Hm, yeah, it’s something every developer should know; client-side validation of input still needs server-side validation, because client-side is not reliable, no mather what you force on them.
I play games mostly on my Steam Deck after migrating from Xbox. Didn’t want to pay for Internet access to use the Internet I already pay for (Xbox Live).
Battlefield games like BF1 and BF4 used to run on the Deck about a year ago, but then EA toggled something and disallowed any and all Linux distros. Can’t remember their reasoning, but something something anti-cheat.
Now me, a paying customer, was fucking pissed. I purchased these games on my Steam Deck to avoid corporate walled gardens like the Xbox, and then EA lock me out of my purchase after the refund period had elapsed. What the fuck???
So I started dual booting Windows 10 on the Deck to regain access to a product I had paid for. Fucking shit I had to do this in the first place.
But now I need to enable Secure Boot to play the new shit, and I have no clue how to do this without bricking my Deck. I’m an engineer, but not the software type. I don’t want to fuck around with my gear just to play games.
Client-side AC is a poor solution to cheating that can be solved with server-side AC.
Fuck EA. Fuck M$. Fuck all the corporations that want to run spyware on my devices
Server side anticheats need to be considered. Clientside has been annoying users far too much, and can be bypassed. A combination of both (and I’d like a less intrusive clientside one) would be better
Anyone with half a brain could see this coming from a mile away. My conspiracy brain almost thinks this is some concerted and calculated effort by Microsoft to artificially lock games to Windows through anti cheat. It’s disgusting, isn’t needed, and just plain isn’t effective. They can spew all the metrics out of their ass, we all know that it’s just not effective.
a year ago on Mastodon when EA started locking out games like Apex Legends, BF1, V, 2042, etc from Linux I said “I bet you Microsoft is about to launch a handheld and since they have a deal with EA and Gamepass they want EA Exclusivity on their handheld and to lockout Steamdeck/Valve” sure enough a few months later Microsoft announces their Xbox handheld with Asus.
And what’s the one thing they are getting fucking torched over even by Xbox loyalists? The price (Steam Deck has a cheaper SKU)
I am not sure about this conspiracy theory of yours: Microsoft does not want third party applications in the kernel space anymore.
https://www.theverge.com/news/692637/microsoft-windows-kernel-antivirus-changes
Not entirely;
https://github.com/microsoft/ebpf-for-windows
Microsoft just want that 3rd party code to interact in a more predictable way with the kernel
Your anti-cheat doesn’t work anyway so let me play in linux you cowards.
They want to keep windows relevant so hard. Yeah, i enable secure boot, and let some kernel level anti cheat into my system. At least i don’t have to play with cheaters. Oh there are still cheaters. So glad
More proof that anti-cheat and bans just isn’t a working approach.
Almost every cheater I’ve talked to or seen interviewed has said they do it because they like winning. If thats the case, pushing them away isnt getting rid of them, its making them try to win harder, and they are literally spending money to make that happen.
This means, there is a market for cheaters, one that publishers and devs simply assault instead of realizing they could replace it entirely.
Create a marketplace in your game for cheats. When a player buys a cheat in game, they can turn it on but only in a specific playlist that cheaters get to play in. You dont need to own or turn on cheats to play in that playlist, in case you feel like challenging yourself, but cheaters can use them as much as they want in that playlist. If a cheater wants to go into cheat free playlist, their cheats get turned off by the game and they have to play like everyone else. Cheat free playlists can have cheat detection, and if you are caught cheating then you get banned from cheat free playlists permanently, but you arent banned from the game or the cheat playlist.
This deters cheaters from paying third parties for cheats, gives them a space to experiment in, makes money for the company running the game, and reduces the amount of cheaters in regular public lobbies. It also creates a space of challenge for people who don’t cheat, sorta like how people will do no death runs in souls games.
Sure, it isnt a perfect solution, but its far better than punishing every player with invasive tech, while simultaneously letting a market of cheat sellers thrive. For a bunch of capitalists, its wild they haven’t realized they are missing out on money with cheats.
I suspect that if you’re now playing where everyone else gets the same advantages, that ruins the fun of having cheats
If not and the cheats themselves are just that fun to use, sure, add it in as another gamemode
Nullsec
…alternatively just shadow ban all the cheaters into cheater only lobbies.
And yet they have the audacity to block Linux players
I am still baffled that anyone thinks that Kernel AC is any kind of effective at stopping hacks, people have been literally making a living off of defeating it, and selling those hacks / methods for almost a decade now…
But nope, still got hordes of idiot gamers who think they work, think they’re necessary, think they can’t be spoofed.
