A thief doesn’t loudly announce that they just stole something.

The attack was coming from ::1

Or if that’s too unbelievable, fe80:: has some scary implications while also not likely to ever be a real device.

Yeah, they’re are. I used sbctl to enroll and manage my own keys, and I chose to include the MS ones to ensure dual booting still worked properly.

Because of that hard-bricking motherboard problem, choosing to not include the MS keys is actually more effort due it being gated behind a flag and a mountain of warnings.

these games only accept the secure boot setup where the root key is that of microsoft’s.

I have a PC where I could actually test this. Custom MOK but with all the MS signatures in the database. I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.

Do you know if it would immediately reject the game from launching, or would I be flagged and banned later as some kind of ban wave?

The latter is something I would prefer to avoid.

Oh, the comment I directly replied to is absolutely justified in its downvotes. I actually meant to reply to a different comment of theirs.

There’s a lot of FUD and disinformation around Secure Boot and TPM 2.0 in general. When it comes to anticheat and those as requirements, people are dog piling IMO. The comments being cynical or exaggerating the security risk of the TPM to the user are getting more upvotes, while the comments that disagree with those are getting pushback.

secure boot enabled with machine owner keys wouldn’t be enough either for these games

They should be able to check which signing keys were used for every part of the boot process. Unless they want to be colossal assholes and check the MOK as well, they could still verify what they need without flagging Linux Secure Boot dual-booters as cheaters.

You quoted the end of my comment, so you must have read this part:

Together, they make it possible for anticheat to tell if something (like cheating software) tried to rootkit Windows as a way to evade detection.

For the threat model of anticheat software, verifying system integrity is not an unusual requirement.

The other reason is that I’m kinda verbose.

Some say, “why many words when few work?”

Others express their freedom to choose exactly to what extent of verbosity and verbiage they consider necessary in order to accurately and effectively communicate their previously-unspoken thoughts either through private correspondence or statements to some subset of the general populace.

It really makes you think: which rich assholes recently bought stock in grocery store corporations?

Amazing. Crowdstrike did end up providing some benefit to users after all.

Once you delve into the technical specifics of Secure Boot and the TPM, it’s actually not that unusual. I wrote more detail in another comment on this post, but the TLDR of it is that Secure Boot is meant to enforce the integrity of the boot procedure to ensure that only approved code runs before the Windows kernel gets control, and the TPM 2.0 is meant to attest to that. Together, they make it possible for anticheat to tell if something (like cheating software) tried to rootkit Windows as a way to evade detection.

I don’t agree with the requirement, but it’s not a pointless requirement or some grand conspiracy to make people buy new hardware.

Sorry to see the downvotes on your comments explaining the technical stuff. You aren’t wrong, but people are cultish and like dog piling.

The entire idea of Secure Boot is to verify the boot chain using signature checks to ensure that nothing “unauthorized” runs in the boot process before control is handed off to the kernel. It’s meant to stop lower bootloader stages from silently modifying or hooking later stages.

In theory, it’s supposed to stop rootkits from being able to exist above the OS, hiding themselves while stealing information or influencing programs. In practice, there’s a shit load of badly implemented EFI programs and bootloaders that are signed and later turned out to be vectors for arbitrary code execution (this is why you need the DBX list to be updated frequently).

Cynically, Microsoft probably came up with Secure Boot because that whole rootkit-and-fuck-with-the-kernel thing used to be one of the ways people cracked Windows 7.

As for TPM 2.0, the whole point of it being used for anticheat is because it stores an immutable log of the Secure Boot process and attests to the integrity of the system. If I installed my own Secure Boot certificates and rootkitted Windows for the sole purpose of cheating, the TPM would see that a self-signed executable was used during boot and refuse to say the system was unmodified.

Edit: The downvote button is not a “I disagree” button. There is an actual technical reason why Secure Boot and TPM 2.0 are used in anticheat crap. I don’t agree with it or that they demand it as a requirement to even open the game, but it’s not some grand conspiracy to make you buy new PC hardware.

It’s not just flagrant; it’s fragrant, too. The hypocrisy stinks like shit to high heavens.

[Citation Needed]