this post was submitted on 06 Aug 2025
111 points (98.3% liked)

Games

20769 readers
497 users here now

Video game news oriented community. No NanoUFO is not a bot :)

Posts.

  1. News oriented content (general reviews, previews or retrospectives allowed).
  2. Broad discussion posts (preferably not only about a specific game).
  3. No humor/memes etc..
  4. No affiliate links
  5. No advertising.
  6. No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
  7. No self promotion.
  8. No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
  9. No politics.

Comments.

  1. No personal attacks.
  2. Obey instance rules.
  3. No low effort comments(one or two words, emoji etc..)
  4. Please use spoiler tags for spoilers.

My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.

Other communities:

Beehaw.org gaming

Lemmy.ml gaming

lemmy.ca pcgaming

founded 2 years ago
MODERATORS
nanoUFO@sh.itjust.works
111
Call of Duty and Battlefield 6 will both require Secure Boot on Windows (www.theverge.com)
submitted 2 days ago by misk@piefed.social to c/games@sh.itjust.works
59 comments fedilink hide all child comments
 

Archive: https://archive.ph/2025.08.06-204234/https://www.theverge.com/news/720007/call-of-duty-pc-anti-cheat-secure-boot-windows-black-ops-7

you are viewing a single comment's thread
view the rest of the comments
[–] Romkslrqusz@lemmy.zip 0 points 2 days ago (11 children)

I mean, this is fine. Secure Boot is on everything motherboard from the last 12 years, there are very few reasons not to have it enabled and those reasons are usually edge case scenarios.

Would absolutely take this over a kernel level driver.

[–] sugar_in_your_tea@sh.itjust.works 19 points 2 days ago (9 children)

I don't see how secure boot is relevant to a video game.

[–] misk@piefed.social 5 points 2 days ago* (last edited 2 days ago) (1 children)

Secure boot requires OS kernel to be digitally signed so that’s just another way to prevent tampering. It’s not like those or any other games will be doing anything other than checking if it’s on because there’s not that much else it can be used for. Secure boot is annoying as hell if you use anything other than Windows though.

[–] sugar_in_your_tea@sh.itjust.works 7 points 1 day ago (1 children)

You can load your own keys and sign whatever you want. It's not going to prevent anyone but the most unsophisticated of cheaters. What it does is prevent malicious code from being injected early in the boot, it doesn't prevent users from loading whatever code they want early in boot.

[–] misk@piefed.social 1 points 1 day ago (2 children)

Can you really sign your own modified Windows kernel or drivers? I don’t think that’s how cryptography works.

[–] sugar_in_your_tea@sh.itjust.works 2 points 1 day ago (2 children)

I'm not sure about Windows specifically, I just know you can load your own keys onto the mobo. In general, a cryptographic signature is just metadata tacked onto a file, so presumably yes, you could sign the kernel yourself and load your key so Secure Boot works.

The way Linux distros generally work (e.g. Debian) is to use a shim binary and chain load into their own kernel binary. An exerpt:

Starting with Debian version 10 ("Buster"), Debian supports UEFI Secure Boot by employing a small UEFI loader called shim which is signed by Microsoft and embeds Debian's signing keys. This allows Debian to sign its own binaries without requiring further signatures from Microsoft.

So even if signing the Windows kernel doesn't work (I don't see why it wouldn't), you could use a loader shim like Debian does to not require loading your own keys.

To be fair, I haven't read the details of Secure Boot specifically to know how it's done, I'm just going based on my understanding of PGP (about how signing works), early kernel boot, and high level details about Secure Boot. I'm sure someone sophisticated enough to design kernel-level game cheats could figure out how to make Secure Boot happy without a ton of effort from users.

Secure Boot isn't designed to prevent users from doing things, it merely prevents malicious code from being loaded at boot (i.e. code that doesn't have access to the keys loaded onto the Secure Boot module).

[–] misk@piefed.social 1 points 1 day ago (1 children)

I'm not sure about Windows specifically

That’s quite an important omission because we’re talking about Windows. Windows won’t run kernel or driver that’s not using expected certificates, what would be the point otherwise?

[–] sugar_in_your_tea@sh.itjust.works 1 points 1 day ago

Again, I don't know the specifics about Windows, so I can't say exactly what a cheater could or could not do. I do know that kernel chaining does work w/ Windows, otherwise the GRUB bootloader would be DOA.

Whatever Windows does is a completely separate thing from Secure Boot, since Secure Boot only impacts early boot (i.e. the handoff from UEFI to the kernel). So getting into what Windows does and does not allow isn't particularly relevant to the discussion about Secure Boot.

[–] keimevo@lemmy.world 1 points 1 day ago (1 children)

You mean this certificate? The one which will expire next year and leave many old machines with Secure Boot enabled, unbootable?

[–] sugar_in_your_tea@sh.itjust.works 1 points 1 day ago

Unbootable w/o changes, yes, assuming hardware vendors actually respect the expiration date.

But that's completely separate from my point. Regardless of the solution they pick for that particular problem, users can still add their own keys to Secure Boot and do whatever they want.

[–] bathing_in_bismuth@sh.itjust.works 1 points 1 day ago* (last edited 1 day ago)

You can, but it probably needs a key related to Microsoft certificates

load more comments (7 replies)
load more comments (8 replies)