It’s crazy to me that people cheat in online games. You really have to be a huge fucking loser to do this.
Small pp energy.
Sadly, I think the financial incentive is too great these days. People make decent money off this shit
The cheat developers, yes. Because there is demand. The question though was, why there is demand.
There’s demand because there’s supply.
Build it and they will come.
We have to ask the question if cheat developing wasn’t profitable, and even if developers actually operated at a loss, would there be as many cheats on the market as there are now?
Small pp energy.
I don’t know what energy this is, but not good either.
deleted by creator
Not sure how you could read this and come away with the idea that I do believe that…
I am talking about the subset of gamers that go on internet forums and discord servers and make false, unsupported claims as to the effectiveness or necessity or Kernel AC over other forms of AC, tell people this just is how it is now, get with the program,
eat the bugs, play the spyware game, its fine, everyone is doing it.Indirectly buyers are making a decision on anticheat. If someone buys a game with anticheat, they’ve made the decision to reward the developer for making the decision to include anticheat.
at this point i just wanna cheat the hell out of these crappy games out of spite.
That’s punishing legit players, not the developers. Not playing this shit is the correct spiteful choice.
i already don’t, feels like they need more spite.
if the players have a bad time they will leave. show them kernel level anticheat doesn’t work and its pointlessly invasive.
Why are people like this. How does this make gaming enjoyable?
Honestly, if I had the skills I’d be doing that as an explicit fuck you to the draconian anticheat bullshit they force on everyone, because what better fuck you than showing all that effort was for naught, especially close to launch.
EA can go fuck themselves with the world’s biggest cactus.
I prefer “fuck you with an anchor”
I love that track, but have to skip it regularly with my kid in the car lol
There’s a kid friendly version. Flipped with a sausage.
And one for dogs as well.
I have ‘for dogs’ on my radio already, but I might put the sausage one on too, that’s great
A lot of hacking in valorant is about this tbf (and to more efficiently sell boosts)
For some people the only things that brings them joy are 1) winning 2) making other people suffer
Or developing cheats. It sounds really fun and you get to grow by keeping on top of the anticheat.
It’s fun to cheat in games, that’s why we have cheat codes.
Also there’s the competitive side of it where not getting caught is a skill and glitching is just game knowledge.
Cheat codes and cheating in online games is obviously the same thing. You cheat because you’re a cunt.
I don’t cheat, I play online games to get into flame wars not to play the games.
I love the Battlefield series but I’m not turning on Secure Boot for them. If it remains a hard requirement, I’ll simply be passing altogether.
I was able to get around secure boot by installing the beta on my PS5. From then, I had the pleasure of being unable to enter due to broken menus! Can’t complain for having spent nothing and having little trust in the franchise.
You paid for Ps+ though
Actually, right now I’m not. Maybe that was the issue? The UI was a bad missed up so I can’t tell.
There’s nothing wrong with Secure Boot and enabling it can prevent a small subset of attack vectors with no real downsides. That being said, the things Secure Boot does protect against aren’t likely to be an issue for most users but it’s nothing to be afraid of.
If you want to install Linux, secure boot limits the distributions you can use. If you don’t then it’s whatever.
Zero issues on the mighty gecko distro. Not sure why’d you use anything else /s
I’ve tested the beta yesterday and only had to enable SB and leave it in custom mode - no need to sign & enroll the linux kernel(s) too
I only found out about this today from someone whose computer got bricked from trying to enable secure boot.
Just clear the CMOS.
I had issues aswell where I couldn’t boot, and you wanna know why? Because I didn’t follow the step by step instructions EA tells you to follow. Follow those instructions, and it’ll work just fine.
My machine went into a boot loop and I had to clear CMOS to boot again.
I wonder how many people without the resources to fix a problem like that easily are going to end up without computers for an extended period of time because of this.
So I can’t play battlefield without TPM? I hate tech these days. My Ryzen board doesnt have it. Hence why I’m not on windows 11
I just refuse to enable it. It makes changing things a hassle.
Same. Keeps things simple with Linux, and Windows doesn’t even complain about it being disabled, so long as it’s present. I’ll never understand why it’s even required if you don’t even have to enable it.
So they can have an excuse to force you to upgrade to Windows 11 beyond “whoops, turns out making an operating system as a ‘buy once’ product is a bad idea.”
