Hi! Thanks for clicking on this post.

I purchased a Steam Deck OLED about a year ago hoping to play my favorite video games outside of a Microsoft environment (the Xbox Live costs were getting annoying).

Everything worked fine for a while until EA games stopped launching via Steam OS. This fact motivated me to look into dual booting with the Windows 10 edition that’ll be supported for another 5-7 years, despite the commercial editions losing support in October 2025. I followed this guide, and got W10 dual boot up and running with Ventoy and GParted.

Fast forward to 2025, and the new Battlefield 6 beta just launched. I was hoping to try the beta out knowing that I probably wouldn’t buy the game (all BFs since BF1 are COD trash) and that BF4, BF1, and BFV all launch in W10 on Deck.

But then I receive this error: “SecureBoot is not enabled. Learn how to use SecureBoot at [go.ea.com/SecureBoot] (111)”.

I’ve done some research to try to figure this out, following EA’s own guide to enable Secure Boot:

Running msinfo32 shows that my BIOS Mode is UEFI, and Secure Boot State is Off.

Running tpm.msc shows that “The TPM is ready for use” under Status.

Entering Disk Management, right clicking on C:, selecting Properties, Hardware, Micron_2400_MTFDKBK1T0QFM, Properties, Volumes, Populate, and my Partition style is shown as GUID Partition Table (GPT).

Now I enter Advanced Startup to view BIOS settings, Troubleshoot, Advanced options, UEFI Firmware Settings, Restart, and the Steam Deck boots into the InsydeH2 BIOS menu.

From here, EA says these BIOS settings are specific to the manufacturer, so I go exploring. Under Setup Utility, I see Main, Advanced, Security, Power, Boot, and Exit menus to the left side of the screen.

When I click through these, I see the following:

  • BIOS Release Date = 08/01/2024

  • VBIOS FW Version = 113-AMDSphJupiter

  • Current TPM Device = TPM 2.0 (FTPM)

  • TPM State = All Hierarchies Enabled, Owned

  • Quick Boot = Enabled

  • Quiet Boot = Enabled

I don’t see any specific mention of “Secure Boot”.

I have read that the only way to enable Secure Boot is to go through these steps. I don’t have the time or energy to do that now. Maybe this weekend.

Has anyone else gone through similar troubleshooting?

Is the above the right path forward for my use case?

Are there any risks I should keep in mind if I want to enable Secure Boot?

What ways can I protect myself from my n00b carelessness?

Thanks for your time!! I don’t post much, but all the reddit posts out there failed to answer my specific problem. And who on Lemmy doesn’t like more content?

  • Kazumara@discuss.tchncs.de
    2·
    3 days ago

    The Steam Deck does not officially support Windows Secure boot.

    Of course it has Secure Boot, that’s a required part of the UEFI spec. “Windows Secure Boot” is not a thing.

    Basically, Secure Boot means that … no other OS is allowed to boot.

    No it means only EFI files that are signed with a known key are loaded. I use secure boot to load my signed GRUB.

    What the Steam Deck doesn’t have is the Microsoft signing keys pre-installed in its factory state. If you buy other computers or bare mainboards they usually have this.

    • sp3ctr4l@lemmy.dbzer0.comEnglish
      21·
      3 days ago

      Part 1:

      Yep. The Deck and SteamOS have Secure Boot.

      I never said they did not.

      I said:

      The Steam Deck does not officially support Windows Secure boot.

      Because…

      Basically, Secure Boot means that … no other OS is allowed to boot.

      That’s what ‘Secure’ means, to Windows/MSFT.

      Not sure if you struggle with reading comprehension in English, but when you read all of this, together, it is obvious that I am saying that the Windows specific implenentation of Secure Boot is exclusionary, only works with Windows.

      This is true, by default, unless you do a bunch of other extra work, which is easy to fuck up and likely to fail at some future point, because the way Windows ‘does’ Secure Boot is very different from how basically every other OS does, and will constantly change in subtle and esoteric ways that often result in a user being unable to access any other OS than Windows.

      Windows Secure Boot is thus functionally a distinct thing, even if Windows/MSFT act otherwise and insist on confusing and obfuscatory terminology… which they have a long track record of doing with basically all of their software and related nomenclature, for decades.

      Part 2:

      Yep, which is why I described that in layman’s terms by saying:

      maybe unless you have literally physically distinct harddrives/ssds/microsd/usb drives that each OS lives on?

      And then do extra steps to tell your now Windows managed BIOS/UEFI that your linux dual boot OS is also ‘safe’ for Windows to allow your sysyem to boot?

      Yep, you can do some extra bullshit, and it might work for a while, untill a new Windows update of some kind rewrites your UEFI config, requires some new arcane dependency setting or config of some kind, which then will lock out your non Windows OS.

      Yep, other Mobos often come with everything preconfigured for Windows and their specific implenentation of Secure Boot.

      The Steam Deck doesn’t, and that is what we are talking about.

      Also, its entirely possible and even common for dual boot and linux users to either intentionally or unintentionally wipe out those Windows EFI files, alter the cryptographic signing process in some other way, and then you run into this same problem on other Mobos.

      Or if you just build your own PC, or a linux oriented laptop or PC, Mobo will not come preconfigured for Windows.