Hi! Thanks for clicking on this post.
I purchased a Steam Deck OLED about a year ago hoping to play my favorite video games outside of a Microsoft environment (the Xbox Live costs were getting annoying).
Everything worked fine for a while until EA games stopped launching via Steam OS. This fact motivated me to look into dual booting with the Windows 10 edition that’ll be supported for another 5-7 years, despite the commercial editions losing support in October 2025. I followed this guide, and got W10 dual boot up and running with Ventoy and GParted.
Fast forward to 2025, and the new Battlefield 6 beta just launched. I was hoping to try the beta out knowing that I probably wouldn’t buy the game (all BFs since BF1 are COD trash) and that BF4, BF1, and BFV all launch in W10 on Deck.
But then I receive this error: “SecureBoot is not enabled. Learn how to use SecureBoot at [go.ea.com/SecureBoot] (111)”.
I’ve done some research to try to figure this out, following EA’s own guide to enable Secure Boot:
Running msinfo32 shows that my BIOS Mode is UEFI, and Secure Boot State is Off.
Running tpm.msc shows that “The TPM is ready for use” under Status.
Entering Disk Management, right clicking on C:, selecting Properties, Hardware, Micron_2400_MTFDKBK1T0QFM, Properties, Volumes, Populate, and my Partition style is shown as GUID Partition Table (GPT).
Now I enter Advanced Startup to view BIOS settings, Troubleshoot, Advanced options, UEFI Firmware Settings, Restart, and the Steam Deck boots into the InsydeH2 BIOS menu.
From here, EA says these BIOS settings are specific to the manufacturer, so I go exploring. Under Setup Utility, I see Main, Advanced, Security, Power, Boot, and Exit menus to the left side of the screen.
When I click through these, I see the following:
-
BIOS Release Date = 08/01/2024
-
VBIOS FW Version = 113-AMDSphJupiter
-
Current TPM Device = TPM 2.0 (FTPM)
-
TPM State = All Hierarchies Enabled, Owned
-
Quick Boot = Enabled
-
Quiet Boot = Enabled
I don’t see any specific mention of “Secure Boot”.
I have read that the only way to enable Secure Boot is to go through these steps. I don’t have the time or energy to do that now. Maybe this weekend.
Has anyone else gone through similar troubleshooting?
Is the above the right path forward for my use case?
Are there any risks I should keep in mind if I want to enable Secure Boot?
What ways can I protect myself from my n00b carelessness?
Thanks for your time!! I don’t post much, but all the reddit posts out there failed to answer my specific problem. And who on Lemmy doesn’t like more content?
So, Secure Boot for Windows is basically a mode of running your system that cryptographically links your Windows OS to the BIOS/UEFI… and the way that this works is almost always incompatible with a dual boot setup that includes Linux… maybe unless you have literally physically distinct harddrives/ssds/microsd/usb drives that each OS lives on?
And then do extra steps to tell your now Windows managed BIOS/UEFI that your linux dual boot OS is also ‘safe’ for Windows to allow your sysyem to boot?
The Steam Deck does not officially support Windows Secure boot.
Because…
Basically, Secure Boot means that … no other OS is allowed to boot.
That’s what ‘Secure’ means, to Windows/MSFT.
There are basically workaround hacks to attempt to get Win 10 Secure Boot working on a Deck, but they are not official, unsupported, could break at any time with any Windows update.
…
So yeah, you cannot do a Win 10 + Linux dual boot where that Win 10 boot is also ‘Secure’, at the same time.
If you start with a dual boot config, and then manage to enable secure boot for Win 10… chances are very high that Win 10 will then reconfigure your boot config to disable dual boot, it’ll wipe out GRUB, and now your linux stuff … is still there, but you can’t access it.
…
This isn’t really a direct answer to your question, but MSFT and … more or less, everything it touches, hardware, software… have been making it harder and harder to successfully dual boot Windows and Linux for over a decade now.
If you or others in this thread somehow can figure this out, in a reliably stable way, well, that’s honestly impressive…
But imo, it isn’t worth the effort.
Any game update, or Windows update, or Mobo firmware level BIOS/UEFI update… could blow up your entire solution, because your entire solution basically by definition is actually going to be a hacky workaround that tricks Win 10 into thinking it is Secure Boot mode, when it actually isn’t.
MSFT really, really wants you to use its virtualized version of linux (WSL), or run a linux VM, but keep everything on bare metal Windows.
…
All that being said:
https://github.com/ryanrudolfoba/SecureBootForSteamDeck
EDIT: Whoops, you already found this, derp.
You may or may not be able to get this to work, but absolutely back up your entire linux system and every personal document and file and program on it, back it up to another physical drive of some kind before you do it, as you should expect more or less catastrophic failure if anything goes wrong, like fucking up a ROM flash of a smartphone.
Of course it has Secure Boot, that’s a required part of the UEFI spec. “Windows Secure Boot” is not a thing.
No it means only EFI files that are signed with a known key are loaded. I use secure boot to load my signed GRUB.
What the Steam Deck doesn’t have is the Microsoft signing keys pre-installed in its factory state. If you buy other computers or bare mainboards they usually have this.
Part 1:
Yep. The Deck and SteamOS have Secure Boot.
