Battlefield 6 Dev Apologizes For Requiring Secure Boot To Power Anti-Cheat Tools (arstechnica.com)
- Reference: 0178933756
- News link: https://games.slashdot.org/story/25/08/29/210241/battlefield-6-dev-apologizes-for-requiring-secure-boot-to-power-anti-cheat-tools
- Source link: https://arstechnica.com/gaming/2025/08/battlefield-6-dev-apologizes-for-requiring-secure-boot-to-power-anti-cheat-tools/
> Earlier this month, EA [1]announced that players in its Battlefield 6 open beta on PC would have to [2]enable Secure Boot in their Windows OS and BIOS settings. That decision proved controversial among players who weren't able to get the finicky low-level security setting working on their machines and others who were unwilling to allow EA's anti-cheat tools to once again have kernel-level access to their systems. Now, Battlefield 6 technical director Christian Buhl is [3]defending that requirement as something of a necessary evil to combat cheaters , even as he apologizes to any potential players that it has kept away.
>
> "The fact is I wish we didn't have to do things like Secure Boot," Buhl said in [4]an interview with Eurogamer . "It does prevent some players from playing the game. Some people's PCs can't handle it and they can't play: that really sucks. I wish everyone could play the game with low friction and not have to do these sorts of things." Throughout the interview, Buhl admits that even requiring Secure Boot won't completely eradicate cheating in Battlefield 6 long term. Even so, he offered that the Javelin anti-cheat tools enabled by Secure Boot's low-level system access were "some of the strongest tools in our toolbox to stop cheating. Again, nothing makes cheating impossible, but enabling Secure Boot and having kernel-level access makes it so much harder to cheat and so much easier for us to find and stop cheating." [...]
>
> Despite all these justifications for the Secure Boot requirement on EA's part, it hasn't been hard to find people complaining about what they see as an onerous barrier to playing an online shooter. A [5]quick Reddit search turns up dozens of posts complaining about the [6]difficulty of getting Secure Boot on certain PC configurations or expressing discomfort about installing what they consider a "malware rootkit" on their machine. "I want to play this beta but A) I'm worried about bricking my PC. B) I'm worried about giving EA complete access to my machine," one representative Redditor wrote.
[1] https://steamcommunity.com/app/2807960/discussions/0/600785827026563959/
[2] https://steamcommunity.com/app/2807960/discussions/0/600785827026563959/
[3] https://arstechnica.com/gaming/2025/08/battlefield-6-dev-apologizes-for-requiring-secure-boot-to-power-anti-cheat-tools/
[4] https://www.eurogamer.net/it-really-sucks-battlefield-6-technical-director-bummed-out-about-those-unable-to-play-due-to-secure-boot-requirement-believes-anti-cheat-cat-and-mouse-game-will-never-end
[5] https://www.reddit.com/r/Battlefield6/search/?q=secure+boot
[6] https://www.reddit.com/r/Battlefield6/comments/1mmexza/secure_boot_makes_it_almost_impossible_to_play/
It's really about handing over ownership (Score:2)
This is going to be just like HP killing all its inkjets after sale.
SecureBoot (and TPM 2.0) has(have) been mandatory (Score:3)
As a matter of fact, SecureBoot was introduced with Win8, and many an OEM turned it on by default even back then... And has been mandatory on Win11 since day one.
So, how come in the year of our lord 2025 there are still gamers having trouble with Secure Boot?
If you want to play battlefield 6:
Update your firmware to the latest version available.
Turn on SecureBoot and TPM 2.0 , disable CSM compatibility in Firmware.
Include the relevant keys in secureboot if you multiboot other OSs (like Linux Distros or *BSD)
Re-install Windows(10/11) if needed.
An average user is the most likely to buy an OEM machine, but if s/he is having trouble with this and does not know what those words even mean, if those are in doubt, there are pleny of tutorials on youtube on how to do it.
OTOH, Users that build their own machines, or disbled secureboot on an OEM after 2018 for "reasons" are NOT average users, so they shall know what those words mean, and be capable to follow the instructions given...
Re: (Score:1)
Not required for Linux. In fact not mandatory for Win11. I play on console so it won't be an issue for me. Mouse & Keyboard too.
Re: (Score:2)
Actually it is mandatory on Windows 11 by policy. The fact you found a workaround is notwithstanding.
Re: (Score:2)
There are machines sold as recently as 2020 that don't have the full TPM 2.0 feature set. (I'm thinking HP "Z" series workstations, but certainly others.)
Without knowing exactly what EA's DRM is looking for, it's hard to say if earlier versions of TPM would cut it. But being in the process of migrating hundreds of PCs to Windows 11, I can confirm there are definitely beefy machines in circulation without the full complement of TPM features.
Re: (Score:2)
And has been mandatory on Win11 since day one.
Win11 has 51% market share, So at least 49% of people are Not running Windows 11.
And there is a crap ton of people on computers that are not TPM 2 capable. Otherwise Microsoft would likely have forced their systems to Win11 by now.
