Call of Duty: Black Ops 7 will block non‑compliant PCs at launch if they don’t meet Activision’s updated RICOCHET anti‑cheat prerequisites — most notably an active TPM 2.0 and UEFI Secure Boot — and there’s a narrow window to prepare legacy systems before the November 14, 2025 launch.
Background / Overview
The PC launch of Black Ops 7 is riding a clear industry trend: publishers are moving anti‑cheat detection earlier in the boot chain and anchoring integrity checks to hardware‑backed primitives such as TPM 2.0 and Secure Boot. Activision has confirmed that RICOCHET’s enforcement will require TPM 2.0 and Secure Boot for both the beta and full launch of Black Ops 7, a measure that was tested in prior seasons before being marked mandatory at launch.For players and system builders this matters because those features are firmware and disk‑layout dependent: Secure Boot requires UEFI firmware and a GPT system disk, and TPM 2.0 must be present and enabled (either as a discrete dTPM or as CPU firmware TPM such as Intel PTT or AMD fTPM). For many modern PCs these settings are already active; for older or custom rigs the conversion path can be technical and — if mishandled — risky. Practical checks and careful backups are now essential steps before attempting to play on day one.
Why Activision and other publishers are making this change
The technical rationale
Publishers are escalating anti‑cheat to the platform level because many sophisticated cheats operate at or before the kernel and can subvert user‑mode detection. TPM‑backed attestation and Secure Boot provide two complementary guarantees:- Secure Boot (UEFI): ensures only signed early‑boot components load, making it harder for bootkits and unsigned kernel drivers to inject or hide cheat code before the OS starts.
- TPM 2.0: provides a hardware root of trust for key storage and measured‑boot attestation; anti‑cheat can request cryptographic evidence that a machine booted with expected firmware and components.
Trade‑offs the industry is accepting
The benefits are tangible: stronger signals for server‑side attestation and fewer successful kernel‑level cheats. The trade‑offs are real:- Player friction: legacy rigs, custom Linux dual‑boots, and Steam Deck‑class devices may be blocked until workarounds or publisher accommodations are made.
- Firmware/driver complexity: motherboard vendors must keep UEFI and fTPM/PTT firmware updated to avoid false negatives or new compatibility bugs.
- Privacy and policy concerns: TPM‑backed attestation and platform telemetry raise legitimate questions about what gets measured and how that telemetry is used. Steam’s recent beta UI addition that surfaces Secure Boot and TPM status underscores how normalized these attributes have become, but also how sensitive they are when collected as telemetry.
Quick compatibility checklist — what to check now
Before you flip any firmware switches, back up critical data and record BitLocker recovery keys. Then verify these items in Windows:- Confirm game launch date and enforcement expectations (Black Ops 7: November 14, 2025).
- Check Secure Boot state and BIOS mode: run msinfo32 → look at BIOS Mode (should read UEFI) and Secure Boot State (should read On).
- Check TPM presence and version: run Win+R → tpm.msc → confirm Specification Version: 2.0 and The TPM is ready for use.
- Confirm the system disk uses GPT: Open Disk Management, right‑click the boot disk → Properties → Volumes → Partition style should read GUID (GPT). If it reads MBR, conversion will be required.
Step‑by‑step: how to enable TPM 2.0 and Secure Boot (safe, checked sequence)
This section gives a practical, proven sequence that minimizes risk. Verify each step and consult your motherboard/OEM documentation when menu names or exact keys differ.1) Backups and preparatory steps (do this first)
- Create a full system image or at least a file backup of your user folders and game saves.
- If BitLocker is enabled, suspend protection temporarily (BitLocker → Suspend) to avoid recovery prompts during firmware changes.
- Make sure you have Windows installation media or a recovery drive available in case of pain.
2) Verify current state inside Windows
- Run msinfo32 → Confirm BIOS Mode and Secure Boot State.
- Run tpm.msc → Confirm TPM is ready for use and Specification Version 2.0.
- In Disk Management check the boot disk’s partition style (GPT required for Secure Boot).
3) Enable TPM (if present but disabled)
- Reboot into UEFI/BIOS (common keys: Del, F2, F10, F11, F12; or via Windows Advanced Startup → Troubleshoot → UEFI Firmware Settings).
- Look for options named TPM, Intel PTT (Intel platforms), AMD fTPM or Security Device Support and enable them. Save and exit.
4) Convert MBR → GPT if necessary (use Microsoft’s MBR2GPT)
If your boot disk is MBR, you must convert to GPT before enabling Secure Boot.- Open an elevated Command Prompt (Win+R → cmd → Ctrl+Shift+Enter).
- Validate the disk: mbr2gpt.exe /validate /disk:X /allowFullOS (replace X with the Disk number shown in Disk Management).
- If validation succeeds, run: mbr2gpt.exe /convert /disk:X /allowFullOS.
- MBR2GPT enforces preconditions (max three primary partitions, space for GPT headers, an active system partition, and a healthy BCD). If validation fails the tool will list required corrective actions.
- Suspend BitLocker before conversion and have recovery keys saved. If conversion fails or firmware remains in legacy mode, a clean reinstall to UEFI/GPT may be the safer path.
5) Switch firmware to UEFI and enable Secure Boot
- Reboot into UEFI firmware. Under Boot or Security find Boot Mode and set to UEFI (disable CSM/Legacy/Compatibility Support Module where present).
- Then enable Secure Boot (sometimes shown as Windows UEFI mode or Standard/Default keys). Save and exit.
- Boot Windows and verify msinfo32 now shows BIOS Mode: UEFI and Secure Boot State: On.
Troubleshooting common failure modes
- Game still says TPM/Secure Boot disabled despite Windows showing them enabled: fully power‑off the machine (shutdown — not sleep), then boot; some firmware only expose updated state after a full power cycle. Microsoft support threads and Activision guidance list BIOS updates and driver reinstallation as next steps.
- mbr2gpt validation fails: the tool will print diagnostic steps; typical fixes include shrinking or removing non‑system partitions, suspending BitLocker, or choosing a clean UEFI install if conversion is infeasible. Microsoft’s documentation details exact validation rules.
- AMD fTPM or Intel PTT version mismatch or firmware bug: motherboard vendors have rolled BIOS updates in recent months to address fTPM/firmware TPM compatibility issues; check your vendor’s BIOS changelog and apply the latest stable update. Community reports show BIOS updates resolving many false‑negative TPM detections.
- Dual‑boot Linux: enabling Secure Boot will generally block unsigned Linux kernels and bootloaders. Solutions include using a signed shim, enrolling your own keys, or temporarily disabling Secure Boot — but disabling will block RICOCHET enforcement. Dual‑boot users must weigh tradeoffs carefully.
Cross‑checks and verification of public claims
Activision’s support documentation explicitly states that TPM 2.0 and Secure Boot were added in Season 05 as preflight checks and that they will be required for Black Ops 7 beta and launch; it also lists OS baseline (Windows 10 22H2 or Windows 11) and references Intel/AMD platform guidance. This is the authoritative publisher position.Independent reporting from outlets such as The Verge, Tom’s Hardware, and PCGamesN corroborates those requirements and documents the phased rollout, the Steam beta UI change (which surfaces Secure Boot/TPM status), and community troubleshooting flows. These outlets observed the same publisher guidance and noted how Steam’s beta system info was updated to help players check compatibility without leaving the client.
For the release date itself, multiple platform‑level announcements (PlayStation Blog, Gematsu, GamesRadar and mainstream game press) list November 14, 2025 as the target launch for Black Ops 7; pre‑order open beta access windows are consistent across those reports. Use those storefront and publisher pages as the definitive schedule when planning day‑one play.
What this means for specific user groups
Modern Windows 11 PCs
If you bought a PC within the last two to four years and installed Windows 11 or bought it preinstalled, you’re very likely compliant: Windows 11 requires TPM 2.0 and UEFI/Secure Boot capability by design. Still, confirm the settings because OEMs or IT policies can disable TPM. Quick checks (msinfo32, tpm.msc) settle this in two minutes.Windows 10 users and older builds
Windows 10 machines vary widely. Many support TPM 2.0 and fTPM but ship with defaults that leave TPM or Secure Boot disabled. If you run Windows 10 and the system is older than 2018, expect more potential friction: you may need firmware updates, MBR→GPT conversion, or in the worst case, hardware upgrades. Activision notes Windows 10 22H2 as a minimum if you stay on Windows 10.Linux, Proton, and handheld users (Steam Deck etc.)
