[Help] Steam Deck OLED | Windows 10 Dual Boot | How to Enable Secure Boot

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨Resonosity@lemmy.dbzer0.com⁩ to ⁨steamdeck@sopuli.xyz⁩

Hi! Thanks for clicking on this post.

I purchased a Steam Deck OLED about a year ago hoping to play my favorite video games outside of a Microsoft environment (the Xbox Live costs were getting annoying).

Everything worked fine for a while until EA games stopped launching via Steam OS. This fact motivated me to look into dual booting with the Windows 10 edition that’ll be supported for another 5-7 years, despite the commercial editions losing support in October 2025. I followed this guide, and got W10 dual boot up and running with Ventoy and GParted.

Fast forward to 2025, and the new Battlefield 6 beta just launched. I was hoping to try the beta out knowing that I probably wouldn’t buy the game (all BFs since BF1 are COD trash) and that BF4, BF1, and BFV all launch in W10 on Deck.

But then I receive this error: “SecureBoot is not enabled. Learn how to use SecureBoot at [go.ea.com/SecureBoot] (111)”.

I’ve done some research to try to figure this out, following EA’s own guide to enable Secure Boot:

Running msinfo32 shows that my BIOS Mode is UEFI, and Secure Boot State is Off.

Running tpm.msc shows that “The TPM is ready for use” under Status.

Entering Disk Management, right clicking on C:, selecting Properties, Hardware, Micron_2400_MTFDKBK1T0QFM, Properties, Volumes, Populate, and my Partition style is shown as GUID Partition Table (GPT).

Now I enter Advanced Startup to view BIOS settings, Troubleshoot, Advanced options, UEFI Firmware Settings, Restart, and the Steam Deck boots into the InsydeH2 BIOS menu.

From here, EA says these BIOS settings are specific to the manufacturer, so I go exploring. Under Setup Utility, I see Main, Advanced, Security, Power, Boot, and Exit menus to the left side of the screen.

When I click through these, I see the following:

BIOS Release Date = 08/01/2024
VBIOS FW Version = 113-AMDSphJupiter
Current TPM Device = TPM 2.0 (FTPM)
TPM State = All Hierarchies Enabled, Owned
Quick Boot = Enabled
Quiet Boot = Enabled

I don’t see any specific mention of “Secure Boot”.

I have read that the only way to enable Secure Boot is to go through these steps. I don’t have the time or energy to do that now. Maybe this weekend.

Has anyone else gone through similar troubleshooting?

Is the above the right path forward for my use case?

Are there any risks I should keep in mind if I want to enable Secure Boot?

What ways can I protect myself from my n00b carelessness?

Thanks for your time!! I don’t post much, but all the reddit posts out there failed to answer my specific problem. And who on Lemmy doesn’t like more content?

source

Comments

Sort:hotnew top

memo@feddit.it ⁨2⁩ ⁨weeks⁩ ago
Not helpful to the post but - if anything, this would convince me to ditch EA games.

source
- Resonosity@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
  Yeah, big same. I mean, I’ve had a lot of fun on the older games like BF1 & BF4. I’ll probably keep playing those for as long as I can.
  
  And if EA ever kills those, I hope StopKillingGames in the EU someday reverses it
  
  source
  - ook@discuss.tchncs.de ⁨2⁩ ⁨weeks⁩ ago
    Just saw this post and thought of your topic here: lemmy.world/post/34149294
    
    source
    -> View More Comments
  - sp3ctr4l@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
    If you’re looking for something fairly close to (and imo arguably better) BF1 and 4…
    
    TitanFall 2.
    
    Got its own custom Proton branch, Northstar and other variants of basically the same thing, wrap around and launch the game, working private servers and mod support, you can run it on Windows or Linux, actually runs really well on a Steam Deck… might have something to do eith using an actually good engine, its basically a fork of the Portal 2 version of Source.
    
    Its a small, but active community.
    
    source
    -> View More Comments
sp3ctr4l@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
So, Secure Boot for Windows is basically a mode of running your system that cryptographically links your Windows OS to the BIOS/UEFI… and the way that this works is almost always incompatible with a dual boot setup that includes Linux… maybe unless you have literally physically distinct harddrives/ssds/microsd/usb drives that each OS lives on?

The Steam Deck does not officially support Windows Secure boot.

Because…

Basically, Secure Boot means that … no other OS is allowed to boot.

