Battlefield 6 Needs Secure Boot TPM 2.0 for Javelin Anti-Cheat

Battlefield 6 will refuse to launch on a PC that does not present a modern platform trust stack — namely UEFI Secure Boot enabled (and a present TPM 2.0) — because EA’s Javelin anti‑cheat requires those firmware-backed signals to operate at the kernel level.

Background / Overview​

Battlefield 6 ships with a security posture that makes firmware and platform trust features part of its minimum, enforceable PC requirements. EA lists TPM 2.0, UEFI Secure Boot (user enabled), HVCI capability, and VBS capability alongside the usual CPU, GPU, RAM, and storage specs. Those security features are not optional toggles for a “better experience” — they are prerequisites the game checks for and enforces at launch because its anti‑cheat, EA Javelin, relies on them to raise the bar against kernel‑level cheats.
This requirement has real-world consequences. Players who booted the open beta without Secure Boot saw a hard block message and could not join multiplayer until they enabled Secure Boot in firmware or moved to different hardware. That enforcement sparked controversy around accessibility, multi‑boot setups, Linux handhelds like the Steam Deck, and older machines still using legacy BIOS/MBR. Independent coverage and EA’s public notes confirm the same technical stance.

---

Why Battlefield 6 needs Secure Boot (the technical case)​

Secure Boot, TPM and measured boot — the basics​

• Secure Boot (UEFI) prevents unsigned or tampered bootloaders and early‑boot components from executing before the OS loads. This blocks a large class of pre‑OS rootkits and bootkits that cheat authors sometimes use to hide kernel tampering.
• TPM 2.0 provides a hardware root of trust that can hold cryptographic keys and record measured‑boot values. Anti‑cheat systems can use TPM attestation to verify that a machine booted in an expected state (firmware, bootloader, kernel) and hasn’t been manipulated between reboots.
• HVCI (Hypervisor‑protected Code Integrity) and VBS (Virtualization‑based Security) are Windows features that harden kernel code integrity by leveraging virtualization to isolate critical checks.

EA’s engineering case is that these primitives deliver trusted signals into Javelin that aren’t available on legacy BIOS/MBR or on Linux/Proton stacks. That makes some advanced cheat techniques — kernel drivers that inject or hook game processes, VM‑based evasion, hardware‑ID spoofing — measurably harder to implement and easier to detect. EA’s support and Secure Boot information pages say precisely that: Javelin needs the platform signals Secure Boot and TPM provide to operate reliably.

What those signals enable for Javelin​

• Attestation that the machine’s boot path is unmodified (reduces pre‑OS tampering).
• Stronger guarantees that kernel drivers are properly signed and haven’t been replaced by unsigned or malicious components.
• Better detection of VM/emulation or hardware‑ID spoofing attempts that cheat tools use to avoid server‑side bans.

These are meaningful advantages for anti‑cheat teams; conversely, they create friction for owners of older or non‑standard configurations.

---

How to check whether Secure Boot is already enabled​

Before changing firmware or partition schemes, check Windows to see whether your PC already satisfies EA’s requirement.

• Press Windows+R, type msinfo32 and press Enter to open System Information.
• Look for Secure Boot State — it will read On or Off.
• A little higher, confirm BIOS Mode reads UEFI (if it reads Legacy or BIOS, Secure Boot cannot be enabled without switching the system to UEFI boot).

If Secure Boot shows On and BIOS Mode is UEFI, you meet that part of the requirement. If not, read on — the following steps explain how to enable it safely.

---

Step‑by‑step: enable Secure Boot for Battlefield 6 (validated flow)​

The safe, supported path typically follows this sequence: confirm UEFI support, ensure the system disk uses GPT, convert MBR to GPT if needed (using Microsoft’s supported tool), switch firmware to UEFI-only mode and enable Secure Boot, then verify in Windows.
Important safeguards before you start:

• Back up essential data. Converting firmware/partition layout can brick some setups if prerequisites aren’t satisfied.
• If BitLocker is active, suspend protection first and export recovery keys.
• Confirm whether your motherboard/PC vendor offers firmware documentation or an official walkthrough for your model.

1. Confirm basic preconditions​

• Run msinfo32 and check BIOS Mode = UEFI.
• Check Secure Boot State.
• Verify TPM presence via tpm.msc or Windows Security > Device Security shows a TPM 2.0.
• In Disk Management, check the system disk’s Partition style (GPT vs MBR). If it’s MBR you’ll need to convert for native UEFI boot.

