From 999f02cdc636f77097c7a1b2df5af10efa488b23 Mon Sep 17 00:00:00 2001 From: Daniel Hast Date: Mon, 29 Dec 2025 22:34:46 -0500 Subject: [PATCH 1/2] docs: add FAQ item about gaming on secureblue "How is gaming on secureblue" is a frequently asked question in the discord server, and it'd be nice to have an FAQ item on the site to point people to. Also fix the anchor for the 32-bit section in the kargs article. --- content/FAQ.md | 12 ++++++++++++ content/articles/KARGS.md | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/content/FAQ.md b/content/FAQ.md index dbd70a9..920b0bf 100644 --- a/content/FAQ.md +++ b/content/FAQ.md @@ -35,6 +35,7 @@ permalink: /faq - [How do I whitelist a module?](#module-whitelist) - [How do I install software?](#software) - [How do I install my VPN?](#vpn) + - [How is gaming on secureblue?](#gaming) - [How do I install Steam?](#steam) - [How do I enable anti-cheat support?](#anticheat) - [How do I install Docker?](#docker) @@ -230,6 +231,17 @@ Alternatively, you can download a WireGuard profile config from your VPN provide {% include alert.html type='note' content='If you get an error that says "Cannot Import VPN", that is likely because the name of the WireGuard configuration file is too long. GNOME Settings will only accept WireGuard configuration files with filenames 15 characters or less.' %} +### [How is gaming on secureblue?](#gaming) +{: #gaming} + +Broadly speaking, gaming support on secureblue is similar to gaming on mainstream desktop Linux distros such as Fedora: if a game can be run on desktop Linux, you should be able to run it on secureblue. + +However, some security hardening is enabled by default that may need to be disabled for certain games to run. For example, many games require [Xwayland](#xwayland) to be enabled, some games require [anticheat support](#anticheat), and 32-bit programs require [enabling 32-bit support](/articles/kargs#32bit). + +Additionally, some kernel arguments have a negative performance impact. The most impactful is [disabling SMT](/articles/kargs#smt), either unconditionally (with `nosmt=force`) or only if necessary to mitigate a known hardware vulnerability (with `mitigations=auto,nosmt`). + +If SMT is disabled, this effectively halves the number of CPU cores; the performance impact of this can be significant (up to around 40%) for highly parallel, CPU-intensive workloads. A few other kernel arguments have a negative performance impact but those are much more minor. + ### [How do I install Steam?](#steam) {: #steam} diff --git a/content/articles/KARGS.md b/content/articles/KARGS.md index 52667df..cf3b8a8 100644 --- a/content/articles/KARGS.md +++ b/content/articles/KARGS.md @@ -11,7 +11,7 @@ permalink: /articles/kargs - [Introduction](#introduction) - [Standard](#standard) - [Additional](#additional) - - [Disable 32-bit processes and syscalls](#32-bit) + - [Disable 32-bit processes and syscalls](#32bit) - [Force disable simultaneous multithreading](#smt) - [Unstable kargs](#unstable) @@ -87,7 +87,7 @@ whether to add apply of the 3 sets of kargs detailed below: ## Disable 32-bit processes and syscalls -{: #32-bit} +{: #32bit} {% include alert.html type='note' content='32-bit support is needed by some legacy software, such as Steam.' %} From 15efc7d8c200adc4f9e4d9e5aa5e79dc4eeae04d Mon Sep 17 00:00:00 2001 From: Daniel Hast Date: Fri, 2 Jan 2026 16:54:35 -0500 Subject: [PATCH 2/2] docs: reword per review suggestions Also add a bit more detail to the SMT section. --- content/FAQ.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/FAQ.md b/content/FAQ.md index 920b0bf..f11929f 100644 --- a/content/FAQ.md +++ b/content/FAQ.md @@ -236,11 +236,9 @@ Alternatively, you can download a WireGuard profile config from your VPN provide Broadly speaking, gaming support on secureblue is similar to gaming on mainstream desktop Linux distros such as Fedora: if a game can be run on desktop Linux, you should be able to run it on secureblue. -However, some security hardening is enabled by default that may need to be disabled for certain games to run. For example, many games require [Xwayland](#xwayland) to be enabled, some games require [anticheat support](#anticheat), and 32-bit programs require [enabling 32-bit support](/articles/kargs#32bit). +However, some hardening is enabled by default that may need to be disabled for certain games to run. For example, many games require [Xwayland](#xwayland) to be enabled, some games require [anticheat support](#anticheat), and 32-bit programs require [enabling 32-bit support](/articles/kargs#32bit). -Additionally, some kernel arguments have a negative performance impact. The most impactful is [disabling SMT](/articles/kargs#smt), either unconditionally (with `nosmt=force`) or only if necessary to mitigate a known hardware vulnerability (with `mitigations=auto,nosmt`). - -If SMT is disabled, this effectively halves the number of CPU cores; the performance impact of this can be significant (up to around 40%) for highly parallel, CPU-intensive workloads. A few other kernel arguments have a negative performance impact but those are much more minor. +Additionally, some kernel arguments have a negative performance impact. The most impactful for multithreaded games is [disabling SMT](#smt). A few other kernel arguments have a negative performance impact but those are much more minor. ### [How do I install Steam?](#steam) {: #steam} @@ -482,6 +480,8 @@ During rpm-ostree operations, it's normal. Outside of that, make sure you follow `mitigations=auto,nosmt` is set on secureblue. This means that if your CPU is vulnerable to attacks that utilize [Simultaneous Multithreading](https://en.wikipedia.org/wiki/Simultaneous_multithreading), SMT will be disabled. There are several other kargs secureblue sets that may also trigger this behavior, including `nosmt=force`, and `l1tf=full,force`. +If SMT is disabled, this effectively halves the number of CPU cores; the performance impact of this can be significant (up to around 40%) for highly parallel, CPU-intensive workloads. On the other hand, for many workloads the impact is much smaller, and it can even slightly improve performance of single-threaded workloads. + ### [Why don't my AppImages work?](#appimage) {: #appimage}