If you've already put a piece of hardware into your computer made by nvidia, installing a kernel driver also made by nvidia does not increase your risk at all.

Installing some random anti-cheat kernel driver is not the same thing, at all.

> Most people do install Nvidia’s out‐of‐tree graphics driver

Most people that use Nvidia. I specifically don't buy Nvidia graphics cards or laptops that use them in my Linux computers because they're not in-tree.

I am not using Nvidia since 2011. Last nvidia device was bought in 2007.

Back then I migrated to Archlinux and in all these years I only had problems with nvidia. Since then they are dead to me :)

A few things to consider here:

- This is an abnormal case. Most hardware will work with in-tree drivers. Indeed, few vendors provide out-of-tree drivers for Linux.

- Nvidia is an established and reputable source. We aren't talking about some small hardware developer who doesn't have the resources to create secure drivers.

- Most Nvidia cards have in-tree drivers. There is a loss in performance, but the option usually exists.

It's a risk, but a very minor additional one - if you trust their hardware with direct access to your PCIe bus, you have already given them the metaphorical keys to the vault.

Approximately no one with a Steam Deck installs Nvidia's out of tree graphics driver (because the Steam Deck is built on AMD).