2. Convert MBR → GPT (if required): Microsoft’s MBR2GPT tool (supported path)​

Microsoft provides mbr2gpt.exe to convert the system disk from MBR to GPT without data loss when the disk meets prerequisites. Use this supported tool rather than third‑party converters unless you know precisely what you’re doing. The validated steps are:

• Open an elevated Command Prompt (Run as administrator).
• Validate the disk with:
  mbr2gpt /validate /disk:0 /allowFullOS
  Replace 0 with the correct disk number if your system disk is different. Microsoft’s documentation lists the exact validation checks the tool performs.
• If validation succeeds, run:
  mbr2gpt /convert /disk:0 /allowFullOS
• After conversion completes, reboot and enter your firmware (BIOS/UEFI) menu. Set Boot Mode to UEFI only (or UEFI first), disable Compatibility Support Module (CSM) if present, and ensure the boot order points to the converted Windows Boot Manager. Then enable Secure Boot.
• Boot back into Windows and run msinfo32 to confirm BIOS Mode is UEFI and Secure Boot State is On.

Caveats: mbr2gpt has specific prerequisites (number of primary partitions, presence of system partition, etc.). If validation fails, Microsoft documentation explains fail cases and next steps (including clean installs when conversion isn’t possible). Always follow the guidance on the official docs.

3. If your firmware does not list Secure Boot or UEFI​

Some older motherboards simply do not support UEFI Secure Boot. In those cases Battlefield 6 will not run on that system unless you upgrade the motherboard (and possibly the CPU) to a UEFI‑capable platform. EA’s guidance and community reporting make this explicit: unsupported firmware = blocked launch.

---

Troubleshooting common failure modes​

• Secure Boot still shows Off after enabling in UEFI: Ensure you saved changes and that the boot device boots from the UEFI Windows Boot Manager. If your disk remained MBR, Secure Boot cannot be active. Recheck partition style and re-run mbr2gpt validation.
• System fails to boot after conversion: This is uncommon when the tool validates first, but it can happen with uncommon partition layouts or OEM recovery partitions. Keep a recovery USB or Windows install media handy. If you cannot recover, you may need to restore from backup.
• Conflicts with other kernel‑level drivers or security software: Kernel‑level anti‑cheat stacks can clash with other low‑level drivers (hypervisors, old virtualization software, third‑party security drivers). If Battlefield 6 refuses to start after enabling Secure Boot, temporarily suspend or uninstall conflicting drivers and ensure drivers are signed and up to date. EA documentation and early beta reports show many issues were resolved by firmware and driver updates.
• Dual‑boot or Linux users: SteamOS/Proton and many Linux-first setups will not be able to present the same Secure Boot/TPM signals required by Javelin. That effectively excludes many Proton‑based Play environments and Valve’s Steam Deck in its default configuration. Official EA notices and independent coverage confirm this practical limitation.

---

Practical checklist: before you flip firmware switches​

• Back up your files and export BitLocker recovery keys.
• Confirm your OEM/motherboard supports UEFI and Secure Boot.
• Update UEFI/BIOS to the latest vendor release before converting. Firmware updates often fix compatibility traps.
• Update GPU drivers and Windows to the latest cumulative updates. Many anti‑cheat conflicts were resolved via driver and Windows patches during beta windows.
• Use Microsoft’s mbr2gpt validation step — don’t skip validation.

---

Security, privacy and long‑term risks — critical analysis​

Strengths: what this enforcement buys players​

• Stronger anti‑cheat baseline. By anchoring detection on platform trust primitives, EA can reduce the effectiveness of advanced cheat vectors that have plagued online shooters for years. Early telemetry reported large blocks during beta windows — a measurable outcome that supports the engineering rationale.
• Better long‑term competitive integrity. Hardening the client at the boot and kernel levels creates persistent barriers that raise the work factor for cheat creators.

Real risks and user costs​

• Excludes valid user groups. Owners of older motherboards, many Linux players, Steam Deck users on SteamOS, and certain corporate or constrained systems are effectively excluded at launch. That’s not just inconvenience; for some owners the only practical option is hardware replacement.
• Kernel‑level components increase perceived attack surface. Kernel drivers must be written and maintained to high quality levels. When they misbehave, they can cause system instability or crashes; when updated, they must remain compatible across many driver and OS updates. The presence of kernel‑level anti‑cheat therefore increases operational risk if not carefully managed. Independent reporting and community logs from beta windows recorded both positive detections and transient stability problems.
• Privacy and trust concerns. Some players distrust kernel‑level anti‑cheat on principle. Vendors stress narrow scope and telemetry hygiene, but trust is earned — EA will need transparent policies, rapid fixes for conflicts, and strong signing and update controls to mitigate worries.

