143
As an exclusive Linux user, I'm glad they just block Linux instead of normalizing kernel-level anti-cheat. BF6 is dead on arrival to me.
Why would you have been considering giving EA money
As I already said in another thread...
There's nothing wrong with Secure Boot and enabling it can prevent a small subset of attack vectors with no real downsides. That being said, the things Secure Boot does protect against aren't likely to be an issue for most users but it's nothing to be afraid of.
It's a bad thing when it's used to control people. On its own, it's a good thing.
What does this even mean?
Secure boot is a good feature to protect against certain kinds of threats, but "you can't run this entertainment software because you aren't running a completely Microsoft-prescribed system" is a super lame use of it.
This weird hatred around secure boot is baffling to me.
Secure boot isnt even new, it's been around for over a decade. Most Linux distros work well with it. It's like the weird hatred with UEFI when it first became a thing.
Personally it's not a hatred for Secure Boot itself. It's a hatred for these companies requiring something that 1) is not necessary for their software to function and 2) offers little to no benefit for their software
I refuse to let these corporations tell me how to use my hardware. Right now, I dual boot and I want to continue to dual boot, at least for the foreseeable future.
I get irritated when people say "it's no big deal, it's easy to enable", etc.
You all are just enablers.
Didn't all these companies use the same demo keys for production anyway, negating the entire exercise? I swear I read a article saying that.
Are you saying this as someone who has gotten a self-signed key to work with their BIOS + kernel + bootloader + dual boot with windows, someone who runs a mainstream enough distro that they convinced manufacturers to ship with support for their key, or someone who doesn't run linux with secure boot at all?
I’m literally dual booting windows 11 and Linux right now. It actually just worked. After install it just asks you to approve the key, you confirm it, and boom it’s done.
So the second option? What distro?
Ubuntu
Yeah, so that's possible because Canonical has enough sway to get their key to play nice with manufacturers' firmware. If you are on almost any other distro (arch included) or if you build your own kernel, it's a headache just to get it to work at all even without dual boot. It also just might not even be possible due to a bad implementation on your motherboard (results ranging from dual boot windows refusing to boot, to a bricked motherboard).
Here's the process for enabling secure boot for arch users. Make sure to peruse the section on dual booting.
If you're wondering why it's so complicated, it's because of what secure boot is: you want to be sure you're booting into binary that's signed by a set of special keys. But Linux is not one binary that can be signed by Linus Torvalds, it's a bundle of source code that is built by end-users. So if you decide to make any changes to the kernel you have on ububtu, you won't be able to convince Canonical to sign your build, and you will need to jump through all the hoops on that arch wiki.
There are many reasons for the headache, but primarily I'd say it's because UEFI is closed source, and msft designed Secure Boot for it, and then manufacturers didn't care about supporting it any more than the bare minimum. And all of that together results in an ecosystem of devices that favor MSFT. That's why Linux users don't like secure boot.
I'm saying this as someone who has a self-signed key + kernel + bootloader + dual boot with windows. I have Arch and I dual boot windows, and the setup was literally three commands.
Enable secure boot setup mode and then do the following:
sbctl create-keys to create the keys
sbctl enroll-keys -m to enroll the keys to BIOS, including microsoft keys
sbctl verify | sed -E 's|^.* (/.+) is not signed$|sbctl sign -s "\1"|e' to sign everything that needs to be signed.
And everything is signed automatically on an update with a pacman hook that comes by default when installing sbctl.
That wiki entry lists all the possible ways to do it, for all combinations of bootloaders and secure boot tools. You only need one of them, for example 3.1.4. which is what I just described.
Cool, good to hear!
A few questions:
- is this with grub?
- if so, and I make edits to grub, do I need to trigger a re-sign manually?
- have you ever had any issues with the pacman hook?
I think the part that has me most spooked is the "Replacing the platform keys with your own can end up bricking hardware on some machines" warning.
- This is with systemd-boot, which I switched to because it's easier to use a unified kernel image with, but it should work just fine with grub as well. The last step will sign everything that needs to be signed, including grub and the kernel images.
- You only need to trigger a re-sign if you update grub using grub-install. If you just change the grub config, you don't need to re-sign it because the config is loaded once the signed grub is already booted. This is another reason why I went with systemd-boot and unified kernel images, because I work with sensitive data and maybe I'm a bit too paranoid, and don't want anyone to be able to tamper with my boot in any way. This is also possible with grub and using an encrypted boot partition, but systemd + UKI + full system encryption was just easier. If you're not worried about evil maid attacks and just want secure boot, grub will work with no additional setup.
- No issues with the pacman hook, it triggers every time there's a kernel update or nvidia update, and since I'm using mkinitcpio and UKI, the signing is usually already done by mkinitcpio before the pacman hook is ran, so the pacman hook doesn't really ever do anything. It's all done in the mkinitcpio hook.