Joke’s on them; I already upgraded to Windows 11. I was among the first. It’s actually a solid OS once you disable all the ads and telemetry with O&O Shut Up 10.
Yeah I did the same using WinUtil. Still, I only fire up windows when I need to use software without native Linux support.
Might be a requirement in some companies for security reasons…?
It’s understandable for companies. But for a home user…reasoning is pretty minimal.
you will own nothing and be happy
You can still get win 11 without TPM by using Rufus and bypassing TPM which will have to be done for a lot of old PCs and we will have to do it by October this year.
Why would you install Windows 11on a computer? What happens if you don’t do it before October?
Microsoft will be releasing custom viruses that only infect 10.
Your computer will gradually get more and more filled with security holes that will be problematic to patch. Eventually, programs will stop supporting it as well.
Didn’t Microsoft stop this in a recent-ish update? I remember trying it on a machine without TPM and it just didn’t work.
Bazzite worked fine though (after some headaches setting it up).
Does this disable updates though? My wife somehow had Win11 installed on her pc without enabling secure boot, and her updates got so far behind that now it refuses to update and needs to be reinstalled.
No it doesn’t, but I’ll try putting it on one of my older PCs again and report back I only use Linux
So you got the spyware without the benefits, that’s a hell of a surprise isn’t it?
But thank you for your money suckers!
beautiful. fuck secureboot.
Why?
- some people run more than 1 OS
- some people actually program and need to load unsigned shit all the time
- some people have legacy hardware that doesn’t run with secureboot
- it is my decision and my decision alone how i boot my operating systems. not EA’s.
- You can run more than one OS with secure boot enabled. It’s just a pain in the ass.
- you can run unsigned code on a secure boot enabled system.
- its 2025, what the fuck do you have that can’t secure boot by now?
- THIS is your winning argument.
I don’t think he needs a winning argument. I think EA needs to justify this kernel level AC, not the other way around.
I’m agreeing with point 4.
(1) Yeah, well the secure boot keys needed for Linux distributions expire in September (https://www.tomshardware.com/tech-industry/cyber-security/microsoft-signing-key-required-for-secure-boot-uefi-bootloader-expires-in-september-which-could-be-problematic-for-linux-users), so that seems like a sustainable solution, sure buddy.
(3) What’s your income? What region of the world do you live in and what hardware is available to you? I’m still using an am4 platform PC as my daily driver because I can’t burn money. One of my buddies has an AM3 PC. Many people use modified surplus office PCs (especially in developing nations like South America or SEA), which don’t have secure boot as an option. Check your privilege, and maybe donate some of your spare hardware to those who need it, if you want to make this “a non issue” for everyone.
(4) Yeah. I own my hardware, I configure my software. I gut Windows like a fish and keep it on a leash for these games, and use Linux for my work and for the games that respect the ecosystem.
- New keys have already been released and you can always just create and enroll your own damn keys. This is sensationalist nonsense.
- “Check my privilege” over secure boot? Calm down, Karen.
- I think gaming on PC is going to get interesting in the coming decade as Microsoft kicks third parties out of the kernel (thanks crowdstrike!) and more and more people just stop putting up with windows. Enterprise in the US is hooked but everyone else? Na, they are gonna drop it.
Edit: these are listed as 1,3,and 4 in my post in voyager but lemmy shows 123. Interesting.
On the list thing, it seems that adding numbers with periods in a list seems to auto configure it to ascending numbers. That’s why I used (1) (3) (4). Weird, but I guess that’s the work around.
Enrolling your keys doesn’t work btw, because battlefield checks which keys you enroll, only accepting the default MS keys. Also on the hardware front, it is a big problem for gamers on a sub-300 USD budget these days - the best deals are on legacy hardware or surplus office equipment, mainly AM3-AM4 era.
The number list is how markdown works. You can enter all 1’s and it will automatically create ordered list.
Handy when you may need to edit list items, as you dont need to renumber even in plain text.
Markdown spec should allow for explicit number by using a bracket ‘)’ instead of a dot, but it may not work everywhere.
Let’s give it a go3) start from 3 1. Then 1. Continue- start from 3
- Then
- Continue
You can run more than one OS with secure boot enabled. It’s just a pain in the ass.
Weird, for me it was just flicking the switch in UEFI and now Grub and through it Windows 10 and Fedora 43 boot in Secure Boot.
Im fairly certain any legacy hardware that doesn’t have secure boot as an option is going to struggle loading BF6 regardless.
The first two points are not related to secure boot at all.
you think loading my own kernel modules is not related to secure boot? i guess you don’t work in IT then.