The Windows 10 retirement complication​

Microsoft’s end of mainstream support for Windows 10 makes this even more consequential. As platform maintainers prioritize Windows 11, publishers and anti‑cheat vendors will similarly shift their validation and troubleshooting targets. Over time, unsupported Windows 10 environments may see reduced compatibility or slower fixes for anti‑cheat conflicts. That increases the pressure on users to migrate or purchase newer hardware that meets the modern trust stack baseline.

---

Platform compatibility: who is excluded and why it matters​

• Steam Deck (SteamOS default): Linux/Proton cannot provide the same UEFI/TPM signals EA requires for Javelin; Steam Deck in stock form is unsupported. While Windows can be installed on some handhelds, driver compatibility and battery/performance trade‑offs make that a fragile workaround.
• Linux and Proton users: Proton-based compatibility layers don’t present hardware attestations EA expects; Proton users are effectively blocked unless a vendor‑level solution is provided.
• Older BIOS/MBR rigs: Systems that cannot switch to UEFI or cannot use GPT without a clean reinstall are blocked unless the hardware is upgraded. Microsoft’s mbr2gpt can help many users migrate without reinstalling, but not all disk layouts are supported.

These exclusions reduce the size of the potential player base at launch and create friction in communities where older or bespoke rigs are common. EA has defended the decision as necessary to reduce cheating; critics argue the costs are borne by legitimate players while cheat creators will continue to adapt. Both positions have merit — the decision trades access for higher anti‑cheat fidelity.

---

A concise decision guide for players​

• If your System Information (msinfo32) shows Secure Boot = On and BIOS Mode = UEFI, you’re ready on the Secure Boot front.
• If Secure Boot is Off but your firmware is UEFI-capable and the system drive is GPT, enable Secure Boot in UEFI, update drivers, and test the game.
• If your system uses MBR, validate with mbr2gpt and convert only after backing up. Follow Microsoft’s documented checks and procedures.
• If you run Linux, Proton, or a Steam Deck in SteamOS mode, treat Battlefield 6 as unsupported at launch unless you can install and maintain Windows + UEFI/GPT stack reliably.

---

Wrapping up — what this means for Battlefield 6 players and PC gaming​

Battlefield 6’s Secure Boot enforcement is a clear statement: publishers are willing to harden the client at the platform level to combat increasingly sophisticated cheats. That approach pays real dividends for anti‑cheat signal fidelity and the practical detection of kernel‑level tampering, but it also introduces meaningful compatibility costs.
For most mid‑range or modern Windows 11 systems the work is minimal: ensure Secure Boot and TPM 2.0 are enabled, verify your disk is GPT, and keep firmware and drivers current. For others — older PCs, Linux users, handhelds running non‑Windows OSes — the choice is harder: upgrade, dual‑boot into Windows (with the attendant management overhead), or accept exclusion.
EA’s official guidance and technical documentation explain what is required and provide links to vendor‑specific instructions to enable Secure Boot. Microsoft’s MBR2GPT tool offers a supported path for converting system disks to GPT when the prerequisites are met, and independent reporting (and early beta telemetry) confirms the practical outcomes and community reactions described above. These multiple, independent confirmations frame a consistent picture: yes, Secure Boot must be enabled to play Battlefield 6 on PC, and preparing your firmware and partition layout ahead of launch is the prudent step for anyone who wants to avoid a last‑minute block on game day.

---

Conclusion
Battlefield 6’s requirement for Secure Boot and a modern platform trust stack is real and enforced: it improves anti‑cheat effectiveness at the cost of excluding legacy, Linux, and some uncommon configurations. Players who want a smooth launch should verify Secure Boot and TPM status now, update firmware and drivers, and use Microsoft’s supported conversion tools if necessary. The trade‑off is straightforward — a firmer, hardware‑backed line against cheating in exchange for stricter baseline requirements for PC compatibility.

---

Source: Nerd's Chalk Do I need Secure Boot to play Battlefield 6 on PC?