Also, people do install Win11 without secure boot.
Re: (Score:2)
> Win11 has 51% market share, So at least 49% of people are Not running Windows 11.
Lies, damn lies, and statistics. Yours falls in the latter. No Windows 11 does not have 51% market share *AMONG GAMERS*. Market share is not equally divided among segment. The overall market share for gamers is more like 65-70%. If you narrow gamers down to those who play FPS games with advanced graphics you end up with an even higher market share.
Remember to focus your statistics on the conversation.
Re: (Score:2)
What I find amusing is that I enabled TPM 2.0 in my BIOS and even though Windows 11 knows this, the beta still doesn't seem to recognize it.
It will be a cold day in hell before I reinstall Windows 11 just to play a game demo.
"not cool" is 'cool' (Score:2)
Children have to choose between being the 'cool kid' with the latest iShiny, or protecting their medium-security, high-performance, general-computing device from criminals (which may include Electronic Arts).
I imagine that Windows 11 with its increased spyware, I mean, 'trust platform', already uses Secure Boot, so this will not be a problem to most children.
Bullshit. (Score:2)
It's not a necessary requirement to prevent cheaters. Just have two groups of servers, one for people with Secure Boot, and one for people without. Tell the people who are on the second server that because the anti-cheat technology is unsupported on their machine, they are limited to Anything Goes servers, which means you can't guarantee that other players won't cheat against them. Problem solved.
Re: (Score:2)
Yeah, you can have a group of people playing on the anti-cheat servers and people whose PCs use lesser anti-cheats (ones that don't use secure boot) to have servers that work for them.
I mean, they already have it so cheaters get routed to an anything goes server anyways
Re: (Score:2)
> Just have two groups of servers, one for people with Secure Boot, and one for people without.
Yeah just build a whole lot of extra infrastructure for extra cost for the explicit purpose of segregating a player base. What a winning idea that sounds like. I take it you're the CEO of We've Gone Bankrupt Ltd?
Re: (Score:2)
>> Just have two groups of servers, one for people with Secure Boot, and one for people without.
> Yeah just build a whole lot of extra infrastructure for extra cost for the explicit purpose of segregating a player base. What a winning idea that sounds like. I take it you're the CEO of We've Gone Bankrupt Ltd?
No extra infrastructure needed. Just a separate VM. The number of users would be the same, so the total load would be the same. This is basically a no-op in terms of operating costs.
Well, that's not strictly true. There would probably be a decent number of users who would buy the game if they could play it, and wouldn't if they couldn't, so with that approach, you'd likely have more players, and thus more load, but you'd also have more revenue. :-)
VM (Score:3)
QEMU/KVM, GPU passthrough, emulated TPM.
It's the year of the windows desktop on linux for cheaters.
Re: (Score:2)
Cool idea.. But 1. They will add virtual machine detection.
Unless you have a way of making that KVM virtualization indistinguishable from a Windows host computer that looks like
a Hyper-V VM due to having Hyper-V enabled or virtualization-based-security or WSL.
2 Passing through the GPU to a VM seems impractical.. Since you presumably cannot have your display controlled
by two computers at the same time. How are you going to physically control that host after you start the VM then If you have
"passed your
Re: (Score:2)
> Unless you have a way of making that KVM virtualization indistinguishable from a Windows host computer that looks like
> a Hyper-V VM due to having Hyper-V enabled or virtualization-based-security or WSL.
It will take some work no doubt, but it's probably possible. You'd have to twiddle it to evade fingerprinting.
> 2 Passing through the GPU to a VM seems impractical.. Since you presumably cannot have your display controlled
> by two computers at the same time. How are you going to physically control that host after you start the VM then If you have
> "passed your GPU over to the VM" ?
Either you use integrated graphics plus a discrete GPU, or just put in a second discrete GPU.
Re: (Score:2)
It's worse than that. They use external hardware to cheat, and people have been doing this for years:
[1]https://youtu.be/RwzIq04vd0M?t... [youtu.be]
(timestamp is for 33:12 if for some reason the link doesn't take you there automatically).
Once your aimbot is running on external hardware, the kernel-level anticheat can't detect it, at least not explicitly.
[1] https://youtu.be/RwzIq04vd0M?t=1993
Cheaters gonna cheat (Score:2)
And this is why we can't have nice things.
And it doesn't stop anything. (Score:2)
You can always make your own custom Secure Boot key database and sign whatever you want.
It's even easier on millions of Dell and Alienware computers that used the test key as their production Platform Key. You can just use the leaked private key to modify the keys without being easily detectable.
Re: And it doesn't stop anything. (Score:2)
What you're describing is verified boot, not secure boot, which often refers to OEM verified boot. The OS can be told which it is, but it can also be lied to, unless they're also asking for measured boot with hardware attestation. And even without that, you're relying on local (and thus, detectable) files to poke at kernel memory.
But why do that when you can just remotely poke the kernel memory via the PCI bus using a DMA card?