Kernel‑level anti‑cheat tied to Secure Boot and TPM complicates native Linux and Proton compatibility. Without signed kernel modules or an authorized shim, Secure Boot can prevent Linux kernel modules used by anti‑cheat from loading — or simply make the publisher refuse to support the configuration. Expect uncertainty and likely publisher‑side blocking at launch unless specific accommodations are made.Streamers, VMs, and multi‑boot setups
Virtual machines and many virtualized or sandboxed environments don’t expose a host TPM and may fail attestation checks. If you stream, test your configuration in advance and be prepared to run the native client on host hardware for competitive play. Multi‑boot setups must plan for signed bootloaders and possible kernel key enrollment workflows.Security and privacy considerations — what publishers say, and where to be cautious
Activision and other publishers emphasize that TPM and Secure Boot checks do not grant direct access to personal files — they are used to confirm measured boot and platform state. That is consistent with how TPM attestation is typically implemented. But TPM attestation and the telemetry around firmware state are sensitive: aggregated device telemetry can increase the uniqueness of client fingerprints, and some users are uncomfortable with that level of device‑state reporting. Steam’s optional Hardware Survey and the fact that publishers have stated these checks will be enforced make this a policy conversation as well as a technical one. If you have strong privacy concerns, treat telemetry opt‑in settings carefully and watch publisher FAQ updates for how attestation data is used in matchmaking or enforcement.Flag: any claim that “RICOCHET will access X personal file” should be treated skeptically unless the publisher documents it. Publisher guidance to date explains attestation and enforcement only, not content inspection; still, platform attestation raises governance questions that deserve scrutiny.
Day‑one checklist and recommended actions (concise)
- 1.) Backup critical data and export BitLocker keys.
- 2.) Run msinfo32 and tpm.msc to confirm BIOS Mode = UEFI, Secure Boot State = On, and TPM Specification = 2.0.
- 3.) If your disk is MBR, validate and convert with mbr2gpt.exe (validate first, then convert). Suspend BitLocker before converting.
- 4.) Enter UEFI, enable Intel PTT or AMD fTPM (or onboard TPM), switch Boot Mode to UEFI, disable CSM, then enable Secure Boot. Save and reboot.
- 5.) Update BIOS/UEFI to the latest stable released by your motherboard/OEM. Many TPM problems have been fixed in vendor firmware.
- 6.) Test the game launcher early (open beta or pre‑launch) to catch any anti‑cheat detection problems before day one.
Final verdict: what to expect at launch and how publishers will likely act
Black Ops 7’s enforcement of TPM 2.0 and Secure Boot through RICOCHET is not an isolated experiment — it follows a broader industry shift where hardware‑anchored attestation is becoming a baseline tool against kernel‑level cheating. Expect a period of friction around launch: early reports will include BIOS/BIOS‑version fixes, quick publisher patches to detection heuristics, and community guides for the most common firmware pitfalls. Activision’s official support documentation and third‑party reporting are already aligned on the requirement and the remediation path — which means players who take the simple preparatory checks now should face minimal day‑one disruption.That said, there will be real losers in the short term: older hardware owners, some Linux/Steam Deck users, and people whose setups rely on unsigned or custom kernel modules. The industry will need transparent policies, strong support flows, and careful telemetry governance to keep the fairness benefits from turning into exclusionary gatekeeping.
Call of Duty: Black Ops 7 arrives November 14, 2025; verify your system now so RICOCHET won’t keep you out on day one — check msinfo32, run tpm.msc, confirm GPT partitions or safely use mbr2gpt, and update firmware as required. If you prefer a single short checklist to follow this afternoon, work top to bottom from the “Day‑one checklist” in this article and keep a verified backup before you touch UEFI settings.
Source: Windows Central Is your PC ready for Black Ops 7? Here's how to ensure RICOCHET anti-cheat will run on day one.