That’s what ‘Secure’ means, to Windows/MSFT.

There are basically workaround hacks to attempt to get Win 10 Secure Boot working on a Deck, but they are not official, unsupported, could break at any time with any Windows update.

…

So yeah, you cannot do a Win 10 + Linux dual boot where that Win 10 boot is also ‘Secure’, at the same time.

If you start with a dual boot config, and then manage to enable secure boot for Win 10… chances are very high that Win 10 will then reconfigure your boot config to disable dual boot, it’ll wipe out GRUB, and now your linux stuff … is still there, but you can’t access it.

…

This isn’t really a direct answer to your question, but MSFT and … more or less, everything it touches, hardware, software… have been making it harder and harder to successfully dual boot Windows and Linux for over a decade now.

If you or others in this thread somehow can figure this out, in a reliably stable way, well, that’s honestly impressive…

But imo, it isn’t worth the effort.

Any game update, or Windows update, or Mobo firmware level BIOS/UEFI update… could blow up your entire solution, because your entire solution basically by definition is actually going to be a hacky workaround that tricks Win 10 into thinking it is Secure Boot mode, when it actually isn’t.

MSFT really, really wants you to use its virtualized version of linux (WSL), or run a linux VM, but keep everything on bare metal Windows.

…

All that being said:

github.com/ryanrudolfoba/SecureBootForSteamDeck

You may or may not be able to get this to work, but absolutely back up your entire linux system and every personal document and file and program on it, back it up to another physical drive of some kind before you do it, as you should expect more or less catastrophic failure if anything goes wrong, like fucking up a ROM flash of a smartphone.

source
- Kazumara@discuss.tchncs.de ⁨2⁩ ⁨weeks⁩ ago
  
  The Steam Deck does not officially support Windows Secure boot.
  
  Of course it has Secure Boot, that’s a required part of the UEFI spec. “Windows Secure Boot” is not a thing.
  
  Basically, Secure Boot means that … no other OS is allowed to boot.
  
  No it means only EFI files that are signed with a known key are loaded. I use secure boot to load my signed GRUB.
  
  What the Steam Deck doesn’t have is the Microsoft signing keys pre-installed in its factory state. If you buy other computers or bare mainboards they usually have this.
  
  source
  - sp3ctr4l@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
    Part 1:
    
    Yep. The Deck and SteamOS have Secure Boot.
    
    I never said they did not.
    
    I said:
    
    The Steam Deck does not officially support Windows Secure boot.
    
    Because…
    
    Basically, Secure Boot means that … no other OS is allowed to boot.
    
    That’s what ‘Secure’ means, to Windows/MSFT.
    
    Not sure if you struggle with reading comprehension in English, but when you read all of this, together, it is obvious that I am saying that the Windows specific implenentation of Secure Boot is exclusionary, only works with Windows.
    
    This is true, by default, unless you do a bunch of other extra work, which is easy to fuck up and likely to fail at some future point, because the way Windows ‘does’ Secure Boot is very different from how basically every other OS does, and will constantly change in subtle and esoteric ways that often result in a user being unable to access any other OS than Windows.
    
    Windows Secure Boot is thus functionally a distinct thing, even if Windows/MSFT act otherwise and insist on confusing and obfuscatory terminology… which they have a long track record of doing with basically all of their software and related nomenclature, for decades.
    
    Part 2:
    
    Yep, which is why I described that in layman’s terms by saying:
    
    maybe unless you have literally physically distinct harddrives/ssds/microsd/usb drives that each OS lives on?
    
    And then do extra steps to tell your now Windows managed BIOS/UEFI that your linux dual boot OS is also ‘safe’ for Windows to allow your sysyem to boot?
    
    Yep, you can do some extra bullshit, and it might work for a while, untill a new Windows update of some kind rewrites your UEFI config, requires some new arcane dependency setting or config of some kind, which then will lock out your non Windows OS.
    
    Yep, other Mobos often come with everything preconfigured for Windows and their specific implenentation of Secure Boot.
    
    The Steam Deck doesn’t, and that is what we are talking about.
    
