabling hardware acceleration in Steam.
Also, how about the fact that Steam context menu contents are 95% of the time unclickable. This is an issue since the big ui redesign update and it still hasn't been fixed after more than a year or two. You have to click sometimes dozens of times until game properties finally opens for example.
Oh, and also how Steam was already slow to launch on Linux and since the big ui update it's even slower. And many more annoyances..
I mean don't get me wrong, I have endless grattitude towards Valve for everything they've put into Linux, but you honestly have to admit that when it comes to the Steam client itself on Linux, it's a POS and the forever unfixed issues with it makes them look lazy.
These seem like isolated issues. Like, I've been running Steam on Linux for nearly 7 years now, and haven't once seen any of this, or reports of this, until now. Save for the context menu thing, but I've only seen that reported for custom themes, and it's due to the new JS engine Steam uses being resource hungry. Are you running on hardware that's older than a decade or something? Because that would explain a lot of the things you described. Also, if you have your games installed to the same drive as the OS, and you have Steam configured to precache shaders, that might be why it's so slow to start. It totally chokes the system with high I/O on start when it runs through the shaders, and performs updates. Move your games to a different drive, and this problem usually goes away.
Meanwhile the steam client still sucks on linux. When a new revamped Wayland native Linux Steam client?
I don't have any problems with it.. In what way does it suck?
I do have a really peculiar issue. Whenever I start Steam via desktop icon which has a
Exec=/usr/games/steam %U
line, the client will start but will only show the indicator which in turn apart from allowing to exit the client will play dead. When starting from the command line with
$ /usr/games/steam
it works as expected (as does Steam when installed as snap package).
I wouldn't say it sucks but it... has issues.
You should edit the desktop shortcut to include a command to log all output to a file on execution, that will help you narrow down the issue.
See more from me