A thief doesn’t loudly announce that they just stole something.

Yeah, they’re are. I used sbctl to enroll and manage my own keys, and I chose to include the MS ones to ensure dual booting still worked properly.

Because of that hard-bricking motherboard problem, choosing to not include the MS keys is actually more effort due it being gated behind a flag and a mountain of warnings.

these games only accept the secure boot setup where the root key is that of microsoft’s.

I have a PC where I could actually test this. Custom MOK but with all the MS signatures in the database. I can boot into Windows through the BIOS using only the MS-signed bootloader instead of GRUB or any chain loader, and Windows itself considers Secure Boot to be enabled successfully.

Do you know if it would immediately reject the game from launching, or would I be flagged and banned later as some kind of ban wave?

The latter is something I would prefer to avoid.

Oh, the comment I directly replied to is absolutely justified in its downvotes. I actually meant to reply to a different comment of theirs.

There’s a lot of FUD and disinformation around Secure Boot and TPM 2.0 in general. When it comes to anticheat and those as requirements, people are dog piling IMO. The comments being cynical or exaggerating the security risk of the TPM to the user are getting more upvotes, while the comments that disagree with those are getting pushback.

secure boot enabled with machine owner keys wouldn’t be enough either for these games

They should be able to check which signing keys were used for every part of the boot process. Unless they want to be colossal assholes and check the MOK as well, they could still verify what they need without flagging Linux Secure Boot dual-booters as cheaters.

You quoted the end of my comment, so you must have read this part:

Together, they make it possible for anticheat to tell if something (like cheating software) tried to rootkit Windows as a way to evade detection.

For the threat model of anticheat software, verifying system integrity is not an unusual requirement.

Amazing. Crowdstrike did end up providing some benefit to users after all.

Once you delve into the technical specifics of Secure Boot and the TPM, it’s actually not that unusual. I wrote more detail in another comment on this post, but the TLDR of it is that Secure Boot is meant to enforce the integrity of the boot procedure to ensure that only approved code runs before the Windows kernel gets control, and the TPM 2.0 is meant to attest to that. Together, they make it possible for anticheat to tell if something (like cheating software) tried to rootkit Windows as a way to evade detection.

I don’t agree with the requirement, but it’s not a pointless requirement or some grand conspiracy to make people buy new hardware.

Sorry to see the downvotes on your comments explaining the technical stuff. You aren’t wrong, but people are cultish and like dog piling.

The entire idea of Secure Boot is to verify the boot chain using signature checks to ensure that nothing “unauthorized” runs in the boot process before control is handed off to the kernel. It’s meant to stop lower bootloader stages from silently modifying or hooking later stages.

In theory, it’s supposed to stop rootkits from being able to exist above the OS, hiding themselves while stealing information or influencing programs. In practice, there’s a shit load of badly implemented EFI programs and bootloaders that are signed and later turned out to be vectors for arbitrary code execution (this is why you need the DBX list to be updated frequently).

Cynically, Microsoft probably came up with Secure Boot because that whole rootkit-and-fuck-with-the-kernel thing used to be one of the ways people cracked Windows 7.

As for TPM 2.0, the whole point of it being used for anticheat is because it stores an immutable log of the Secure Boot process and attests to the integrity of the system. If I installed my own Secure Boot certificates and rootkitted Windows for the sole purpose of cheating, the TPM would see that a self-signed executable was used during boot and refuse to say the system was unmodified.

Edit: The downvote button is not a “I disagree” button. There is an actual technical reason why Secure Boot and TPM 2.0 are used in anticheat crap. I don’t agree with it or that they demand it as a requirement to even open the game, but it’s not some grand conspiracy to make you buy new PC hardware.

Contrary to popular belief, it is possible to write software in assembly that is very readable. It takes thought but assembly has the edge with its miniscule footprint and zero-dependency runtime.

Almost. The corporate solution nowadays is for the guy who owns all of the carts to replace the horses with AI, fire half of the drivers, then demand the remaining drivers take two carts every trip.

I agree with them when they say distros shouldn’t be theming their apps by default. When the packager breaks a package, it misleadingly gives users the impression that the software is at fault. Unless the distro itself is willing to field all the user complaints and bug reports, it just ends up causing problems for the maintainers.

Where I will never agree with them is in the demand that the developer has exclusive control over the application icon. It’s inconsequential to the software’s functionality, and if anyone thinks their brand should have more rights to a computer than the person who owns it, they can rightfully fuck off with the likes of Apple and Microsoft.

App Icons are the identity of an app. Changing an app’s icon denies the developer the possibility to control their brand.

Here’s an novel solution to that: fuck off! A lot of us use Linux because we’re sick of corporations and rightsholders trying to control how we use our devices while treating us as marketing tools by shoving their “vision” in our face.

And the taxpayer money spent?

… To shreds you say …

Neither did I. Now I just don’t have time for sleep.

You can block it with a carefully-crafted userscript that hooks the fetch API and returns fake responses for the svc event, but then Reddit starts flagging your IP address as a bot and demands you log in to an account to prove otherwise. You can’t win.

Digital media is protected by copyright law, yeah. I’m not arguing it isn’t protected at all, I’m just saying the “piracy is theft” argument often used to claim that piracy is a crime is complete garbage that doesn’t hold up to scrutiny.

The “it’s a copyright violation” argument is actually applicable, though. When creating a digital copy without the rightsholder’s permission, an individual is creating an unauthorized copy and violating the creator’s copyrights.

How that’s applied legally and who bears the responsibility is where it gets interesting. It depends a lot on each country’s own copyright laws, but generally, making something available for others to download is unambiguously illegal as unauthorized distribution of a copyrighted work.

Downloading that copy is more of a gray area. Is the downloader making a copy by downloading it? What if they don’t save it, and instead just consume it like with streaming. Or is it a copy just by the mere act of saving data capable of creating a like-for-like representation of the original? What if that copy isn’t a perfect copy, but degraded through multiple lossy re-compressions and only resembles the original?

In my original comment, I added the “(downloading)” as a bit of a nod to this whole argument. Uploading is unambiguously a violation in some form, but piracy in the form of streaming is a gray area that isn’t actually illegal in a lot of places.

Digital piracy (downloading) shouldn’t even be a crime to begin with. The idea that it’s the same as theft is fundamentally flawed.

Theft requires the original owner to be deprived of their property. Creating a copy of digital media does not deprive them of their media.

The counterargument to that is digital piracy deprives them of revenue, which itself is a flawed argument. Revenue is money, and they never owned the would-be consumer’s money in the first place.

In addition to that, there’s no guarantee that someone who pirated their media would have even been willing to pay for it if piracy wasn’t an available option.

Was not aware of that, thanks.

Ukraine accepting these from Israel doesn’t really hurt Palestinians, or help Israel

Depending on how you look at it, it’s actually a good thing that he took it. Every missile given by Israel to Ukraine is a missile that isn’t being fired at a Palestinian hospital.