I never said they did not.
I said:
Not sure if you struggle with reading comprehension in English, but when you read all of this, together, it is obvious that I am saying that the Windows specific implenentation of Secure Boot is exclusionary, only works with Windows.
This is true, by default, unless you do a bunch of other extra work, which is easy to fuck up and likely to fail at some future point, because the way Windows ‘does’ Secure Boot is very different from how basically every other OS does, and will constantly change in subtle and esoteric ways that often result in a user being unable to access any other OS than Windows.
Windows Secure Boot is thus functionally a distinct thing, even if Windows/MSFT act otherwise and insist on confusing and obfuscatory terminology… which they have a long track record of doing with basically all of their software and related nomenclature, for decades.
Part 2:
Yep, which is why I described that in layman’s terms by saying:
Yep, you can do some extra bullshit, and it might work for a while, untill a new Windows update of some kind rewrites your UEFI config, requires some new arcane dependency setting or config of some kind, which then will lock out your non Windows OS.
Yep, other Mobos often come with everything preconfigured for Windows and their specific implenentation of Secure Boot.
The Steam Deck doesn’t, and that is what we are talking about.
Also, its entirely possible and even common for dual boot and linux users to either intentionally or unintentionally wipe out those Windows EFI files, alter the cryptographic signing process in some other way, and then you run into this same problem on other Mobos.
Or if you just build your own PC, or a linux oriented laptop or PC, Mobo will not come preconfigured for Windows.
Oh yeah, apparently I updated W10 a few months ago accidentally (not even knowing the implications to this) and it wiped GRUB. The only way I’m able to boot into SteamOS now is to power the Deck from OFF into W10, shutdown, boot into BIOS, and select one of the EFI files. Not ideal, but it still works. That’s all I’m looking for for now, that my Steam Deck still functions.
One of the things that’s concerning me long term is that it seems like the Steam Deck can’t fully restart to do system updates. When it does, the Deck boots straight into W10, cancelling out any progress on the updates. There might be a way to fix this, but I’m not a tech guru! (Even though I’m an engineer).
Appreciate the protection recommendations btw. The more I live in a dual boot world, and the more games that release on Steam, the more I’m willing to completely scrap W10. I still enjoy the BFs tho, and Delta Force isn’t a good alternative. As my taste in games change, who knows.
Thanks for the help
No problem!
Yeah, dual booting Win and Lin is… basically a trap at this point, I first tried to do it over a decade now…
There really is no need anymore, beyond very specific uses cases, to run Windows at all.
Linux caught up and has now exceeded it in basically everyway, as Windows has also enshittified.
I would suggest you look into just switching your Deck over to Bazzite.
From a basic user stand point, it is highly functional and performant, harder to break than Arch based SteamOS if you make it not read only, gives you more flexibility and utilities than default SteamOS, and you can even set up a linux container as a dev environment to do linux dev stuff, use Bottles or something if you need something closer to a Windows environment.
Yeah, its still not gonna play those few, super hyped and marketed AAA games… but fuck em, they’re evil corpos, stop giving them your time and money.
…
And I just made another suggestion to you in another comment:
You want BF style game(play)?
TitanFall 2. Still alive, still alive, got a reverse engineered launcher, server browser and private servers, runs great on linux via Proton.
I’m starting to see how much of a trap it is!
I’m interested in multi booting different distros. Any guides on how to wipe my current deck and start over? I’ve heard Bazzite and PopOS are pretty slick, and I still want to keep SteamOS.
Yeah fuck corpos!!!
I saw that comment. I’ll look into it!
Well, afaik, PopOS! does not have a … handheld PC oriented flavor, so… you could get it to work, but likely only via a dock, keyboard and mouse and monitor.
It may partially work, to some extent, as a handheld, but it won’t be able to… leave desktop mode, basically, unless you manually figure out how to set up everything you need for that game mode transition.
Bazzite on the other hand… comes with all that prebuilt in, is designed around that as a fundamental principle.
https://docs.bazzite.gg/General/FAQ/
https://docs.bazzite.gg/General/Installation_Guide/Installing_Bazzite_for_Steam_Deck/?h=install
Bazzite does replace SteamOS though.
It keeps the gamemode as a thing you can transition to, but under the hood, its Fedora, not Arch… but you can set the desktop mode up with the same KDE style if you want to, or go with GNOME if you wanna try that.
EDIT: More clarity IRT dual booting SteamOS and Bazzite on a Deck.
You can do this, more easily than either with Windows…
But it’ll require some extra configuration.
Basically, the way SteamOS and Bazzite will want to partition your harddrive, your onboard SSD… are fairly different.
IIRC, Bazzite uses BTRFS, and SteamArch is in I think Ext4… and the way they setup paritions for pagefiles or lackthereof is different.
You could get it working, its not impossible, but it might be way easier to just get a microsd card and run a live version or fully install a whole OS to a microsd card and run it from that, on a Deck, as a sort of preview… and then just pick one.
Also, it is totally possible to set up a microsd card with ventoy or just one other os install image… you don’t have to use an actual usb thumb drive.
Thanks for the info
I may have gotten in a stealth edit addendum right after you actually read that comment, more detail about potentially dual booting Bazz and StmOS