As for bricking your motherboard, this only happens if your motherboard or any other component uses the microsoft vendor keys as part of the boot sequence, and it's only really a hard brick if it's your motherboard that uses it. If it's any other component, you can remove it and readd the microsoft keys and it'll work again when you add the component back.
And the key part here is replacing the platform keys. If you just always use the -m flag on sbctl enroll-keys, you'll enroll both your own keys and microsoft's, meaning no replacing necessary. If you always use -m, there's no real risk really, because you'll always add the microsoft keys that your hardware might need. Plus, if you're dual booting with windows, you need the -m to have windows secure boot work, anyway.
If you're extra paranoid, you can also add the -f option which should also include all the keys that your motherboard comes with by default, if it contains more than just microsoft's keys, but this shouldn't really be necessary.
Thank you, that's super helpful info.
If you're not worried about evil maid attacks and just want secure boot...
It is sad to me that that is my situation actually lol. Or rather, a random windows app just wants secure boot to work and is otherwise not worried about evil maid attacks.
The equivalent on phones locks you in the stock OS on most models. They didn't pull that yet on laptops.
Some of it the hate probably amplified by cheaters and cheat makers. Though to be fair anyone can be annoyed at having to go into their BIOS and change settings...
BF6 is literally already hacked though
Sure. But that doesn't mean Secure Boot didn't make it harder to create a cheat or limit what kind of cheat they could create this quickly. The cheat was a wall hack one and that is one of the hardest to stop AFAIK.
Yup, seems mostly like a fear of the unknown.
I dont trust myself not to get locked out somehow.
Every time this franchise comes up I just find myself remembering all the fun I had with BF2 and 2142. I wanna play those again...
BF4 was actually pretty great fun too.
Now I'm just so over it.
I hope Battlebit Remastered gets popular again. I suppose it's tough to make it as an indie multiplayer video game dev. Everyone expects regular frequent updates
Apparently the game didn't get an update in 1+ years.
Yep, seems they are trying to push a big update but that the playerbase is a fraction of what it once was due to the lack of updates.
I still love Battlebit, it's the closet thing to a real Battlefield game we've have in a long time.
But sadly devs took the money and ran....
Game hasn't been updated in 19 months.
They did not take the money and run. From my understanding, it just ended up with everything they're working on being tied to some critical update, and making it effectively impossible for them to update the existing version of the game until it's out. It was bad version control management, but not malice.
I hope so. It should have been communicated tho, because most people know think that they have just left
I saw occasional news about progress on a big update someday. Any indie multiplayer has to make it easy from day one for user created content. Maps, server hosting files that's has some easy to configure parameters for fun casual servers like servers that enable model swap outs, skins, etc.
Just looked, still 8000 people playing original counter strike
There's a big overhaul update that got teased after over a year of radio silence, fingers crossed that it comes out soon!
Gigabyte motherboards might brick on users turning this on. IIRC you gotta take the cmos battery out and use the motherboard hdmi port to reset it somehow.
To many games out there to fuck with this shit. Have fun playing BF6 yall, I wont be there.
I have a gigabyte MB. Thankfully, nothing bad happened. I disabled it again. Fuck BF6 and fuck EA.
I have an older gigabyte motherboard, it's giving me trouble getting secure boot enabled. But all the other modern games play just fine. No battlefield 6 for me then.
That's ok. If they don't want to bring it to Linux, then they don't deserve your money.
This merely reinforces my decision to not buy it because it only is going to have manipulative EBMM for its main modes instead of a server browser. Even if Portal has a server browser, they know the average player is going to stick to their match making system.
I bought 2042 and I did play it a lot but my experience was sort of existentially dreadful. I kind of understood its match making was keeping me playing longer by sandbagging my progression on its overly bloated exp requirements. It was like watered down drip feed fun. Fun enough and low barrier enough that I kept jumping on. Every other BF game felt way more mechanically rich and because they lacked match making they were more fulfilling to learn and play. You start out sucking, and you slowly get better, feeling yourself win more often over time. There is satisfaction in starting out bad and being rewarded for your efforts to learn the game that EBMM steals from you.
Its painful for me though. BF6 looks like such a waste. It checks so many boxes for me in that it looks like a great pvp military shooter: fast TTK, robust map editor, point buy loadout system.
But all wrapped up in typical corporate bullshit.
another game to avoid then
I've tested the beta yesterday (dual boot) and only had to enable SB and leave it in custom mode - no need to sign & enroll the linux kernel(s) too.
this post was submitted on 08 Aug 2025
143 points (98.0% liked)
Linux Gaming
19337 readers
33 users here now
Gaming on the GNU/Linux operating system.
Recommended news sources:
Related chat:
Related Communities:
Please be nice to other members. Anyone not being nice will be banned. Keep it fun, respectful and just be awesome to each other.
founded 5 years ago
MODERATORS