Most people who work IT don’t even know what a kernel is, tbf
I recently had an rfid scanner immediately rma-d back that had just been returned to us. The new issue was caused by a setting and not by a defect. I asked our IT/help desk if it WAS a setting that could be changed
“I don’t know. I get the thing, I check these settings, I check those settings, that’s all I know”
😑😑😑
So me and another person are out of our equipment for another couple weeks while the scanner is sent back for “repairs” and the repair people will go “😑 tap tap tap idiots”
(Edit: I know it’s a setting because I talked with the other person who uses it and I explained the issue and he let me know it is something he changes)
It doesn’t matter which kernel modules are used, as long as you have signed those changes before rebooting.
You can’t install most linux distributions with secure boot enabled.
This is outdated information. Linux has supported secure boot for quite a while now.
Do you have any advice for someone that dual boots SteamOS and Windows 10 on a Steam Deck?
I’ve heard online that since SteamOS manually signs keys or something, that if any changes happen to the kernel that later need to be updated by SteamOS, I’d need to re-sign the keys or whatever. Idk I’m not well versed in any of this
I’ve heard it’s as easy as downloading the M$ keys to enable Secure Boot, but I also don’t want to brick my Deck.
Windows 10 support is ending soon so there’s no reason to have it on your steam deck. Steam will stop supporting it sooner after Microsoft does, just like steam does with Apples operating system.
And Microsoft is shutting out most third parties in the near future because of Crowdstrike, so Linux likely won’t be supporting Secure Boot in the future, even if someone did want to enable it for some odd reason.
Microsoft can’t stop you from signing images with your own keys.
That’s what I do, and it’s almost entirely automated on Linux these days.
Microsoft’s kicking third parties out of the kernel because of crowdstrike. Secure boot is a completely different thing Microsoft can’t kick people out of.
Really? Which would those be? So far I haven’t come upon one.
most Linux distributions
Yeah that simply isn’t true. I use Secure Boot on all my Linux installs - both in the deb and rpm ecosystem system.
It fucks with Linux. I literally just disabled it to resolve a driver install issue before this announcement was made.
Linux can run with secure boot just fine though. Use your distros documentation to set it up.
Secureboot doesn’t “fuck with Linux”. It does protect you from malware trying to install unsigned kernel modules.
Apparently that driver is unsigned, which is not the normal case nowadays.
Good to know, thanks
I was trying to install an Nvidia driver on Linux Mint, so I think I am safe.
Is that a realistic attack scenario that end users need to be concerned about?
Yes. That’s how you get undetectable rootkits.
This happens to roughly 1/3rd of all pc’s. But if you put secureboot ON and the FBI cant touch your pc
This type of attack has been seen in the wild for quite some time. Ultimately it’s a security vs convenience decision.
Needlessly intrusive. Can obviously be circumvented by cheaters anyway, so quite possibly superfluous. Apart from that it protects against the kinds of attacks that typically require physical access to the computer. If you have physical access you have full access anyway. Etc.
If you have physical access you have full access anyway. Etc.
You know secure boot was specifically made to protect users for this exact use case. Any tampering of the system will prevent the system from booting.
I get your pc, “tamper” it, then i install a fake bios that tells you all is well and that your tpm and secureboot and whatever else bullcrap they invent is still happy.
See the problem?
It won’t boot though, because the keys to decrypt the system are stored in the TPM.
Sure you could replace the whole OS, but that’s going to be very obvious and won’t allow you access to the data.
If you have physical access you could go into the bios and turn off secure boot
If you enable Secure Boot you should also set a BIOS password for this very reason.
Can’t access the bios with secure boot on (at least I could not on an old laptop I was refurbishing, thank god the owner could login into windows)
Isnt it possible to have a recovery key? Isnt that technically a backdoor? Maybe the terms are not correct but there is a way in physically.
A person with physical access can tamper with the OS, then tamper with the signing keys. Most secure boot systems allow you to install keys.
Secure boot can’t detect a USB keylogger. Nothing can.
The signature checks will immediately fail if ANY tampering has occurred.
Adding a USB keylogger that has not been signed will cause a signature verification failure during boot.
A USB keylogger is not detectable by the computer, not in firmware nor operating system. It passively sniffs the traffic between the USB keyboard and the computer, to be dumped out later.
If your keys are stored in the TPM for use during the secure boot phase, there will be nothing for it to log.
If you have physical access you have full access anyway
No, encrypt your drives.
