31 Replies
I guess a better wording would be "is it possible to hack into Gnome with a custom image?" or am I out of luck if I stick with Gnome?
no idea on if it's possible with gnome
but last time i tried, couldn't find a way to do it
which is a big reason why I'm on KDE now
if you figure out a way to do it with Gnome, then you'd be the first to figure it out that I know of
Gotcha. And the root of the issue is that GDM has been swapped out for SDDM?
🤔 don't think that's the problem
but I also never deeply investigated getting it working on Gnome
but I do know that it's trivially easy on the KDE Deck image
no custom stuff at all
it's the setup I run on my WM2
basically KDE allows for configuring a lockscreen even if autologin is enabled
I couldn't find a way to do the same on Gnome
I'm assuming KDE actually enabled this because of SteamOS
because SteamOS otherwise suffers from the exact same problem
Interesting. Might be time to kick tires on KDE I guess.
and just to make sure we're on the same page, my current setup enables:
- autologin to gamescope-session/game mode, no password required
- pin code prompt when I try to access desktop mode from game mode
- suspend-resume while on desktop will bring up the KDE lockscreen
tbh it's definitely not the most secure, but I tend to leave my device in desktop mode more than game mode
the one thing I wish I could somehow get working is booting into desktop mode first
as opposed to game mode first
Oh, I also have my main bazzite partition encrypted
@Kyle Gospo looping back to this reply were there changes you had in mind I could look into or was this just generally commenting that that's the scale of effort it would take?
so I have a password prompt to unlock the disk on initial boot
Yeah this kind of thing would be one level.
I'm trying to get the sense of different levels of security ranging "nosy person I handed the deck to wants to look at my DMs" to "nation state pulls the hard drive."
tbh I think game mode is not safe at all whatsoever
I try to minimize my time in it on my laptop
you could throw an additional pin code onto steam for power up and suspend-resume, which steam does support
add an extra layer
and I think is more than sufficient enough for nosy people
anyways, if you do figure out a way to do it on Gnome, let me know. it's been something I've been wanting for a while
Can you elaborate on this? Like it has scarily-elevated permissions, or its too easy for people to get into despite having a pin, or some combination of both?
more like once you have access to game mode itself, you can do stuff like enable steam developer mode and enable remote debugging + expose ports, or if you have decky installed, install decky-terminal and get access to an unprivileged shell. Or use something like the bash-shortcuts decky plugin to run scripts or commands that can elevate permissions
and I use decky for some functionality like TDP control, fan control, etc, so I've accepted that risk
having a steam pin code on suspend-resume and boot would probably neutralize any casual efforts by nosy people
but we also don't know things like whether the steam pin code has an attempt limit or exponential auth attempt backoffs, etc
if not, 6 digit numeric pin code can be brute forced
Ah, fun, stuff I hadn't even considered.
Does the gamescope session have unrestricted access to your whole disk? That's part of what I was wondering about where creating a separate user might be moot if it's just accessible from inside of Game Mode.
The solution I was leaning towards that I think might still make sense for my use case is to have an encrypted partition that I use as a home directory for a privileged user. Then I can leave Game Mode ~unprotected and have a limited-use desktop mode, but have sessions/files etc. only be unlocked while specifically logged in as one user.
Sounds like a setup that'd require a custom image
That's fine, I was leaning in that direction anyways.
I was trying to get a setup was an acceptable compromise for me, without custom images. Bazzite-deck is basically the closest I've gotten
Yes, it's a session so it's run as root
And steam is running as your user
Which is an adninistrator
Aha. Can I make it not an administrator (assuming I configure another administrative user)?
Possibly, though again that's firmly custom image territory
What I eventually want is regular Bazzite-gnome, but with gamescope-session as an option that can be selected on the login screen.
Have the
switch to desktop mode be a logout action instead, and have regular password auth for login.
But I don't think it's possible right now without a custom imageswich to desktop actually is log out right now
and I will definitely add a gamescope session to desktop images when we can ship NVK or Nvidia gets their shit together
that's a quick-add
Hrm, actually, would I be able to just enable a copr for gamescope-session and install it on plain Bazzite-gnome via rpm-ostree? 🤔
Yes
It's in Bazzite if you want to just enable that repo
And then layer
Nice, sounds like something I'll have to try later then
Since I'm going to want to run Bazzite-gnome on my tablet, but still have gamescope-session around
on second thought I don't want to promise gamescope on desktop quite yet, there's some nagging things that could make it very hard to explain to people
like how it wouldn't have the helper scripts for H/W control
maybe better to keep this a simple exercise in customization for people who want it
and focus on making Valve's session better
for the deck images
Makes sense. My use case is fairly niche, tablet with gamescope-session as an option for the session
aye, I may be joining you w/ the Framework 16
for that use case
Now that you said it, maybe my use case isn't as niche as I'm thinking it is 🤔
Optional Game mode on laptops and desktops
Turn your laptop into a part time game console
yeah, problem is all the extras like "ok desktop has gamemode but no hardware control for TDP/Brightness and also doesn't log in but deck has full game mode and can load it at boot but only one user can work and 🤓 🤓 🤓 🤓 🤓 "
we'll figure it out
Sorry one more 101-level question for you - is this session only running when I'm in game mode?
Like if I've exited to desktop mode only my Gnome session should be running?
right