    Also, its entirely possible and even common for dual boot and linux users to either intentionally or unintentionally wipe out those Windows EFI files, alter the crypotgraphic signing process in some other way, and then you run into this same problem on other Mobos.
    
    source
- Resonosity@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
  Oh yeah, apparently I updated W10 a few months ago accidentally (not even knowing the implications to this) and it wiped GRUB. The only way I’m able to boot into SteamOS now is to power the Deck from OFF into W10, shutdown, boot into BIOS, and select one of the EFI files. Not ideal, but it still works. That’s all I’m looking for for now, that my Steam Deck still functions.
  
  One of the things that’s concerning me long term is that it seems like the Steam Deck can’t fully restart to do system updates. When it does, the Deck boots straight into W10, cancelling out any progress on the updates. There might be a way to fix this, but I’m not a tech guru! (Even though I’m an engineer).
  
  Appreciate the protection recommendations btw. The more I live in a dual boot world, and the more games that release on Steam, the more I’m willing to completely scrap W10. I still enjoy the BFs tho, and Delta Force isn’t a good alternative. As my taste in games change, who knows.
  
  Thanks for the help
  
  source
  - sp3ctr4l@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
    No problem!
    
    Yeah, dual booting Win and Lin is… basically a trap at this point, I first tried to do it over a decade now…
    
    There really is no need anymore, beyond very specific uses cases, to run Windows at all.
    
    Linux caught up and has now exceeded it in basically everyway, as Windows has also enshittified.
    
    I would suggest you look into just switching your Deck over to Bazzite.
    
    From a basic user stand point, it is highly functional and performant, gives you more flexibility and utilities than default SteamOS, and you can even set up a linux container as a dev environment to do linux dev stuff, use Bottles or something if you need something closer to a Windows environment.
    
    Yeah, its still not gonna play those few, super hyped and marketed AAA games… but fuck em, they’re evil corpos, stop giving them your time and money.
    
    …
    
    And I just made another suggestion to you in another comment:
    
    You want BF style game(play)?
    
    TitanFall 2. Still alive, still alive, got a reverse engineered server browser and private servers, runs great on linux via Proton.
    
    source
    -> View More Comments
russjr08@bitforged.space ⁨2⁩ ⁨weeks⁩ ago
As far as I understand, the steps you linked to are currently the only way to do this. Personally, it’s not something I’d be willing to go through. That guide explicitly states that if you accidentally lose the keys, you’re not able to disable Secure Boot.

Additionally, since the SteamOS kernel needs to be signed manually, this seems like you could run into some “fun times” when SteamOS updates the kernel and loses the signature. You’d need to re-sign the image every time the kernel gets updated.

To me, the risks outweigh the rewards - especially since we don’t know how well BF6 runs on the deck. Of course, at the end of the day its a choice you have to make yourself, but that’s my take on the matter.

source
- Resonosity@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
  Yeah I figured this is the end of the rope for Steam Deck Secure Boot. I bumped the Steam post that the creator of the GitHub guide made to see if things have changed since 2022/2023, but I’m not betting on it.
  
  Honestly if I go through with any troubleshooting to fix Secure Boot, it just means I’ll be bending the knee to EA who are a shit company in the first place. I’d rather boycott one of their games for these shitty practices and play some of the older BF games that at least still have server browsers and don’t require Secure Boot (yet).
  
  Risks absolutely outweigh the rewards on this one, 100%. Hate to see so many EA and M$ shills out there defending all this
  
  source
ook@discuss.tchncs.de ⁨2⁩ ⁨weeks⁩ ago
I’ll just start off with some second hand knowledge I cannot promise is correct because I recently learned that secure boot is a bit of a hot mess.

I seem to remember from discussions of recent articles that were about expiration of some widely used keys to run secure boot, that this is something you need to enable when you install your operating system. Unless I misunderstood what people were saying it sounds to me like there is no way to switch it on retroactively, because that pretty much stop your operating system from booting. Similar if you had it on during installation and then switch it off, your system won’t run.

I guess this is to avoid that someone with physical access to your computer can just switch it off, install root kit malware, then switch it back on (or not).

Again. I might be wrong but maybe if you look into that direction you find some more information that helps.

source
- Resonosity@lemmy.dbzer0.com ⁨2⁩ ⁨weeks⁩ ago
  Interesting, hadn’t seen this quirk in my research. Thanks for sharing.
  
  I may be willing to wipe my partitions clean and do a fresh W10 install, but there would need to be a video guide from Bald Sealion or others.
  
  Honestly the more and more I look into this mess, as you rightfully put it, it’s not worth it for 1 game.
  
  source