Exactly, and you’ll save tons of money too. ETS2 goes on sale for $5, stardew valley for $7.50, vintage story doesn’t go on sale but it’s only $22. All games that are way more fun, way less buggy, and have way more replay value than every piece of triple a junk i’ve played
“enshittification” and it’s toggling two things in the BIOS, with one of them being literally required already by Windows 11, and the other being important for security to the point it should be toggled on anyways.
People have done what you say, and they’ve literally reset their motherboard with no immediate solution other than taking it to their computer repair shop. And that might even guarantee you get the motherboard back.
the tpm does not add any security whatsoever for windows 11, and secure boot is being used to lock your control out of your own system. secure boot enabled with machine owner keys wouldn’t be enough either for these games
secure boot enabled with machine owner keys wouldn’t be enough either for these games
They should be able to check which signing keys were used for every part of the boot process. Unless they want to be colossal assholes and check the MOK as well, they could still verify what they need without flagging Linux Secure Boot dual-booters as cheaters.
these games only accept the secure boot setup where the root key is that of microsoft’s. that means that you either need windows with a pre-approved configuration in some regards (notable difference: any foss kernel drivers are nono because they won’t ever be signed) or a linux system for which microsoft gives a secureboot shim with whatever further restrictions.
the consequences are more obvious if you look at android as an example. It’s not called secure boot there, but android verified boot, and the turning off of it is called “bootloader unlocking”. very few phones support installing your own signing keys so you can’t take advantage of it with a bloatless android distribution. but even on phones that do, there are many apps that require a locked bootloader with the factory keys, including banking apps, nfc payment apps, government apps (including those that are required to access the online government account), entertainment apps with strict DRM, …
these games only accept the secure boot setup where the root key is that of microsoft’s.
I have a PC where I could actually test this. Custom MOK but with all the MS signatures in the database. I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.
Do you know if it would immediately reject the game from launching, or would I be flagged and banned later as some kind of ban wave?
I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.
I assume that’s because your motherboard still has the microsoft keys installed besides the MOK keys, and it verified the bootloader with that. thats why it accepts the ms signed bootloader. as I know not all motherboards allow removing it, and there are a few buggy ones that get hard bricked if you do that.
Yeah, they’re are. I used sbctl to enroll and manage my own keys, and I chose to include the MS ones to ensure dual booting still worked properly.
Because of that hard-bricking motherboard problem, choosing to not include the MS keys is actually more effort due it being gated behind a flag and a mountain of warnings.
Sure, but do you think the average user will actually take their time to find ways to do it unless they REALLY want to install it and their computer doesn’t support it?
Just play an indie game, these games will only enshittify more and more.
Exactly, and you’ll save tons of money too. ETS2 goes on sale for $5, stardew valley for $7.50, vintage story doesn’t go on sale but it’s only $22. All games that are way more fun, way less buggy, and have way more replay value than every piece of triple a junk i’ve played
“enshittification” and it’s toggling two things in the BIOS, with one of them being literally required already by Windows 11, and the other being important for security to the point it should be toggled on anyways.
People have done what you say, and they’ve literally reset their motherboard with no immediate solution other than taking it to their computer repair shop. And that might even guarantee you get the motherboard back.
Very out of touch and elitist. Fuck off
the tpm does not add any security whatsoever for windows 11, and secure boot is being used to lock your control out of your own system. secure boot enabled with machine owner keys wouldn’t be enough either for these games
They should be able to check which signing keys were used for every part of the boot process. Unless they want to be colossal assholes and check the MOK as well, they could still verify what they need without flagging Linux Secure Boot dual-booters as cheaters.
Microsoft provides SB shims for some linux distributions, so it wouldn’t mean locking out all linux players.
Care to elaborate?
these games only accept the secure boot setup where the root key is that of microsoft’s. that means that you either need windows with a pre-approved configuration in some regards (notable difference: any foss kernel drivers are nono because they won’t ever be signed) or a linux system for which microsoft gives a secureboot shim with whatever further restrictions.
the consequences are more obvious if you look at android as an example. It’s not called secure boot there, but android verified boot, and the turning off of it is called “bootloader unlocking”. very few phones support installing your own signing keys so you can’t take advantage of it with a bloatless android distribution. but even on phones that do, there are many apps that require a locked bootloader with the factory keys, including banking apps, nfc payment apps, government apps (including those that are required to access the online government account), entertainment apps with strict DRM, …
I have a PC where I could actually test this. Custom MOK but with all the MS signatures in the database. I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.
Do you know if it would immediately reject the game from launching, or would I be flagged and banned later as some kind of ban wave?
The latter is something I would prefer to avoid.
I think there’s some linux command to query the installed keys, but here I have only found the command for listing all the installed mok keys: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
I assume that’s because your motherboard still has the microsoft keys installed besides the MOK keys, and it verified the bootloader with that. thats why it accepts the ms signed bootloader. as I know not all motherboards allow removing it, and there are a few buggy ones that get hard bricked if you do that.
Yeah, they’re are. I used sbctl to enroll and manage my own keys, and I chose to include the MS ones to ensure dual booting still worked properly.
Because of that hard-bricking motherboard problem, choosing to not include the MS keys is actually more effort due it being gated behind a flag and a mountain of warnings.
Literally NOT “required” by Windows 11. You can install 11 without TPM2 support just fine.
Indeed you can!
If you enable the core isolation and memory integrity features, which rely on the TPM, the system will slog down to less than potato speed.
Sure, but do you think the average user will actually take their time to find ways to do it unless they REALLY want to install it and their computer doesn’t support it?
No, because: